question

MulchandaniNitin-5629 avatar image
0 Votes"
MulchandaniNitin-5629 asked JamesTran-MSFT commented

How to use Managed Identity with visual studio user for connecting Cosmos/Storage with Azure Function

I am trying out couple of examples, which talks about using connecting Cosmos and Azure function with using access keys and other example talks about using Function with Azure storage without using Access keys, which are mentioned below

1) Using Cosmos DB with Azure function
https://docs.microsoft.com/en-us/azure/cosmos-db/managed-identity-based-authentication

2) Using Storage with Azure Function

https://docs.microsoft.com/en-us/azure/storage/common/storage-auth-aad-msi

Both the example are working fine, when I try to deploy in Azure, but when I try to run these examples locally they don't work.

In both the examples I get 401 unauthorized. In my visual studio I have added the user through Tools -> Options -> Azure Service Authentication and same user is added a contributor for the above examples

azure-managed-identity
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Just checking in to see if the below answer helped. If this answers your query, please don’t forget to click "Accept the answer" and Up-Vote for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.
Thanks,

0 Votes 0 ·

1 Answer

sikumars avatar image
2 Votes"
sikumars answered JamesTran-MSFT commented

Hello anonymous user,


Thanks for reaching out.

You can't use Managed Identity locally because the security boundary of the managed identity is the Azure resource to which it is attached to. For example, the security boundary for a Virtual Machine with managed identities for Azure resources enabled, is the Virtual Machine. Any code running on that VM, is able to call the managed identities for Azure resources endpoint and request tokens. It is the similar experience with other resources that support managed identities for Azure resources.

To know more about What are managed identities for Azure resources? refer: https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview

Alternative you can register app (service principal) in Azure AD to authentication and acquire a token to access Azure resources through visual studio where code is running locally.

Access keys from an Azure Cosmos DB account with AAD Application:
https://docs.microsoft.com/en-us/azure/cosmos-db/certificate-based-authentication
Access to blob and queue data with AAD Application:
https://docs.microsoft.com/en-us/azure/storage/common/storage-auth-aad-app?toc=%2Fazure%2Fstorage%2Fblobs%2Ftoc.json&tabs=dotnet

Hope this helps


Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

anonymous user
I just wanted to check in and see if you had any other questions or if you were able to resolve this issue?

If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.


Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

0 Votes 0 ·