Share via

Azure durable functions are not invoked when used with Q trigger using managed identity

Anuraj Rajagopal 0 Reputation points
2024-07-31T09:41:02.9333333+00:00

Working with managed identity with durable functions and is working fine. Once we add the Q trigger function with the same storage account using managed identity then the things are not working.

Issue is the durable functions are not getting invoked and the runtime status is pending.

Also the Q trigger function app is not triggering when the Q have data in it. So need advice like any dependency issue with both durable functions and Q trigger function with managed identity.

If we use only durable or only Q trigger with managed identity - it will work fine. Problem is when we use both.

have assigned all the storage permissions mentioned on the MS document.

Please help advice on this. thanks

Env variables:

User's image

User's image

we followed this document : https://learn.microsoft.com/en-us/azure/azure-functions/durable/durable-functions-configure-durable-functions-with-credentials

 **[FunctionName("Function1")]
   public static async Task<List<string>> RunOrchestrator(
       [OrchestrationTrigger] IDurableOrchestrationContext context)
   {
       var outputs = new List<string>();
       // Replace "hello" with the name of your Durable Activity Function.
       outputs.Add(await context.CallActivityAsync<string>(nameof(SayHello), "Tokyo"));
       outputs.Add(await context.CallActivityAsync<string>(nameof(SayHello), "Seattle"));
       outputs.Add(await context.CallActivityAsync<string>(nameof(SayHello), "London"));
       // returns ["Hello Tokyo!", "Hello Seattle!", "Hello London!"]
       return outputs;
   }
   [FunctionName(nameof(SayHello))]
   public static string SayHello([ActivityTrigger] string name, ILogger log)
   {
       log.LogInformation("Saying hello to {name}.", name);
       Thread.Sleep(3000);
       return $"Hello {name}!";
   }
   [FunctionName("testfunction")]
   public static async Task<HttpResponseMessage> HttpStart(
       [HttpTrigger(AuthorizationLevel.Anonymous, "get", "post")] HttpRequestMessage req,
       [DurableClient] IDurableOrchestrationClient starter,
       ILogger log)
   {
       
       // Function input comes from the request content.
       string instanceId = await starter.StartNewAsync("Function1", null);
       log.LogInformation("Started orchestration with ID = '{instanceId}'.", instanceId);
       return starter.CreateCheckStatusResponse(req, instanceId);
   }

    [FunctionName("qtrigger")]
    public void Run([QueueTrigger("b2b2devpoc", Connection = "QueueConection")]string myQueueItem, ILogger log)
    {
        log.LogInformation($"C# Queue trigger function processed: {myQueueItem}");
    }
Azure Functions
Azure Functions

An Azure service that provides an event-driven serverless compute platform.

Azure Managed Applications
Azure Managed Applications

An Azure service that enables managed service providers, independent software vendors, and enterprise IT teams to deliver turnkey solutions through the Azure Marketplace or service catalog.

Developer technologies | C#
Developer technologies | C#

An object-oriented and type-safe programming language that has its roots in the C family of languages and includes support for component-oriented programming.

0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Amira Bedhiafi 42,046 Reputation points MVP Volunteer Moderator
    2026-05-18T19:30:12.16+00:00

    Hello Anuraj !

    Thank you for posting on MS Learn Q&A.

    From the screenshots you shared AzureWebJobsStorage is configured with managed identity settings but the queue trigger connection only appears to have:

    QueueConection__queueServiceUri

    When your trigger uses:

    [QueueTrigger("b2b2devpoc", Connection = "QueueConection")]

    QueueConection is treated as a separate identity-based connection. It does not automatically inherit the AzureWebJobsStorage__credential or AzureWebJobsStorage__clientId settings.

    For a user assigned managed identity, you can add the same identity settings under the queue connection prefix:

    QueueConection__queueServiceUri = https://<storage-account>.queue.core.windows.net/
QueueConection__credential      = managedidentity
QueueConection__clientId        = <user-assigned-managed-identity-client-id>

    Identity based connections use a shared prefix matching the binding connection value, and for non-AzureWebJobsStorage queue connections the required setting is <CONNECTION_NAME_PREFIX>__queueServiceUri. For user assigned identity, the credential and clientId properties must be added to that same prefix.

    Since you are using the same storage account you need to remove the separate queue connection and use the already configured host storage connection:

    [FunctionName("qtrigger")]
public void Run(
    [QueueTrigger("b2b2devpoc", Connection = "AzureWebJobsStorage")] string myQueueItem,
    ILogger log)
{
    log.LogInformation($"C# Queue trigger function processed: {myQueueItem}");
}

    You may need to remove any old exact AzureWebJobsStorage connection string setting if you moved to identity based storage and don't forget to use supported extensions:

    • Durable Functions extension 2.7.0+
    • Queue extension Microsoft.Azure.WebJobs.Extensions.Storage.Queues version 5.x+
    • Identity based queue connections require the 5.x queue storage extension.

    Also avoid mixing old Microsoft.Azure.WebJobs.Extensions.Storage 4.x with the new split storage packages because this can create binding conflicts.

    Durable Functions uses blobs, queues and tables to coordinate orchestrations and activities. If the host or queue listener cannot authenticate or poll correctly the orchestration start message may be created but the worker never processes it.

    I would first add:

    QueueConection__credential = managedidentity
QueueConection__clientId   = <same-client-id-used-by-AzureWebJobsStorage>

    or switch the queue trigger to Connection = "AzureWebJobsStorage" if it is the same storage account.

    Was this answer helpful?

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.