0

I have setup Azure Service bus to use RBAC and assigned myself a role of "Azure Service Bus Data Owner". I am able to send a message to a queue with:

ServiceBusClient client = new ServiceBusClient("mynamespace.servicebus.windows.net", new AzureCliCredential());
ServiceBusMessage serviceBusMessage = new ServiceBusMessage("my message");
await client.CreateSender("myqueue").SendMessageAsync(serviceBusMessage);

when the message is there, I am trying to run an Azure Function with Service Bus Trigger, like this:

[Function(nameof(MyTrigger))]
public async Task Run(
    [ServiceBusTrigger("myqueue", Connection = "MyServiceBusNamespace")]
    ServiceBusReceivedMessage message,
    ServiceBusMessageActions messageActions)
{
    _logger.LogInformation("Message Body: {body}", message.Body);
    await messageActions.CompleteMessageAsync(message);
    await Task.CompletedTask;
}

with settings like this:

{
    "IsEncrypted": false,
    "Values": {
        "AzureWebJobsStorage": "UseDevelopmentStorage=true",
        "AzureWebJobsSecretStorageType": "Files",
        "FUNCTIONS_WORKER_RUNTIME": "dotnet-isolated",
        "MyServiceBusNamespace": "mynamespace.servicebus.windows.net"
    }
}

Now I get the error upon running the funciton locally:

[2025-02-17T17:22:14.636Z] The listener for function 'Functions.MyTrigger' was unable to start.
[2025-02-17T17:22:14.636Z] The listener for function 'Functions.MyTrigger' was unable to start. Azure.Messaging.ServiceBus: The connection string could not be parsed; either it was malformed or contains no well-known tokens.

How do I use the service bus trigger with Azure Function (not the one with the SAS key but RBAC)?

Improve this question
4
  • forgot to mention that I am able to receive the messages from the topic using console application with ServiceBusClient. Commented Feb 17 at 18:59
  • How are you connecting your function to Service Bus? Local does not have managed identity. You cannot just use "MyServiceBusNamespace": "mynamespace.servicebus.windows.net" . For making it to work, you need to first deploy to azure func, later give rbac to managed idenity, then it works Commented Feb 18 at 3:31
  • Let's see. Since this is me as a user, starting Azure Function locally with Service Bus Queue Trigger, it should use DefaultAzureCredentials (or AzureCliCredentials) to authenticate with Serivice Bus, in the same way as when I am sending a message in the first block of code. So, I am as a user with Entra ID who has "Azure Service Bus Data Owner" role assigned can both send messages to the queue and listen to the messages when running locally using Console application. The problem for me is that when I run Function locally I have not figured out how to set up the function trigger. Commented Feb 18 at 20:29
  • @RithwikBojja: Respectfully, your comment is blatantly incorrect. Assigning the fully qualified namespace directly to the connection name will not work; the trigger will interpret that as a connection string and fail auth. No identity will be used. Commented Feb 18 at 20:56

1 Answer 1

Reset to default
1

To use RBAC with Azure Functions, you must set your host configuration to associate a fully qualified namespace name with the connection name that you're assigning to your trigger.

Using your example:

[Function(nameof(MyTrigger))]
public async Task Run(
    [ServiceBusTrigger("myqueue", Connection = "MyServiceBusNamespace")]
    ServiceBusReceivedMessage message,
    ServiceBusMessageActions messageActions)
{
    _logger.LogInformation("Message Body: {body}", message.Body);
    await messageActions.CompleteMessageAsync(message);
    await Task.CompletedTask;
}

This would look like:

{
  "Values": {
    "MyServiceBusNamespace__fullyQualifiedNamespace": "<service_bus_namespace>.servicebus.windows.net"
  }
}

This is discussed in the trigger docs for identity-based connections.

Under the covers, this is using a DefaultAzureCredential instance. To configure the identity used, you'll want to take a look at the article: Create Microsoft Entra credential types using configuration files.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Yes, this did it for me for running the function locally. Thank you! Just to make sure, when I am running the function locally, in the beginning, I do run az login once, which I assume is picked up by DefaultAzureCredentials and makes the function authorize with Service Bus on some level.
Correct. Unless otherwise configured, DefaultAzureCredential is injected, which is a chained credential that will pick up your local development credentials (including Azure CLI). More details are here: learn.microsoft.com/dotnet/azure/sdk/authentication/…

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.