Azure Function for generating Azure AD Token using .NET core

10 min to read.

Abs07act

Development is a s07uggle, a continuous s07uggle. With serverless this s07uggle is becoming more and more imminent. Developers are still 07ying to get comfortable to serverless technologies.

Azure Function is one of the key serverless offering today on Azure. Azure Function is becoming backbone for many serverless and micro service based applications.

Recently after writing Azure AD token generator using .NET Core; immediately got a lot of requests to make this code run in Azure Function and here we are!

So in this blog we will create Azure Function to generate Azure AD token using .NET core.

Let’s go!

Refer to below diagram [Click to get better view] for overall components used for running this code in Azure Function.




To publish the code of Azure AD token generator using .NET core to Azure Function, I plan to use Visual Studio. Publish operation from Visual studio to Azure Function is deployed as .zip file.

When we create Azure Function, creating an Azure storage account is also important and mandatory step. When we publish code from Visual studio, behind the scene Azure Files share is created in associated storage account and .Zip is actually copied to File Share.

This File Share will then mapped to Azure Function compute behind the scene and then used for running the actual application from Bin folder as shown above.

To get adminis07ative access to runtime of Function keys are used. These keys are stored securely in Blob Storage which also get automatically created in the associated Storage account.

First create Azure function project as shown below in Visual Studio – [click to get better view]




If you have seen the GitHub code of Azure AD Token generator using .NET core, you will observe that entire code is built using Async mechanism and token is also received in async way. When we create Azure Function project by default Azure Function startup method is not async. So let us make it async as shown below – [Click to get better view]



Then copy the code from GitHub and remove all Console specific methods. Instead make all methods to log information as shown in below screenshot – [click to get better view]



After completing code changes, it is time to publish to Azure Function. Either you can create new Azure Function from the Azure portal and specify the same during Publish method or simply create new Resource Group, Function from Visual Studio publish screen itself. In this tutorial, I am creating new Azure Function from Azure Portal as shown below – [click to get better view]




I have created TimerTrigger function. Then click on Publish button of your Azure Function project from Solution Explorer and make sure you select existing Function to create Publish Profile as shown below – [click to get better view]



Then continue further to publish to Azure Function.

Now in above screenshot of Creating profile you might have observed as checkbox – “Run from a package file”.

This is really important. This directly sets the Azure Function to run from package file only. Means your Azure Functions runs directly from a deployment package file in your Function App. By running function from package file you –

       1.      Reduces the risk of file copy locking issues
2.      Improves performance of Function App drastically
3.      Code start time is reduced
4.      Unwanted files are automatically removed from final deployment package.

My current Function app is based on Windows and .NET core therefore in Architecture diagram you might have observed below setting –

WEBSITE_RUN_FROM_PACKAGE = 1

This setting tells Function app to run from package file. You can also view this setting from “Application Settings” tab in Azure Function as shown below – [click to get better view]



I can also write the code Azure function directly in Azure portal editor. However I have seen lot of issues in adding Nuget package reference in Azure function. Deploying from Visual Studio[for .NET code], VS code [all other languages including .NET] makes it easy in all respect; as all dependent assemblies, files get packaged in .zip.


When you deploy the Azure Function from Visual Studio with .zip package deployment; automatically your Azure Function will become read only and will show message as shown below –

Your app is currently in read only mode because you are running from a package file. To make any changes update the content in your zip file and WEBSITE_RUN_FROM_PACKAGE app setting.

Well, this is fine because anyways deployment is governed by Visual Studio. So we don’t need to make any changes in the code from portal. So Function becoming read only is fine. Rest of the platform specific features never become read only.  So I will definitely recommend to deploy the Azure function using VS or VS Code or using DevOps.

After deployment, you can verify that .zip package is actually present in Azure File Share of the storage account and it is mapped to D drive on Kudu Console of Azure Function. See below - [Click to get better view]




Run the Function and you should be able to view the generated Azure AD Token as shown below – [Click to get better view] –




I created TimerTrigger Azure Function to get Azure AD token on timely basis. This is because my next blog is based on Azure API Management monitoring which requires Azure AD token generation on timely basis from Function. You can also use HttpTrigger for Azure Function to generate Azure AD Token. So stay tuned for next blog soon!

Hope this article helped you to get Serverless Azure Function for generating Azure AD token using .NET core. Let me know your views in comments section below to improve and what are your thoughts on this approach.