You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
# Tutorial: Use a managed identity to invoke Azure Functions from an Azure Spring Apps app
@@ -25,7 +25,7 @@ Both Azure Functions and App Services have built in support for Azure Active Dir
25
25
- An Azure subscription. If you don't have a subscription, create a [free account](https://azure.microsoft.com/free/) before you begin.
26
26
-[Azure CLI](/cli/azure/install-azure-cli) version 2.45.0 or higher.
27
27
-[Apache Maven](https://maven.apache.org/download.cgi) version 3.0 or higher.
28
-
-[Install the Azure Functions Core Tools](../azure-functions/functions-run-local.md#install-the-azure-functions-core-tools) version 3.0.2009 or higher.
28
+
-[Install the Azure Functions Core Tools](../azure-functions/functions-run-local.md#install-the-azure-functions-core-tools) version 4.x.
29
29
30
30
## Create a resource group
31
31
@@ -62,7 +62,7 @@ az functionapp create \
62
62
--os-type windows \
63
63
--runtime node \
64
64
--storage-account <storage-account-name> \
65
-
--functions-version 3
65
+
--functions-version 4
66
66
```
67
67
68
68
Make a note of the returned `hostNames` value, which is in the format *https://\<your-functionapp-name>.azurewebsites.net*. Use this value in the Function app's root URL for testing the Function app.
@@ -75,18 +75,28 @@ Use the following steps to enable Azure Active Directory authentication to acces
75
75
1. In the navigation pane, select **Authentication** and then select **Add identity provider** on the main pane.
76
76
1. On the **Add an identity provider** page, select **Microsoft** from the **Identity provider** dropdown menu.
77
77
78
-
:::image type="content" source="media/spring-cloud-tutorial-managed-identities-functions/add-identity-provider.png" alt-text="Screenshot of the Azure portal showing the Add an identity provider page with Microsoft highlighted in the identity provider dropdown menu." lightbox="media/spring-cloud-tutorial-managed-identities-functions/add-identity-provider.png":::
78
+
:::image type="content" source="media/tutorial-managed-identities-functions/add-identity-provider.png" alt-text="Screenshot of the Azure portal showing the Add an identity provider page with Microsoft highlighted in the identity provider dropdown menu." lightbox="media/tutorial-managed-identities-functions/add-identity-provider.png":::
79
79
80
80
1. Select **Add**.
81
81
1. For the **Basics** settings on the **Add an identity provider** page, set **Supported account types** to **Any Azure AD directory - Multi-tenant**.
82
82
1. Set **Unauthenticated requests** to **HTTP 401 Unauthorized: recommended for APIs**. This setting ensures that all unauthenticated requests are denied (401 response).
83
83
84
-
:::image type="content" source="media/spring-cloud-tutorial-managed-identities-functions/identity-provider-settings.png" alt-text="Screenshot of the Azure portal showing the settings page for adding an identity provider. This page highlights the 'supported account types' setting set to the 'Any Azure AD directory Multi tenant' option and also highlights the 'Unauthenticated requests' setting set to the 'HTTP 401 Unauthorized recommended for APIs' option." lightbox="media/spring-cloud-tutorial-managed-identities-functions/identity-provider-settings.png":::
84
+
:::image type="content" source="media/tutorial-managed-identities-functions/identity-provider-settings.png" alt-text="Screenshot of the Azure portal showing the settings page for adding an identity provider. This page highlights the 'supported account types' setting set to the 'Any Azure AD directory Multi tenant' option and also highlights the 'Unauthenticated requests' setting set to the 'HTTP 401 Unauthorized recommended for APIs' option." lightbox="media/tutorial-managed-identities-functions/identity-provider-settings.png":::
85
85
86
86
1. Select **Add**.
87
87
88
88
After you add the settings, the Function app restarts and all subsequent requests are prompted to sign in through Azure AD. You can test that unauthenticated requests are currently being rejected with the Function app's root URL (returned in the `hostNames` output of the `az functionapp create` command). You should then be redirected to your organization's Azure Active Directory sign-in screen.
89
89
90
+
You need the Application ID and the Application ID URI for later use. In the Azure portal, navigate to the Function app you created.
91
+
92
+
To get the Application ID, select **Authentication** in the navigation pane, and then copy the **App (client) ID** value for the identity provider that includes the name of the Function app.
93
+
94
+
:::image type="content" source="media/tutorial-managed-identities-functions/function-authentication.png" alt-text="Screenshot of the Azure portal showing the Authentication page for a Function app, with the Function app name highlighted in the Identity provider." lightbox="media/tutorial-managed-identities-functions/function-authentication.png":::
95
+
96
+
To get the Application ID URI, select **Expose an API** in the navigation pane, and then copy the **Application ID URI** value.
97
+
98
+
:::image type="content" source="media/tutorial-managed-identities-functions/function-expose-api.png" alt-text="Screenshot of the Azure portal showing the Expose an API page for a Function app with the Application ID URI highlighted." lightbox="media/tutorial-managed-identities-functions/function-expose-api.png":::
99
+
90
100
## Create an HTTP triggered function
91
101
92
102
In an empty local directory, use the following commands to create a new function app and add an HTTP triggered function.
@@ -173,6 +183,7 @@ This sample invokes the HTTP triggered function by first requesting an access to
0 commit comments