Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This set of articles explains how to authenticate and send real-time messages to clients connected to Azure SignalR Service by using SignalR Service bindings in Azure Functions. Azure Functions runtime version 2.x and higher supports input and output bindings for SignalR Service.
| Action | Type |
|---|---|
| Handle messages from SignalR Service | Trigger binding |
| Return the service endpoint URL and access token | Input binding |
| Send SignalR Service messages and manage groups | Output binding |
Install extension
The extension NuGet package you install depends on the C# mode you're using in your function app:
Functions execute in an isolated C# worker process. To learn more, see Guide for running C# Azure Functions in an isolated worker process.
Add the extension to your project by installing this NuGet package.
Install bundle
To be able to use this binding extension in your app, make sure that the host.json file in the root of your project contains this extensionBundle reference:
{
"version": "2.0",
"extensionBundle": {
"id": "Microsoft.Azure.Functions.ExtensionBundle",
"version": "[4.0.0, 5.0.0)"
}
}
In this example, the version value of [4.0.0, 5.0.0) instructs the Functions host to use a bundle version that is at least 4.0.0 but less than 5.0.0, which includes all potential versions of 4.x. This notation effectively maintains your app on the latest available minor version of the v4.x extension bundle.
When possible, you should use the latest extension bundle major version and allow the runtime to automatically maintain the latest minor version. You can view the contents of the latest bundle on the extension bundles release page.
If your app requires you to use a previous extension version, you might need to instead specify a previous bundle version. You can review the bundle releases to locate a bundle that contains a version of this extension that can be used by your app. For more information, see Azure Functions extension bundles. ::: zone-end
Add dependency
To use the SignalR Service annotations in Java functions, you need to add a dependency to the azure-functions-java-library-signalr artifact (version 1.0 or higher) to your pom.xml file.
<dependency>
<groupId>com.microsoft.azure.functions</groupId>
<artifactId>azure-functions-java-library-signalr</artifactId>
<version>1.0.0</version>
</dependency>
Connections
You can use connection string or Microsoft Entra identity to connect to Azure SignalR Service.
Connection string
For instructions on how to retrieve the connection string for your Azure SignalR Service, see Connection strings in Azure SignalR Service
This connection string should be stored in an application setting with a name AzureSignalRConnectionString. You can customize the application setting name with the connectionStringSetting property of the binding configuration.
Identity-based connections
If you're using version 1.7.0 or higher, instead of using a connection string with a secret, you can have the app use an Microsoft Entra identity.
First of all, you should make sure your Microsoft Entra identity has role SignalR Service Owner.
Then you would define settings with a common prefix AzureSignalRConnectionString. You can customize prefix name with the connectionStringSetting property of the binding configuration.
In this mode, the settings include following items:
| Property | Environment variable template | Description | Required | Example value |
|---|---|---|---|---|
| Service URI | AzureSignalRConnectionString__serviceUri |
The URI of your service endpoint. When you only configure "Service URI", the extensions would attempt to use DefaultAzureCredential type to authenticate with the service. | Yes | https://mysignalrsevice.service.signalr.net |
| Token Credential | AzureSignalRConnectionString__credential |
Defines how a token should be obtained for the connection. This setting should be set to managedidentity if your deployed Azure Function intends to use managed identity authentication. This value is only valid when a managed identity is available in the hosting environment. |
No | managedidentity |
| Client ID | AzureSignalRConnectionString__clientId |
When credential is set to managedidentity, this property can be set to specify the user-assigned identity to be used when obtaining a token. The property accepts a client ID corresponding to a user-assigned identity assigned to the application. It's invalid to specify both a Resource ID and a client ID. If not specified, the system-assigned identity is used. This property is used differently in local development scenarios, when credential shouldn't be set. |
No | 00000000-0000-0000-0000-000000000000 |
| Resource ID | AzureSignalRConnectionString__managedIdentityResourceId |
When credential is set to managedidentity, this property can be set to specify the resource Identifier to be used when obtaining a token. The property accepts a resource identifier corresponding to the resource ID of the user-defined managed identity. It's invalid to specify both a resource ID and a client ID. If neither are specified, the system-assigned identity is used. This property is used differently in local development scenarios, when credential shouldn't be set. |
No | /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup/providers/Microsoft.SignalRService/SignalR/mysignalrservice |
Note
When using local.settings.json file at local, Azure App Configuration, or Key Vault to provide settings for identity-based connections, replace __ with : in the setting name to ensure names are resolved correctly.
For example, AzureSignalRConnectionString:serviceUri.
Multiple endpoints setting
You can also configure multiple endpoints and specify identity settings per endpoint.
In this case, prefix your settings with Azure__SignalR__Endpoints__{endpointName}. The {endpointName} is an arbitrary name assigned by you to associate a group of settings to a service endpoint. The prefix Azure__SignalR__Endpoints__{endpointName} can't be customized by connectionStringSetting property.
| Property | Environment variable template | Description | Required | Example value |
|---|---|---|---|---|
| Service URI | Azure__SignalR__Endpoints__{endpointName}__serviceUri |
The URI your service endpoint. When you only configure "Service URI", the extensions would attempt to use DefaultAzureCredential type to authenticate with the service. | Yes | https://mysignalrsevice1.service.signalr.net |
| Endpoint Type | Azure__SignalR__Endpoints__{endpointName}__type |
Indicates whether the service endpoint is primary or secondary. If not specified, it defaults to Primary. Valid values are Primary and Secondary, case-insensitive. |
No | Secondary |
| Token Credential | Azure__SignalR__Endpoints__{endpointName}__credential |
Defines how a token should be obtained for the connection. This setting should be set to managedidentity if your deployed Azure Function intends to use managed identity authentication. This value is only valid when a managed identity is available in the hosting environment. |
No | managedidentity |
| Client ID | Azure__SignalR__Endpoints__{endpointName}__clientId |
When credential is set to managedidentity, this property can be set to specify the user-assigned identity to be used when obtaining a token. The property accepts a client ID corresponding to a user-assigned identity assigned to the application. It's invalid to specify both a Resource ID and a client ID. If not specified, the system-assigned identity is used. This property is used differently in local development scenarios, when credential shouldn't be set. |
No | 00000000-0000-0000-0000-000000000000 |
| Resource ID | Azure__SignalR__Endpoints__{endpointName}__managedIdentityResourceId |
When credential is set to managedidentity, this property can be set to specify the resource Identifier to be used when obtaining a token. The property accepts a resource identifier corresponding to the resource ID of the user-defined managed identity. It's invalid to specify both a resource ID and a client ID. If neither are specified, the system-assigned identity is used. This property is used differently in local development scenarios, when credential shouldn't be set. |
No | /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myrg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/myusermanagedidentity |
For more information about multiple endpoints, see Scale SignalR Service with multiple instances
For optimal security, your function app should use managed identities when connecting to the Azure SignalR service instead of using a connection string, which contains a shared secret key. For more information, see Authorize requests to Azure SignalR Service resources with Microsoft Entra managed identities.
Next steps
For details on how to configure and use SignalR Service and Azure Functions together, refer to Azure Functions development and configuration with Azure SignalR Service.