Azure AD authentication for Application Insights is not working in Azure Function #9254
Comments
ghost
added
the
|
I also found this issue (8861) in this project, but it was closed without a proper resolution. |
|
Hi @AliJP, we are working on enabling AAD/ManagedIdentity with ApplicationInsights. This should be available in the July release. |
|
I'm fixing this issue by adding an environment variable "APPLICATIONINSIGHTS_CONNECTION_STRING". This issue should be a code bug from SDK. |
By adding the "APPLICATIONINSIGHTS_CONNECTION_STRING" environment variable, the codeless monitoring by host will be enabled. Based on the Documentation, codeless monitoring for Azure Functions is not supported for use with Azure AD authenticated. To enable Application Insights by SDK, I used a different environment variable to pass the Connection String ("ApplicationInsights__ConnectionString"). Here is my startup code: |
You are right, so let's wait for @RohitRanjanMS to implement it for Azure Functions. |
|
Here's the PR to support ManagedIdentity and ClientSecret credential. I will check if we can support DefaultAzureCredential and VisualStudioCredential as well. |
|
@RohitRanjanMS Thank you for your work! I wonder if there is any timeframe within which support for ManagedIdentity will be provided? |
It would be greate if we can support authentication to Application Insight in Azure Function like other service via the SDK. (This link) Then the developer can provide the Authentication Provider to the Azure Function. Then it would be possible to use DefaultAzureCredential, ManagedIdentityCredential or even a ChainedTokenCredential. |
@RohitRanjanMS: Any updates on this? |
|
@RohitRanjanMS any update on this ? |
|
Hello Team, Thank you so much for your help. Can you please help us on it |
|
Hi Team, Could you please provide ETA to complete this? |
|
Hi Team, I would like to know when Function App SDK is updated to see the logs on Monitoring Blade when its uses Managed Identity Authentication with Application Insights. Please note, one of our customers keenly looking for this feature and I request you to prioritize at your end and confirm with ETA.
Thanks, |
|
Hi all, |
|
Hi all, |
|
|
|
#9758 |
|
@RohitRanjanMS Do you have any guidance on how to reduce or disable the logging of the token retrieval calls when this feature is enabled? Some of our function hosts have finally been updated to the latest version but now our app insights live telemetry is flooded by these calls The above screenshot is for a single function and we have dozens of them linked to a single app insights and these calls keep being made even when most of the functions are just idling. This makes looking at live tracing hard when filtering to a single app and impossible when following logs from multiple functions. |
|
@GABRIELNGBTUC is it possible for you to share a simple repro? |
|
After more testing trying to create a reproduction repo, it appears that the issue may come from the AAD authentication for secure channels to the live metrics. This authentication methods was also implemented around the time our functions host runtime were upgraded by Azure so it would be a more plausible reason since there is a snippet in the docs about that kind of logs being spammed. What is strange now is that if I create a new function and configure it the exact same way, none of those logs are reproduced. If I manage to reproduce I'll update you if it comes from the azure function host or create an issue in the corresponding app insights repo if it comes from the QuickPulse AAD authentication. EDIT: I found an issue with the exact same logs so the issue indeed comes from the application insights SDK microsoft/ApplicationInsights-dotnet#2539 |
|
Please follow the documentation here to enable Entra Authentication. |
|
Thank you so much @RohitRanjanMS |
I am getting the below error when I am trying to use Azure AD authentication for Application Insights in my Azure Function.
Microsoft.ApplicationInsights: The provided tokenCredential must inherit Azure.Core.TokenCredential (Parameter 'tokenCredential').I am getting this error both in my local machine and also in my azure portal as a Functions runtime error.
Investigative information
Repro steps
Here is the code that I wrote in my Startup.Configure:
Expected behavior
The function app can use its managed identity to authenticate and sends telemetry data to application insights.
Actual behavior
As I said in the description I am getting an error that says
ManagedIdentityCredentialis not inherited from theTokenCredentialclass.Known workarounds
Nothing came to my mind.
Related information
After some investigation, I realized that
ReflectionCredentialEnvelopeuses reflection to load theTokenCredentialtype and then uses the type to check if the passed credential object inherits from that type or not. Then I took a look at the loaded modules in the application on my local machine and saw that theAzure.Core.dllis loaded twice with different versions:Also here are all packages that I used in my app function:
The text was updated successfully, but these errors were encountered: