Run azure functions with queue triggers locally using managed identity

t can be challenging to run locally an azure function using managed identity instead of connection strings. To do so, you have to follow these steps:

• Step 1: Create an Entra Id app registration. For more details see https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-register-app
• Step 2: Create a secret for your app registration. Keep your secret somewhere, you will need it after. To see how to create app registration secrets, see: https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-register-app
• Step 3: You need to create a storage account and a queue. For more information see https://learn.microsoft.com/en-us/azure/storage/common/storage-account-create?tabs=azure-portal and https://learn.microsoft.com/en-us/azure/storage/queues/storage-quickstart-queues-portal
• Step 4: For this app, assign the Storage Blob Data Contributor and Storage Queue Data Contributor roles. To assigned permissions to service principals for storage accounts see https://learn.microsoft.com/en-us/azure/storage/blobs/assign-azure-role-data-access?tabs=portal
• Your function code should like as this:

 [FunctionName("EmailFunction")] public Task RunAsync([QueueTrigger("emails", Connection = "Storage")] string user, ILogger log) {    

return _emailService.Send(user);

}

• The attribute Connection in the QueueStorage attribute indicates that we are grabbing the connection string from the application settings (local.settings.json in case of local development)
• The local.settings.json file should look like the following

 {

    "IsEncrypted": false,

    "Values": {

        "AzureWebJobsStorage__blobServiceUri": "https://[YOUR_STORAGE_ACCOUNT_NAME].blob.core.windows.net",

        "AzureWebJobsStorage__queueServiceUri": "https://[YOUR_STORAGE_ACCOUNT_NAME].queue.core.windows.net",

        "AzureWebJobsStorage__tenantId": “[APP_REGISTRATION_TENANT_ID]”,

        "AzureWebJobsStorage__clientId": "[APP_REGISTRATION_CLIENT_ID]”,

        "AzureWebJobsStorage__clientSecret": “[APP_REGISTRATION_CLIENT_SECRET]”,

        "Storage__queueServiceUri": "https://[YOUR_STORAGE_ACCOUNT_NAME].queue.core.windows.net",

        "Storage__tenantId": "[APP_REGISTRATION_TENANT_ID]",

        "Storage__clientId": "[APP_REGISTRATION_CLIENT_ID]",

        "Storage__clientSecret": "[APP_REGISTRATION_CLIENT_SECRET]”,

        "FUNCTIONS_WORKER_RUNTIME": "dotnet"

    }

}

• Replace [YOUR_STORAGE_ACCOUNT_NAME] by the name of the storage account you have created in step 3
• Replace [APP_REGISTRATION_TENANT_ID] by the tenant id of the app registration created in step 1
• Replace [APP_REGISTRATION_CLIENT_ID] by the client id of the app registration created in step 1
• Replace [APP_REGISTRATION_CLIENT_SECRET] by the client id of the app registration created in step

Enjoy