I have setup Azure Service bus to use RBAC and assigned myself a role of "Azure Service Bus Data Owner". I am able to send a message to a queue with:

ServiceBusClient client = new ServiceBusClient("mynamespace.servicebus.windows", new AzureCliCredential());
ServiceBusMessage serviceBusMessage = new ServiceBusMessage("my message");
await client.CreateSender("myqueue").SendMessageAsync(serviceBusMessage);

when the message is there, I am trying to run an Azure Function with Service Bus Trigger, like this:

[Function(nameof(MyTrigger))]
public async Task Run(
    [ServiceBusTrigger("myqueue", Connection = "MyServiceBusNamespace")]
    ServiceBusReceivedMessage message,
    ServiceBusMessageActions messageActions)
{
    _logger.LogInformation("Message Body: {body}", message.Body);
    await messageActions.CompleteMessageAsync(message);
    await Task.CompletedTask;
}

with settings like this:

{
    "IsEncrypted": false,
    "Values": {
        "AzureWebJobsStorage": "UseDevelopmentStorage=true",
        "AzureWebJobsSecretStorageType": "Files",
        "FUNCTIONS_WORKER_RUNTIME": "dotnet-isolated",
        "MyServiceBusNamespace": "mynamespace.servicebus.windows"
    }
}

Now I get the error upon running the funciton locally:

[2025-02-17T17:22:14.636Z] The listener for function 'Functions.MyTrigger' was unable to start.
[2025-02-17T17:22:14.636Z] The listener for function 'Functions.MyTrigger' was unable to start. Azure.Messaging.ServiceBus: The connection string could not be parsed; either it was malformed or contains no well-known tokens.

How do I use the service bus trigger with Azure Function (not the one with the SAS key but RBAC)?

I have setup Azure Service bus to use RBAC and assigned myself a role of "Azure Service Bus Data Owner". I am able to send a message to a queue with:

ServiceBusClient client = new ServiceBusClient("mynamespace.servicebus.windows", new AzureCliCredential());
ServiceBusMessage serviceBusMessage = new ServiceBusMessage("my message");
await client.CreateSender("myqueue").SendMessageAsync(serviceBusMessage);

when the message is there, I am trying to run an Azure Function with Service Bus Trigger, like this:

[Function(nameof(MyTrigger))]
public async Task Run(
    [ServiceBusTrigger("myqueue", Connection = "MyServiceBusNamespace")]
    ServiceBusReceivedMessage message,
    ServiceBusMessageActions messageActions)
{
    _logger.LogInformation("Message Body: {body}", message.Body);
    await messageActions.CompleteMessageAsync(message);
    await Task.CompletedTask;
}

with settings like this:

{
    "IsEncrypted": false,
    "Values": {
        "AzureWebJobsStorage": "UseDevelopmentStorage=true",
        "AzureWebJobsSecretStorageType": "Files",
        "FUNCTIONS_WORKER_RUNTIME": "dotnet-isolated",
        "MyServiceBusNamespace": "mynamespace.servicebus.windows"
    }
}

Now I get the error upon running the funciton locally:

[2025-02-17T17:22:14.636Z] The listener for function 'Functions.MyTrigger' was unable to start.
[2025-02-17T17:22:14.636Z] The listener for function 'Functions.MyTrigger' was unable to start. Azure.Messaging.ServiceBus: The connection string could not be parsed; either it was malformed or contains no well-known tokens.

How do I use the service bus trigger with Azure Function (not the one with the SAS key but RBAC)?

• azure-functions
• azureservicebus
• rbac

• fot to mention that I am able to receive the messages from the topic using console application with ServiceBusClient. – tridy Commented Feb 17 at 18:59
• How are you connecting your function to Service Bus? Local does not have managed identity. You cannot just use "MyServiceBusNamespace": "mynamespace.servicebus.windows" . For making it to work, you need to first deploy to azure func, later give rbac to managed idenity, then it works – RithwikBojja Commented Feb 18 at 3:31
• Let's see. Since this is me as a user, starting Azure Function locally with Service Bus Queue Trigger, it should use DefaultAzureCredentials (or AzureCliCredentials) to authenticate with Serivice Bus, in the same way as when I am sending a message in the first block of code. So, I am as a user with Entra ID who has "Azure Service Bus Data Owner" role assigned can both send messages to the queue and listen to the messages when running locally using Console application. The problem for me is that when I run Function locally I have not figured out how to set up the function trigger. – tridy Commented 2 days ago
• @RithwikBojja: Respectfully, your comment is blatantly incorrect. Assigning the fully qualified namespace directly to the connection name will not work; the trigger will interpret that as a connection string and fail auth. No identity will be used. – Jesse Squire Commented 2 days ago

1 Answer 1

To use RBAC with Azure Functions, you must set your host configuration to associate a fully qualified namespace name with the connection name that you're assigning to your trigger.

Using your example:

[Function(nameof(MyTrigger))]
public async Task Run(
    [ServiceBusTrigger("myqueue", Connection = "MyServiceBusNamespace")]
    ServiceBusReceivedMessage message,
    ServiceBusMessageActions messageActions)
{
    _logger.LogInformation("Message Body: {body}", message.Body);
    await messageActions.CompleteMessageAsync(message);
    await Task.CompletedTask;
}

This would look like:

{
  "Values": {
    "MyServiceBusNamespace__fullyQualifiedNamespace": "<service_bus_namespace>.servicebus.windows"
  }
}

This is discussed in the trigger docs for identity-based connections.

Under the covers, this is using a DefaultAzureCredential instance. To configure the identity used, you'll want to take a look at the article: Create Microsoft Entra credential types using configuration files.