Home NewsX How to disable SAS token on consumption/Premium plan hosted function apps

How to disable SAS token on consumption/Premium plan hosted function apps

by info.odysseyx@gmail.com
0 comment 6 views


As you may know, Azure Files currently does not support identity-based connections. This means that even if you can use identity-based host connections to replace AzureWebjobsStorage, which uses SAS tokens, you cannot remove the file share connection string (WEBSITE_CONTENTAZUREFILECONNECTIONSTRING) that relies on SAS tokens. Therefore, you cannot disable SAS tokens on your storage account.

Now, when creating a function app in a Consumption/EP plan, you have the option to create the app without Azure Files. This scenario allows you to bypass the SAS token requirement for Azure Files and access the storage account using only managed identities.

To run your app without relying on an Azure file share, you must meet the following requirements:

1. Deploy the package to a remote Azure Blob storage container.
2. Set the URL that grants access to the package in the WEBSITE_RUN_FROM_PACKAGE app setting.
This method allows you to store your app content in Blob storage that supports managed identities instead of Azure Files.

Now let’s look at how to change the file share and SAS token connection in the Consumption/EP function app.

1. To create a function app without a file share, you can uncheck the “Add an Azure Files connection” option in the “Storage” panel when creating a function app through the Azure portal.

barbie_bao_0-1722312001708.png

2. After creation, go to the Functions app and activate the ID assigned to the system.

barbie_bao_1-1722312227126.png

3. Go to your Storage account and go to IAM. Assign the Storage Blob Data Contributor role to your function app.

barbie_bao_2-1722312442521.png

4. Create a new blob container to store the zip package of your function app and copy the URL of the file.

barbie_bao_3-1722312591571.png

5. Now go back to your function app and replace the SAS token. Go to Environment Variables and change AzureWebJobsStorage to AzureWebJobsStorage__accountname and set its value to your storage account name. Then set the app to run from a URL by adding an app setting WEBSITE_RUN_FROM_PACKAGE and setting its value to the file URL you copied in the previous step.

barbie_bao_4-1722312759990.png

6. When specifying a URL to read from the app, you must manually sync the trigger after publishing the updated package. You can sync the trigger using one of the following methods:

  • Restart the function app in the Azure portal.
  • Send an HTTP POST request https://{functionappname}.azurewebsites.net/admin/host/synctriggers?code= By using master key.
  • Send an HTTP POST request https://management.azure.com/subscriptions//resourceGroups//providers/Microsoft.Web/sites//syncfunctiontriggers?api-version=2016-08-01. Replace the placeholders with your subscription ID, resource group name, and function app name. This request requires: Access Token at Authorization Request Header.





Source link

You may also like

Leave a Comment

Our Company

Welcome to OdysseyX, your one-stop destination for the latest news and opportunities across various domains.

Newsletter

Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

Laest News

@2024 – All Right Reserved. Designed and Developed by OdysseyX