Problem Description
Write a Powershell Function, log in to China Azure and get Azure AD User information, but found that [Error] ERROR: ManagedIdentityCredential authentication failed: An unexpected error occured while fetching the AAD Token. Please contact support with this provided Correlation IdStatus: 500 (Internal Server Error).
problem analysis
Analyze the cause of the error. This is because there is an error when logging in with Powershell. Considering that you are currently logged in to Azure in China, when you log in with Connect-AzAccount, you want to specify -Environment as AzureChinaCloud.
The PowerShell Function App automatically adds the profile.ps1 file to the root directory . The default file content is:
# Azure Functions profile.ps1
#
# This profile.ps1 will get executed every "cold start" of your Function App.
# "cold start" occurs when:
#
# * A Function App starts up for the very first time
# * A Function App starts up after being de-allocated due to inactivity
#
# You can define helper functions, run commands, or specify environment variables
# NOTE: any variables defined that are not environment variables will get reset after the first execution
# Authenticate with Azure PowerShell using MSI.
# Remove this if you are not planning on using MSI or Azure PowerShell.
if ( $env:MSI_SECRET ) {
Disable -AzContextAutosave -Scope Process | Out- Null
Connect -AzAccount- Identity
}
# Uncomment the next line to enable legacy AzureRm alias in Azure PowerShell.
# Enable-AzureRmAlias
# You can also define functions or aliases that can be referenced in any of your PowerShell functions.
PS : If Managed Identity is not enabled, $env:MSI_SECRET is False and the code in profile.ps1 will not be executed.
solution
On the Function App page, click App Service Editor, and modify the profile.ps1 file.
use
Connect-AzAccount -Environment AzureChinaCloud -Identity
replace
Connect-AzAccount-Identity
The screenshot of the operation is as follows:
After modification, go back to the Function –> Code + Test page, and the test problem disappears.
using namespace System.Net
# Input bindings are passed in via param block.
param ( $Request , $TriggerMetadata )
# Write to the Azure Functions log stream.
Write-Host " PowerShell HTTP trigger function processed a request. "
Write -Host $env:MSI_SECRET
# Interact with query parameters or the body of the request.
$name = $Request .Query.Name
if ( -not $name ) {
$name = $Request .Body.Name
}
$body = " This HTTP triggered function executed successfully. Pass a name in the query string or in the request body for a personalized response. "
if ( $name ) {
$body = " Hello, $name. This HTTP triggered function executed successfully. "
}
# login in to azure china
Connect-AzAccount -Environment AzureChinaCloud - identity
# get User information
Get-AzADUser -First 2 -Select 'City' - AppendSelected
# Associate values to output bindings by calling 'Push-OutputBinding'.Push
-OutputBinding -Name Response -Value ([HttpResponseContext]@ {
StatusCode = [HttpStatusCode]:: OK
Body = $body
})
Note: In order for Connect-AzAccount to run successfully, you need to add ‘Az’ = ‘7.*’ in requirements.psd1, so that the instance of Function App installs the Az module. Of course, if you need other Powershell modules in Function, you can add them here.
# This file enables modules to be automatically managed by the Functions service.
# See https://aka.ms/functionsmanageddependency for additional information.
#
@ {
# For latest supported version, go to 'https://www.powershellgallery.com/packages/Az'.
# To use the Az module in your function app, please uncomment the line below.
'Az' = '7. * '
}
