Is there any provision to start/stop an azure function app via Azure Data Factory Web Activity.
Azure Logic Apps is the simplest way to achieve this.
You can call the below Management API to Start/Stop your Azure Function App:
START
POST https://management.azure.com/subscriptions/<SubscriptionID>/resourceGroups/<ResourceGroup>/providers/Microsoft.Web/sites/<FunctionAppName>/start?api-version=2015-08-01
STOP
POST https://management.azure.com/subscriptions/<SubscriptionID>/resourceGroups/<ResourceGroup>/providers/Microsoft.Web/sites/<FunctionAppName>/stop?api-version=2015-08-01
You can use Managed Service Identity authentication to authenticate above request.
Below are some screenshots for your reference:
Once you enable the Managed Identity for your Logic App , It will create a AD Application with the same name of your Logic App Work Flow.
Now Got to your Function App --> Platform Settings --> All Settings --> Access Control (IAM) --> Click on Add(+) button.
Add AD Application (Created with your Logic App Name) and Provide Contributor role and save.
Function can be started based on its trigger. eg. Timer, webhoook etc.
It can be stopped by stopping the function App and existing functions will be stopped
Related
We have a Web API hosted in Azure as an Azure Web App. This API requires an access token from our Azure AD to authenticate. This API works when triggered via http from a client application. However, we need to trigger this API to run on a schedule as well and thought Power Automate would be a useful tool here as we can schedule an authenticated http request (but are open to alternative solutions).
This is the basic flow we were considering:
We have registered the Power Automate flow as an App Registration in our Azure AD, we get a valid access token, however, when we call the API I can see from Application Insights that we are getting an Unauthorized Error because neither scope nor roles are specified in the token claims. How can we call this Azure AD Protected API from Power Automate?
Note:
We are not using azure functions to schedule this job because we
require a predictable IP and we already have a Azure App Service
Plan to host this API.
We need this API to run on a schedule, but also be triggerable via
http
We have tested this in our local environment, it is working fine. The below statements are based on our analysis.
We have created a Web app (running with .NET 6 as run-time stack & windows OS), enabled Application insights & published a sample web application which has 2 pages(home, privacy) from our local Visual Studio code 2022.
In order to call one of the web app pages (privacy) from the Power-automate HTTP trigger, we have enabled Authentication to the web app which has created app registration in the Azure AD with User.Read as Delegated Permission.
Post enabling the Authentication, we are able to call the web app privacy page from power-automate without any issue. All the requests that were triggered from power automate are showing success in the application insights as well.
Here is the sample output for reference:
In the below screenshot, using HTTP trigger we have called the webapp & requested got success even in application insights as well.
Note:
We would suggest you to check whether you have given the correct client id , secret values & app registration permissions (User.Read) in HTTP trigger of power-automate.
When I click on the button to Deploy nothing happens and it say resource not found. I am trying to deploy the Azure App Service for generating the QR code for MFA TOTP.
You can deploy your backend REST API to Azure App Service from the IDE.
If you are using VS Code, please follow below procedure :
Add Azure App Service extension and sign in with your azure account.
Click on deploy to web app and select your subscription.
If the web app is already created, please select your existing web app.
If the web app is not created, please click on create web app ( advanced) and give the web app name.
Select your resource group and select runtime stack. Select OS. Select the location
Select your App Service Plan. You can enable application insights or skip for now.
Your API will be deployed to Azure App Service.
Similar way, you can deploy your REST API to Azure App service using other IDEs like Visual Studio.
I am trying to call a Function app from ADF using MSI.
I have enabled managed identity for ADF as well as have enabled AAD authentication/authorization for Function app.
Now when I make a web call from ADF (with the underlying specification)
I get the following error.
I even added ADF as contributor to Function App.
I must be missing something, but not sure what exactly
First of all, please make sure you selected the Create New AD App option when you configure the function app with Azure AD auth, then azure will do all the configurations for you automatically, this will reduce unnecessary trouble. Also remember to set Authorization level of your function to Anonymous, because we configured the function app with Azure AD auth.
In your case, the error was caused by the wrong Resource, it should be the Application ID URI of the AD App corresponded to the function app, i.e. https://<functionapp-name>.azurewebsites.net(this is configured by azure automatically when you select Create New AD App as mentioned above).
Besides, you should note, if you just do the steps above, all the service principals(MSI is essentially a service principal)/users in your AAD tenant can access the function app, if you just want your MSI to access the function app, then you need to leverage the Azure AD App role, I have posted the details here, if you don't mind this, just ignore the step 2 and step 3, it will also work.
Is there a way to monitor a Logic App application with Azure App Insights ?
NO, Unfortunately, there is no built-in support for Azure Logic Apps. One workaround you can do is to create an Azure Function to log events in your Azure Function subscription, and adding those actions in the key places you want to instrument for your logic app.
I have an ASP.Net Core 2.0 Web App running in an App Service in Azure that has social login configured (Google & Microsoft) according to the following docs:
https://learn.microsoft.com/en-us/aspnet/core/security/authentication/social/microsoft-logins?tabs=aspnetcore2x
https://learn.microsoft.com/en-us/aspnet/core/security/authentication/social/google-logins?tabs=aspnetcore2x
I also have an Azure Function app that gets triggered when a message is written to an Azure Queue. I would like this function app to post the message to a Web API (Controller Action) that is running on the web app above.
How would I go about authenticating from the function app to the web API method? Would I need to somehow call the Azure AD endpoint to get a token for a given username/password?
Ideally, I would want to limit who can call this API method to just a single user account that the function app would use. Alternatively, can I somehow use the new Managed Service Identity feature to authenticate the function app against my web API method in my web app above?
Sorry, am new to API authentication, so just trying to figure out the simplest approach.