0

I’m running an inline C# script in an Azure Logic Apps workflows to get the blob details using DefaultAzureCredential(). I have given 'Storage Blob Data Contributor' to Azure Logic App in Storage Account as well. Its throwing below error message when I am adding managed identity related code in inline C# script:

Error message: "The function 'execute_csharp_script_code.csx' failed with the error 'Exception binding parameter 'context'' when executing. Please verify function code is valid." enter image description here

Its working fine if I am removing managed identity related code from inline script. But from security point of view, we want to use managed identity to get data from storage account.

Can anyone please let us know if its possible to use managed identity in the inline C# script of Azure Logic App? Or any other ways to achieve without compromising security?

Note: We don't want to use Azure Function App

Improve this question
2
  • using DefaultAzureCredential in an inline C# script within Azure Logic Apps (Standard) is causing issues, particularly when adding managed identity-related code. This error suggests that the inline script execution environment may not fully support DefaultAzureCredential or managed identity authentication Commented Jun 13 at 4:39
  • (0r) Use Logic App’s managed identity to authenticate via Azure AD. Call the Azure Storage REST API with HTTP action. - Follow the steps here: - Authenticate with managed identity in Logic Apps - Call Azure Storage using REST with managed identity Commented Jun 13 at 4:40

1 Answer 1

Reset to default
0

This issue arises because the inline C# scripting environment in Logic Apps does not fully support Azure SDK features, especially DefaultAzureCredential, which includes managed identity-based authentication.

The DefaultAzureCredential class attempts to authenticate using a chain of methods, including environment variables, Visual Studio, CLI tokens, and Managed Identity via IMDS endpoint.

However, in Azure Logic Apps (Standard), the inline C# code does not have access to the full runtime environment needed for Managed Identity token acquisition. This leads to the observed failure.Refer to this MSDOC for Azure SDK: DefaultAzureCredential. Additionally, check this MSDOC for Inline code limitations in Logic Apps.

Use Logic App’s Managed Identity with the HTTP action to securely call Azure Storage REST API. Below are the steps to use :

In Azure Portal → Your Logic App (Standard) → Identity → Turn on (System Assigned Managed Identity). Assign Storage Blob Data Contributor to your Logic App's identity on the Storage Account. Then add an HTTP action with Method: GET (or appropriate for your operation) URI:

      https://<storageaccount>.blob.core.windows.net/<container>/<blob>?api-version=2021-12-02

Authentication: Type: Managed Identity Audience: https://storage.azure.com/

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.