I have an app service with a system-assigned managed identity, and a WebJob operating off a queue trigger. If I give the app service an AzureWebJobsStorage connection string, it works, no problem. It grabs the message from the queue and does its stuff. But that's less secure, and thus far I've been unable to get it to work off the managed identity.
I have it using the following settings to provide the info it needs:
AzureWebJobsStorage__accountName: [my storage account name]
AzureWebJobsStorage__credential: ManagedIdentity
It should have everything it needs to use the storage account name and the name of the queue set in the queue trigger (plus permissions to the storage account on the managed identity, I've given it Contributor, Key Vault Secrets User and Storage Queue Data Contributor) to listen to the queue. But it doesn't give any indication that it's doing so. It doesn't give an error, either. It just says "Job host started".
Oh, and I have AzureWebJobsDashboard set, since it seems to be necessary to use the dashboard, but clearly it doesn't use that to interact with the queue.
If it makes any difference, the app service is Windows.
My questions are thus:
- Is there something I'm missing that will get it working? Missing permissions, missing app settings, etc etc
- Will it even work as a WebJob? Everything I've seen online mentions Function apps, and while there's a lot of crossover, strictly speaking, it's a WebJob, not a Function app. At least it's not defined as such in the Azure Portal.
- If it won't work, what are the best alternatives? Previously we had connection strings coming from a Key Vault.
My
appsettings.jsonfile:Make sure you have set the LogLevel.
Thanks @techcommunity for the clear steps.
I have taken references from this blog and followed the same for WebApp.
AzureWebJobsStorage__accountnamesetting in the Environment Variable with a value of your storage account name.and run the Web Job
Output: