question

Ana-7414 avatar image
0 Votes"
Ana-7414 asked PramodValavala-MSFT commented

statusQueryGetUri and API Management

The setup:
Azure Function with API Management.

Managed Identity is set (https://www.svenmalvik.com/azure-apim-function-msi/). Authentication happens through policy authentication-managed-identity.
All seems to function correctly.
When called Azure Function returns 5 URIs, among them "statusQueryGetUri".


Question:
Before API Management and managed identity, I was able to call statusQueryGetUri using GET method and no credentials (as expected):

 GET <rootUrl>/runtime/webhooks/durabletask/instances/<GUID>
 ?taskHub={taskHub}
 &connection={connection}
 &code={systemKey}


Now I receive 401 (kind of expected).

What authentication or endpoint am I missing?
Would my <rootUrl> change? Should I add the statusQueryGetUri to APIs managed by the API Management?
How should I authorize myself? Client ID and secret?


All pointers welcome!

azure-functionsazure-api-management
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

PramodValavala-MSFT avatar image
0 Votes"
PramodValavala-MSFT answered PramodValavala-MSFT commented

@Ana-7414 You could proxy requests for these endpoints via APIM as well. The redirect-content-urls does this for you out-of-the-box.

For the proxied URLs to work, you will have to define APIs on APIM that forward the requests to your function app using the same managed identity.

If you require, you could completely rewrite the URLs in the body using the set-body policy and define endpoints on APIM that a more REST-like

For example, the endpoints could be /track/{taskHub}/{connection}/{GUID} and you can use the rewrite-uri policy to change it to the one required by functions. The system key could just be a named value since it doesn't really change.


· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi Pramod,

Thank you for the answer. I am not sure if I understand it correctly.

Is re-writing urls necessary?

If not, if I pass just client ID and secret should the call work?

0 Votes 0 ·

@Ana-7414 The re-write aren't necessary but something that is possible if required, which helps masking the fact that Azure Durable Functions are being used and to just make the URLs conform to your own conventions.

0 Votes 0 ·
Ana-7414 avatar image Ana-7414 PramodValavala-MSFT ·

Ok, then how do I authenticate? Without the rewrite?
Passing client id and secret doesn't help

0 Votes 0 ·
Show more comments