Blog Post

Apps on Azure Blog
2 MIN READ

Use managed identity instead of AzureWebJobsStorage to connect a function app to a storage account

Bobi_Bao's avatar
Bobi_Bao
Former Employee
Oct 24, 2022
In a function app, usually we use appsetting AzureWebJobsStorage to connect to storage. This blog shows you how to configure a function app using Azure Active Directory identities instead of secrets ...
Updated Jul 08, 2024
Version 3.0
azure active directory
azure functions
azure paas
Ken_Ren's avatar
Ken_Ren
Copper Contributor
May 20, 2024

Bobi_BaoI enabled the MI for my function app following steps in this guideline exactly but i got

Timestamp : 5/16/2024 9:41:55 AM
Inner Exception Type: Azure.RequestFailedException
Total Occurrences: 148
Latest Exception Message: An unhandled exception has occurred. Host is shutting down.
This request is not authorized to perform this operation using this permission. RequestId:2b0886ed-2003-0091-0d75-a72381000000 Time:2024-05-16T09:41:55.8913985Z
Status: 403 (This request is not authorized to perform this operation using this permission.)
ErrorCode: AuthorizationPermissionMismatch

Content:
AuthorizationPermissionMismatchThis request is not authorized to perform this operation using this permission. RequestId:2b0886ed-2003-0091-0d75-a72381000000 Time:2024-05-16T09:41:55.8913985Z

Headers:
Server: Windows-Azure-Queue/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 2b0886ed-2003-0091-0d75-a72381000000
x-ms-version: 2018-11-09
x-ms-error-code: AuthorizationPermissionMismatch
Date: Thu, 16 May 2024 09:41:55 GMT
Content-Length: 279
Content-Type: application/xml


Full Exception :
 Azure.RequestFailedException : This request is not authorized to perform this operation using this permission.
RequestId:2b0886ed-2003-0091-0d75-a72381000000
Time:2024-05-16T09:41:55.8913985Z
Status: 403 (This request is not authorized to perform this operation using this permission.)
ErrorCode: AuthorizationPermissionMismatch

Content:
AuthorizationPermissionMismatchThis request is not authorized to perform this operation using this permission. RequestId:2b0886ed-2003-0091-0d75-a72381000000 Time:2024-05-16T09:41:55.8913985Z

Headers:
Server: Windows-Azure-Queue/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 2b0886ed-2003-0091-0d75-a72381000000
x-ms-version: 2018-11-09
x-ms-error-code: AuthorizationPermissionMismatch
Date: Thu, 16 May 2024 09:41:55 GMT
Content-Length: 279
Content-Type: application/xml

at async Azure.Storage.Queues.MessagesRestClient.DequeueAsync(Nullable`1 numberOfMessages,Nullable`1 visibilitytimeout,Nullable`1 timeout,CancellationToken cancellationToken)
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at async Azure.Storage.Queues.QueueClient.ReceiveMessagesInternal(Nullable`1 maxMessages,Nullable`1 visibilityTimeout,String operationName,Boolean async,CancellationToken cancellationToken)
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at async Azure.Storage.Queues.QueueClient.ReceiveMessagesAsync(??)
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at async Microsoft.Azure.WebJobs.Extensions.Storage.Common.Listeners.QueueListener.ExecuteAsync(CancellationToken cancellationToken)
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at async Microsoft.Azure.WebJobs.Extensions.Storage.Common.Timers.TaskSeriesTimer.RunAsync(CancellationToken cancellationToken)

As long as i disabled the MI and go back to AzureWebJobsStorage setting the exception disappears. The storage account has already granted the function Blob Storage Account Data Owner Role.

 

We are using virtaul network, could it be the issue here?