{"id":41471,"date":"2023-09-18T01:00:36","date_gmt":"2023-09-18T08:00:36","guid":{"rendered":"https:\/\/devblogs.microsoft.com\/premier-developer\/?p=41471"},"modified":"2023-09-13T12:08:00","modified_gmt":"2023-09-13T19:08:00","slug":"configuring-azure-blob-trigger-identity-based-connection","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/premier-developer\/configuring-azure-blob-trigger-identity-based-connection\/","title":{"rendered":"Configuring Azure Blob Trigger Identity Based Connection"},"content":{"rendered":"<p>So want to connect your blob triggered function to a storage account, but you don\u2019t want to put your connection string or secrets into the configuration?\u00a0 <a href=\"https:\/\/www.linkedin.com\/in\/another-redman\/\">Andrew Redman<\/a> explores how to do it in this blog post.<\/p>\n<hr \/>\n<h1 id=\"toc-hId--1935106497\">What\u2019s the problem?<\/h2>\n<p>You want to connect your blob triggered function to a storage account, but you don\u2019t want to put your connection string or secrets into the configuration.\u00a0 Prior to Azure Blobs extension 5.0.0, this was your only option, but not anymore.\u00a0 With these later versions you can now connect to your storage account using a managed identity.\u00a0 Here are the simple steps involved to make this happen.<\/p>\n<h1 id=\"toc-hId-552406336\"><\/h2>\n<h1 id=\"toc-hId--1255048127\">The Setup<\/h2>\n<p>We have the following resources that we are using to demonstrate this setup.<\/p>\n<ul>\n<li>Azure Function, v4 with a managed identity.\u00a0 You will just need to make sure you are using\u00a0<a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/azure-functions\/functions-reference?tabs=blob#configure-an-identity-based-connection\" target=\"_blank\" rel=\"noopener noreferrer\">Azure Blobs extension version 5.0.0 or later<\/a>.\u00a0 You can install this extension using\u00a0<a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/azure-functions\/functions-develop-vs#add-bindings\" target=\"_blank\" rel=\"noopener noreferrer\">NuGet tools<\/a>\u00a0(Visual Studio) or the\u00a0<a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/azure-functions\/functions-develop-vs-code?tabs=csharp#install-binding-extensions\" target=\"_blank\" rel=\"noopener noreferrer\">.NET Core CLI<\/a>\u00a0(Visual Studio Code) for C#, if you are using a Non-.NET language the\u00a0<a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/azure-functions\/functions-bindings-register#extension-bundles\" target=\"_blank\" rel=\"noopener noreferrer\">extension bundles<\/a>\u00a0are recommended. \u00a0You will need at least Bundle version 3.x which contains the 5.x versions of the extensions.\u00a0 You can see which extensions are in Bundle version 3.x from the\u00a0<a href=\"https:\/\/github.com\/Azure\/azure-functions-extension-bundles\/blob\/v3.x\/src\/Microsoft.Azure.Functions.ExtensionBundle\/extensions.json\" target=\"_blank\" rel=\"noopener noreferrer\">extensions file<\/a>.<\/li>\n<li>Storage Account with a container\n<ul>\n<li>In our example we will be using a different storage account than the one that is created with our function by default.\u00a0 That one is usually denoted as the \u2018AzureWebJobsStorage\u2019 account in the configuration.\u00a0 As a side note, you can also connect to that storage account using a Managed Identity.\u00a0 You can find the documentation for that\u00a0<a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/azure-functions\/functions-reference?tabs=blob#connecting-to-host-storage-with-an-identity\" target=\"_blank\" rel=\"noopener noreferrer\">here<\/a>\u00a0as well as a blog on that specific subject\u00a0<a href=\"https:\/\/techcommunity.microsoft.com\/t5\/apps-on-azure-blog\/use-managed-identity-instead-of-azurewebjobsstorage-to-connect-a\/ba-p\/3657606\" target=\"_blank\" rel=\"noopener\">here<\/a>.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2 id=\"toc-hId--564486653\"><\/h2>\n<h2 id=\"toc-hId-1923026180\">Azure Function App<\/h2>\n<p>You will need to make sure you have a function app created that you can use.\u00a0 How it is created does not matter; however, you do need to ensure a few of the settings are appropriately configured.\u00a0 First is you need to ensure the system assigned managed identity is enabled.\u00a0 You will also need to update the storage account connection name to match the connection name in your trigger.<\/p>\n<p>&nbsp;<\/p>\n<p>Please see the Step-by-Step below to see this in action, but the convention for this setting is \u2018&lt;CONNECTION_NAME&gt;__serviceUri\u2019.\u00a0 If this is a new function, then you can add the new setting using the CONNECTION_NAME you have configured in your code, but if it is an existing function that is using a connection string, you will want to replace it with this new setting.\u00a0 If you want to dig deeper into the details, check out the full document on\u00a0<a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/azure-functions\/functions-bindings-storage-blob-trigger?pivots=programming-language-csharp&amp;tabs=python-v2%2Cin-process#identity-based-connections\" target=\"_blank\" rel=\"noopener noreferrer\">setting up identity-based connections for Azure Blog storage triggers<\/a>.<\/p>\n<p>Continue reading\u00a0<a href=\"https:\/\/techcommunity.microsoft.com\/t5\/healthcare-and-life-sciences\/configuring-azure-blob-trigger-identity-based-connection\/ba-p\/3849291\" target=\"_blank\" rel=\"noopener\">Andrew\u2019s full post over in the Healthcare and Life Sciences Technical Community<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>So want to connect your blob triggered function to a storage account, but you don\u2019t want to put your connection string or secrets into the configuration?\u00a0 Andrew Redman explores how to do it in this blog post. What\u2019s the problem? You want to connect your blob triggered function to a storage account, but you don\u2019t [&hellip;]<\/p>\n","protected":false},"author":582,"featured_media":41472,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[25],"tags":[156,240,10646],"class_list":["post-41471","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-azure","tag-azure-functions","tag-identity","tag-managed-identity"],"acf":[],"blog_post_summary":"<p>So want to connect your blob triggered function to a storage account, but you don\u2019t want to put your connection string or secrets into the configuration?\u00a0 Andrew Redman explores how to do it in this blog post. What\u2019s the problem? You want to connect your blob triggered function to a storage account, but you don\u2019t [&hellip;]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/premier-developer\/wp-json\/wp\/v2\/posts\/41471","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/premier-developer\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/premier-developer\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/premier-developer\/wp-json\/wp\/v2\/users\/582"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/premier-developer\/wp-json\/wp\/v2\/comments?post=41471"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/premier-developer\/wp-json\/wp\/v2\/posts\/41471\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/premier-developer\/wp-json\/wp\/v2\/media\/41472"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/premier-developer\/wp-json\/wp\/v2\/media?parent=41471"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/premier-developer\/wp-json\/wp\/v2\/categories?post=41471"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/premier-developer\/wp-json\/wp\/v2\/tags?post=41471"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}