How to trigger blob function with user assigned identity

Question

I have created a blob trigger azure function which uses connection string in the code at the moment.

local.settings.json

public static class BlobTrigger_Fun
{
    [FunctionName("BlobTrigger_Fun")]
    public static void Run([BlobTrigger("democontainerazure/{name}", Connection = "AzureWebJobsStorage")]Stream myBlob, string name, ILogger log)
    {
        log.LogInformation($"C# Blob trigger function Processed blob\n Name:{name} \n Size: {myBlob.Length} Bytes");
    }
}

I want to use managed identity to avoid use of connection string in the code.

Not really but just don't want to keep connection string in the code — Sonam Mohite
Don't worry about that, when you publish the function to Azure, the local.settings.json will not be published, it will use the AzureWebJobsStorage app setting of your function app -> Configuration, for the security issue, you can also store the connection string in the keyvault, and reference it in the app setting, refer to this blog zimmergren.net/… Anyway, the MSI could not replace the AzureWebJobsStorage. — Joy Wang
And if you just want to test your code in local, you can use the Storage Emulator directly with "AzureWebJobsStorage": "UseDevelopmentStorage=true" in local.settings.json, refer to eliostruyf.com/… — Joy Wang
@SonamMohite If Joy's answer helps you, please mark his answer to end this question.:) — Cindy Pau

Joy Wang Joy Wang · Accepted Answer · 2020-06-08T02:25:59

No, you can't.

The MSI(managed identity) is not for such usage, it is just used for authenticating to azure services that support Azure AD authentication, the AzureWebJobsStorage is used for azure function runtime, in the function app, the property must be specified as an app setting in the site configuration.

How to trigger blob function with user assigned identity

1 Answers