1

We have an Azure Function app that is currently triggered using a blob trigger. Recently, a new requirement has come up where we need to obtain the user information or any identifier of the user who triggered the blob trigger by uploading a blob to the designated blob storage container.

The scenario we are dealing with involves two types of access methods:

AAD Authentication: When a user is logged in using Azure Active Directory (AAD) authentication and uploads a blob, we need to capture their user information or any identifier associated with their account. Access Key: On the other hand, if the user accesses the Azure Function using an access key directly, we do not need to capture any user information. Our goal is to enable user-specific tracking and logging of blob uploads when AAD authentication is used, but not when accessed via access keys.

Is there any way to achieve this functionality within Azure Functions? If so, how can we implement it? We are open to using any available Azure services or custom solutions to fulfill this requirement.

Thank you for your time and assistance!

youkarthik
  • 151
  • 3

1 Answers1

1

UPDATE: Since this is application specific data, another approach that you could consider is to store metadata about the user as blob properties and on future triggers of the blob, that data would be available to the function.

This is a more controlled approach and allows you to know the details in real time compared to the delay in logs being exported and processed.

You can export the resource logs using diagnostic settings into a log analytics workspace allowing you to query them to get the information that you are looking for.

The steps and how you can get this information is documented in detail in the official docs.

The logs include an AuthenticationType field that allows you to identify how the request was authenticated for and a RequesterObjectId field that contains information on who made that request if it were made using Azure AD.

PramodValavala
  • 6,026
  • 1
  • 11
  • 30
  • Is it possible to automate information capture by querying StorageBlobLogs in the function app trigger code in real-time? – youkarthik Aug 02 '23 at 05:59
  • Yes. Instead of storage, you could [export the logs to an Event Hub](https://learn.microsoft.com/azure/azure-monitor/essentials/resource-logs#send-to-azure-event-hubs) and use an Event Hub triggered Function to process these logs as they are exported. – PramodValavala Aug 02 '23 at 14:45