Azure Storage Queue and Managed Identity

Question

I am having trouble connecting my Logic App to an Azure Storage Queue. I followed MS guide for setting it up: https://docs.microsoft.com/en-us/azure/logic-apps/create-managed-service-identity

Here is my test Logic App to post something to my queue:

When my Logic App is triggered I get an error:

AuthenticationFailed.Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.

Why is it requiring me to include an Authorization Header, when I stated that I want to use Managed Identity? As far as I have read on MS docs, the Queues do support Managed Identities.

I saw that the in my screenshots here I didn't have the "/messages" in my URL. So it should be saqueuespoc.queue.core.windows.net/myqueue01/messages. Without '/messages' in the URL in just gives HTTP 405 Unsupported Verb error. So the main solution for HTTP 403 error with using Managed Identity is to include "x-ms-version" in the request like you stated below. — Oliver Nilsen

Jim Xu Jim Xu · Accepted Answer · 2020-05-26T03:18:56

According to my test, if we want to call Azure queue storage rest API with Azure AD auth, we need to specify x-ms-version in the request header and its value should be 2017-11-09 or higher. Otherwise, we will get error 403. For more details, please refer to the document and the document

My test is as below 1. If I do not specify x-ms-version, I get the error

If I specify x-ms-version, it is ok

My request Headers in HTTP action

 "Content-Type": "application/xml",
  "x-ms-date": "@{utcNow('R')}",
  "x-ms-version": "2019-07-07"

Result:

Azure Storage Queue and Managed Identity

2 Answers