Share via

How do I connect a Blob Trigger Azure Function to a storage account different the one in AzureWebJobsStorage app setting?

Stephen Mallin 26 Reputation points
2025-04-16T14:45:27.6733333+00:00

I am writing an Azure Function that needs to monitor a blob storage container and act on new blobs in that container.

The storage account that the blob container I'm monitoring is in is different than the storage account that my function app uses for files and logs. The storage account that my function app uses for files and logs is referenced by account name in the Azure App Setting "AzureWebJobsStorage__accountName". The storage account that the blob container to be monitored is in is stored in app setting "OtherStorageConnection__accountName".

App Settings for discussion in this post:

AzureWebJobsStorage__accountName => storageAccountA

OtherStorageConnection__accountName => storageAccountB

OtherStorageConnection__blobServiceUri => https://storageAccountB.blob.core.windows.net

OtherStorageConnection__credential => managedIdentity

OtherStorageConnection__queueServiceUri => https://storageAccountB.queue.core.windows.net

my function is set up like this:

        [Function("Transfers")]
        public async Task SftpTransfers([BlobTrigger("container-in/{name}", Connection = "OtherStorageConnection", Source = BlobTriggerSource.LogsAndContainerScan)] BlobClient blobClient)
        {
            _logger.LogInformation($"Transfers triggered by blob {blobClient.Name}");
            var storeSuccesful = await _blobService.StoreDocument(blobClient);
            if (storeSuccesful)
            {
                _logger.LogInformation($"Stored blob {blobClient.Name}");
                await _blobService.DeleteBlob(blobClient);
            }
            else
            { 
                _logger.LogError($"Failed to store blob {blobClient.Name}");
            }
            await Task.CompletedTask;
        }

When I deploy my application, I see the following error:

Severity level: Information, Message: Request [xxxxxxxx-a9ad-4eff-b7b9-xxxxxxxxxxxx] GET https://storageAccountA.blob.core.windows.net/?restype=service&comp=properties

Severity level: Warning, Message: Error response [xxxxxxxx-a9ad-4eff-b7b9-xxxxxxxxxxxx] 403 This request is not authorized to perform this operation using this permission. (00.1s)

I wouldn't expect this to succeed, as the System-Assigned MI of the application does not have access to storageAccountA's blob storage. However, what I don't understand is why it is trying to connect to storageAccountA and not storageAccountB as specified in the blob trigger via the Connection parameter.

I know that it is the function initialization that is throwing the error because when I comment out the function attribute and deploy the app, the error does not occur.

I can confirm that neither storageAccountA or the connection string for storageAccountA exists in configuration files anywhere in the code that may be overwriting the deployed app settings.

What do I need to do so that the function monitors storageAccountB instead of storageAccountA?

Azure Functions
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
5,770 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. RithwikBojja 2,325 Reputation points Microsoft External Staff Moderator
    2025-04-22T08:43:44.41+00:00

    Hi @Stephen Mallin ,

    This is obvious that you are getting below error because, when you deploy the Azure function app:

    enter image description here

    The storage account that my function app uses for files and logs is referenced by account name in the Azure App Setting "AzureWebJobsStorage__accountName".

    The error occurs when function app is trying to access the files. These are the deployed files, that the function app is trying to access.

    To resolve this issue, even you need to add the storage account connection string which solves the issue or give rbac role to the function app's managed identity and add the below app settings too:

    AzureWebJobsStorage__blobServiceUri => https://storageAccountA.blob.core.windows.net

    Also you need to add file share too.

    Or just add the connection string as below:

    enter image description here

    Output:

    Now when blob is uploaded, it gets triggered:

    enter image description here

    Function App:

    enter image description here

    For further information refer this Ms-Doc.

    If this answer was helpful, please click "Accept the answer" and mark Yes, as this can help other community members.

    enter image description here

    If you have any other questions or are still experiencing issues, feel free to ask in the "comments" section, and I'd be happy to help.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.