Share via

Unable to trigger function app while using managed identity for the storage account connection

LizyJeywin 20 Reputation points
2025-05-06T05:28:46.1633333+00:00

I am trying to create an Azure Function of BlobTrigger type, which needs to be triggered on dropping files in the storage account say filessa. Due to policy restriction the storage account cannot use shared access key. I am unable to trigger the function app dropping a file into a container. I see intermittently an error in the function app logs No valid combination of account information found.

assembly : Azure.Storage.Blobs, Version=12.23.0.0, Culture=neutral, PublicKeyToken=9279e12e44c8

method : Azure.Storage.StorageConnectionString+<>c.<Parse>b__67_0

outerType : Microsoft.Azure.WebJobs.Host.Indexers.FunctionIndexingException

outerMessage: Error indexing method 'Functions.SPAREventGridBlobTrigger'

innermostMessage: No valid combination of account information found.

I am referring to Configuring Azure Blob Trigger Identity Based Connection and have created the environment settings and assigned required roles to storage accounts (function App's storage account, say fnsa and the storage account, filessa, which is used to upload the file to trigger the function app) as mentioned in this article.

This is my simple code

[Function(nameof(SPAREventGridBlobTrigger))] public async Task Run([BlobTrigger("samples-workitems/{name}", Source = BlobTriggerSource.EventGrid, Connection = "filessa_STORAGE")] Stream stream, string name) { using var blobStreamReader = new StreamReader(stream); var content = await blobStreamReader.ReadToEndAsync(); Console.WriteLine("Hello from Jey Jey Jey"); _logger.LogInformation($"C# Blob Trigger (using Event Grid) processed blob\n Name: {name} \n Data: {content}"); }

I have assigned roles to the storage account filessa Storage Blob Data Owner and Storage Queue Data Contributor for the Azure Function identity.

and assigned roles to the storage account fnsa Storage Blob Data Contributor  for the Azure Function identity.

(Actually I ended up adding many other roles like Storage Account Contributor, Storage Blob Data Reader and similar too to both storage accounts) Please advice me to on the items to be added in the environment settings. 1. the name and value of the connection of the storage account, filessa 2.  the name and value of the connection of the storage account, fnsa 3. other items that needs to be mandatorily added to make it work I have tried added items like 

AzureWebJobsStorage, AzureWebJobsStorage__accountName, AzureWebJobsStorage__blobServiceUri, ..., 

AzureWebJobsfilessa_STORAGE, filessa_STORAGE.

 

I have also referred to this microsoft documentation Tutorial: Trigger Azure Functions on blob containers using an event subscription ; tried adding the EventSubscription in the storage account filessa. The webhook https://FA-SPAREG-FA.azurewebsites.net/runtime/webhooks/blobs?functionName=Host.Functions.SPAREventGridBlobTrigger&code=_MPRFuo9sdEg== in Postman with POST returned back error 

I need a simple function App that triggers on a blob using managed identity.

Please help me with all the required environment settings to be added in the function app in Azure and any other suggestion or  steps I have missed here  to make this work.

Azure Functions
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
5,909 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. RithwikBojja 3,055 Reputation points Microsoft External Staff Moderator
    2025-05-07T03:38:49.51+00:00

    Hi @JAntoni,

    I have used below approach which works for me:

    Firstly, created a function app and deployed below code to Azure:

    Function1.cs:

    using Microsoft.Azure.Functions.Worker;
using Microsoft.Extensions.Logging;

namespace FunctionApp16
{
    public class Function1
    {
        private readonly ILogger<Function1> _logger;

        public Function1(ILogger<Function1> logger)
        {
            _logger = logger;
        }

        [Function(nameof(Function1))]
        public async Task Run([BlobTrigger("testcont/{name}", Connection = "rithcon")] Stream stream, string name)
        {
            using var blobStreamReader = new StreamReader(stream);
            var content = await blobStreamReader.ReadToEndAsync();
            _logger.LogInformation($"C# Blob trigger function Processed blob\n Name: {name} \n Data: {content}");
        }
    }
}

    csproj:

    
<Project Sdk="Microsoft.NET.Sdk">

  <PropertyGroup>

    <TargetFramework>net8.0</TargetFramework>

    <AzureFunctionsVersion>v4</AzureFunctionsVersion>

    <OutputType>Exe</OutputType>

    <ImplicitUsings>enable</ImplicitUsings>

    <Nullable>enable</Nullable>

    <UserSecretsId>4eb345ed-edbe-4419-b5a0-c6d6bb5ae481</UserSecretsId>

  </PropertyGroup>

  <ItemGroup>

    <FrameworkReference Include="Microsoft.AspNetCore.App" />

    <PackageReference Include="Azure.Data.Tables" Version="12.9.1" />

    <PackageReference Include="Azure.Storage.Blobs" Version="12.22.2" />

    <PackageReference Include="Azure.Storage.Files.Shares" Version="12.20.1" />

    <PackageReference Include="Azure.Storage.Queues" Version="12.20.1" />

    <PackageReference Include="Microsoft.Azure.Functions.Worker" Version="2.0.0" />

    <PackageReference Include="Microsoft.Azure.Functions.Worker.Extensions.Http.AspNetCore" Version="2.0.0" />

    <PackageReference Include="Microsoft.Azure.Functions.Worker.Extensions.Storage.Blobs" Version="6.6.0" />

    <PackageReference Include="Microsoft.Azure.Functions.Worker.Sdk" Version="2.0.0" />

    <PackageReference Include="Microsoft.Extensions.Azure" Version="1.7.6" />

    <PackageReference Include="Microsoft.Extensions.Configuration.UserSecrets" Version="8.0.1" />

  </ItemGroup>

  <ItemGroup>

    <None Update="host.json">

      <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>

    </None>

    <None Update="local.settings.json">

      <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>

      <CopyToPublishDirectory>Never</CopyToPublishDirectory>

    </None>

  </ItemGroup>

  <ItemGroup>

    <Using Include="System.Threading.ExecutionContext" Alias="ExecutionContext" />

  </ItemGroup>

</Project>

    Program.cs:

    
using Microsoft.Azure.Functions.Worker.Builder;

using Microsoft.Extensions.Hosting;

var builder = FunctionsApplication.CreateBuilder(args);

builder.ConfigureFunctionsWebApplication();

builder.Build().Run();

    Screenshot 2025-05-07 084235

    rithcon is connection name given in code.

    rithtest123 is the storage account name.

    Then in Environment Variables added below values:

    rithcon__accountName---->rithtest123
rithcon__blobServiceUri---->https://rithtest123.blob.core.windows.net
rithcon__credential---->managedIdentity

    enter image description here

    Enabled Managed Identity as below:

    enter image description here

    Given Below Roles to Managed Identity of Function App in Storage Account:

    enter image description here

    Then Uploaded Blob:

    enter image description here

    The Function app gets triggered:

    enter image description here

    Try to follow above approach as it gives desired results using correct values in Environment Variables and also others settings and Roles.

    If this answer was helpful, please click "Accept the answer" and mark Yes, as this can help other community members.

    enter image description here

    If you have any other questions or are still experiencing issues, feel free to ask in the "comments" section, and I'd be happy to help.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.