How to Invoke Azure Function App with Managed Identity

This guide will explain the process of generating an access token using a system-managed identity in order to invoke a Function App.

Prerequisite

• Existing Function App
• Existing App Service

Getting Started

1. Enable Authentication in Function App

Navigate to your Function App in the left pane ➜ Authentication ➜ Add Identity Provider.

Select Microsoft as your Identity Provider and ensure that you choose the “Required Authentication” option to enforce the requirement of providing an access token during invocation.

2. Enable the system-managed identity for the App Service.

For this guide, I am using App Service as the entity that will access my function apps.

To enable identity, navigate to your App Service in the left pane → then go to “Identity” → select “On”.

3. Generate Access Token

For the generation of an access token, I used a web job for demonstration purposes. Kindly copy and paste the script below and upload the PowerShell script as a web job.

Note: Ensure that you replace the APPLICATION ID with your resource’s ID.

$response = Invoke-RestMethod -Method Get -Headers @{"X-IDENTITY-HEADER"="$env:IDENTITY_HEADER"} `
    -Uri "$( $env:IDENTITY_ENDPOINT )?resource=<APPLICATION ID>&api-version=2019-08-01"    
$response.access_token

To obtain the application ID:

Go to the Active Directory of your Function App → Click on “Expose an API” → Look for the “Application ID URI” section.

4. Invoke Function App

If you invoke your function without providing an access token, expect to receive a 401 Unauthorized status. If you receive this error, then you’re in the right place.

Now, let’s generate an access token and invoke the function. To obtain the access token, run the web job you created in Step 3 and use the generated token to invoke your function.

Once you have copied the token, you can attempt to invoke the function URL again and expect to receive a 200 status code indicating a successful invocation.

Thank you for taking the time to read my article. If you found it enjoyable, please consider showing your appreciation by clapping and following. Your support will motivate me to create more guides in the future that are based on real scenarios in the IT world.☺️☺️☺️

Is my blog putting a smile on your face? If so, why not treat me to a coffee to keep the good times brewing? Your java generosity not only perks up my day but also fuels my blogging mojo. And if this brings a laugh to your day, apologies in advance for the ‘tita’ jokes!