Azure Functions
An Azure service that provides an event-driven serverless compute platform.
Python Function App reads Table Storage as authenticated user
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(16, 43%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
JeffreyCMI
81
Reputation points
I'm trying to create an Azure Function that allows read access to a specified row in Table Storage. (I'll be calling it from some R script that lacks a supported Table Storage SDK, but it's quite easy to call an HTTP-triggered Function from R.)
I want the function to let callers read Storage resources via this function only if their AD account has permissions to do so; in short to use delegated permissions, accessing the Storage API as the signed-in user. The Function uses App Service authentication with Microsoft as identity provider, the registered app has delegated permissions to the Storage user_impersonation permission as described in this tutorial. But this is where I get stuck.
How can my Python function app acquire the correct token and authenticate to the Table Storage client as the user calling the function? There are examples in C#, but I struggle to map that to Python, so I'm looking for a short code example in Python. It would be great if it shows how to access Table Storage while the function app is deployed on Azure, and also in local development.
I've verified that the X-MS-CLIENT-PRINCIPAL-ID request header is coming over correctly, but I don't think I can use that to accomplish this.
Azure Functions
Sign in to answer