Http triggered function with Storage input binding error

Question

I have created an azure Http triggered function that has as an Input binding a blob storage account (Storage general purpose v1) because I need to read a particular file when the function gets triggered:

public async Task<IActionResult> ExcelImport(
            [HttpTrigger(AuthorizationLevel.Anonymous, "post", Route = "import")] HttpRequest req,
            [Blob("excel-imports", FileAccess.Read, Connection = "storage-dev")] BlobContainerClient blobContainerClient,
            ILogger log)

Locally testing went fine, everithing worked as a charm, but after deploying to azure cloud, I'm getting this error:

Status: 403 (Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.) ErrorCode: AuthenticationFailed

Additional Information: AuthenticationErrorDetail: The MAC signature found in the HTTP request is not the same as any computed signature. Server used following string to sign: 'PUT

I'm trying to use Managed identity between Functions and Blob storage to perform the authentication so I activated functions Identity option in Azure, and granted access to blob storage at a resource group level. I've also created this configuration in my azure functions app settings (as suggested by the docs): storage-dev__blobServiceUri:

But still I'm having this connection issue. Am I missing anything else here? I need to use only managed identities to perform the authentication between Functions and Blob Storage account

Answer 1

To achieve the above requirement,

You may need to try with without adding any settings in your configuration.

AFAIK, When adding identity in our function no need add settings in our configuration.

For more information please refer the below links:

• MS DOC: Authorize access to blob data with managed identities for Azure resources

• BLOG: Azure Functions and Azure Storage: secure authentication with Managed Identities and without managing keys.