azure-functions-host
azure-functions-host copied to clipboard
Azure
System managed Identity for "AzureWebJobsStorage__accountName" not working as expected. Throwing permission error
Hello,
I'm trying to change the azure function v4 using C#/.NET 6 to use managed identity to connect into the AzureWebJobsStorage. Following this guideline: https://learn.microsoft.com/en-us/azure/azure-functions/functions-reference?tabs=blob&pivots=programming-language-csharp#connecting-to-host-storage-with-an-identity, I added/updated the identity permissions and, then, I'm disabling the keys from the azure storage to test that it is really using MSI.
When I disable it, it shows the following error:
When I click in details, no data is shown.
Can you help me?
I assume you are using Consumption plan for your Function. If so, you need Azure File Share, which is configured with WEBSITE_CONTENTAZUREFILECONNECTIONSTRING. However, File Share does not support managed identities and you cannot disable keys on storage account:
https://learn.microsoft.com/en-us/azure/azure-functions/functions-app-settings#website_contentazurefileconnectionstring
This setting is required for Consumption and Elastic Premium plan apps running on both Windows and Linux. It's not required for Dedicated plan apps, which aren't dynamically scaled by Functions.
Changing or removing this setting can cause your function app to not start. To learn more, see this troubleshooting article.
Azure Files doesn't support using managed identity when accessing the file share. For more information, see Azure Files supported authentication scenarios.
Thanks for reporting.please check you dedicated plan then it should support or not. as per doc.
Hello @ltdu @bhagyshricompany ,
How do I confirm what plan do I use? I created the resource some time ago and I'm not sure about it.
Also, if I'm using Consumption plan, will be support in the future for Azure File Share using MSI?
