SignalR Service bindings for Azure Functions
This set of articles explains how to authenticate and send real-time messages to clients connected to Azure SignalR Service by using SignalR Service bindings in Azure Functions. Azure Functions runtime version 2.x and higher supports input and output bindings for SignalR Service.
Action | Type |
---|---|
Handle messages from SignalR Service | Trigger binding |
Return the service endpoint URL and access token | Input binding |
Send SignalR Service messages and manage groups | Output binding |
Install extension
The extension NuGet package you install depends on the C# mode you're using in your function app:
Functions execute in an isolated C# worker process. To learn more, see Guide for running C# Azure Functions in an isolated worker process.
Add the extension to your project by installing this NuGet package.
Install bundle
The SignalR Service extension is part of an extension bundle, which is specified in your host.json project file. When you create a project that targets version 3.x or later, you should already have this bundle installed. To learn more, see extension bundle.
Add dependency
To use the SignalR Service annotations in Java functions, you need to add a dependency to the azure-functions-java-library-signalr artifact (version 1.0 or higher) to your pom.xml file.
<dependency>
<groupId>com.microsoft.azure.functions</groupId>
<artifactId>azure-functions-java-library-signalr</artifactId>
<version>1.0.0</version>
</dependency>
Connections
You can use connection string or Microsoft Entra identity to connect to Azure SignalR Service.
Connection string
For instructions on how to retrieve the connection string for your Azure SignalR Service, see Connection strings in Azure SignalR Service
This connection string should be stored in an application setting with a name AzureSignalRConnectionString
. You can customize the application setting name with the connectionStringSetting
property of the binding configuration.
Identity-based connections
If you're using version 1.7.0 or higher, instead of using a connection string with a secret, you can have the app use an Microsoft Entra identity.
First of all, you should make sure your Microsoft Entra identity has role SignalR Service Owner.
Then you would define settings with a common prefix AzureSignalRConnectionString
. You can customize prefix name with the connectionStringSetting
property of the binding configuration.
In this mode, the settings include following items:
Property | Environment variable template | Description | Required | Example value |
---|---|---|---|---|
Service URI | AzureSignalRConnectionString__serviceUri |
The URI of your service endpoint. When you only configure "Service URI", the extensions would attempt to use DefaultAzureCredential type to authenticate with the service. | Yes | https://mysignalrsevice.service.signalr.net |
Token Credential | AzureSignalRConnectionString__credential |
Defines how a token should be obtained for the connection. This setting should be set to managedidentity if your deployed Azure Function intends to use managed identity authentication. This value is only valid when a managed identity is available in the hosting environment. |
No | managedidentity |
Client ID | AzureSignalRConnectionString__clientId |
When credential is set to managedidentity , this property can be set to specify the user-assigned identity to be used when obtaining a token. The property accepts a client ID corresponding to a user-assigned identity assigned to the application. It's invalid to specify both a Resource ID and a client ID. If not specified, the system-assigned identity is used. This property is used differently in local development scenarios, when credential shouldn't be set. |
No | 00000000-0000-0000-0000-000000000000 |
Resource ID | AzureSignalRConnectionString__managedIdentityResourceId |
When credential is set to managedidentity , this property can be set to specify the resource Identifier to be used when obtaining a token. The property accepts a resource identifier corresponding to the resource ID of the user-defined managed identity. It's invalid to specify both a resource ID and a client ID. If neither are specified, the system-assigned identity is used. This property is used differently in local development scenarios, when credential shouldn't be set. |
No | /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup/providers/Microsoft.SignalRService/SignalR/mysignalrservice |
Note
When using local.settings.json
file at local, Azure App Configuration, or Key Vault to provide settings for identity-based connections, replace __
with :
in the setting name to ensure names are resolved correctly.
For example, AzureSignalRConnectionString:serviceUri
.
Multiple endpoints setting
You can also configure multiple endpoints and specify identity settings per endpoint.
In this case, prefix your settings with Azure__SignalR__Endpoints__{endpointName}
. The {endpointName}
is an arbitrary name assigned by you to associate a group of settings to a service endpoint. The prefix Azure__SignalR__Endpoints__{endpointName}
can't be customized by connectionStringSetting
property.
Property | Environment variable template | Description | Required | Example value |
---|---|---|---|---|
Service URI | Azure__SignalR__Endpoints__{endpointName}__serviceUri |
The URI your service endpoint. When you only configure "Service URI", the extensions would attempt to use DefaultAzureCredential type to authenticate with the service. | Yes | https://mysignalrsevice1.service.signalr.net |
Endpoint Type | Azure__SignalR__Endpoints__{endpointName}__type |
Indicates whether the service endpoint is primary or secondary. If not specified, it defaults to Primary . Valid values are Primary and Secondary , case-insensitive. |
No | Secondary |
Token Credential | Azure__SignalR__Endpoints__{endpointName}__credential |
Defines how a token should be obtained for the connection. This setting should be set to managedidentity if your deployed Azure Function intends to use managed identity authentication. This value is only valid when a managed identity is available in the hosting environment. |
No | managedidentity |
Client ID | Azure__SignalR__Endpoints__{endpointName}__clientId |
When credential is set to managedidentity , this property can be set to specify the user-assigned identity to be used when obtaining a token. The property accepts a client ID corresponding to a user-assigned identity assigned to the application. It's invalid to specify both a Resource ID and a client ID. If not specified, the system-assigned identity is used. This property is used differently in local development scenarios, when credential shouldn't be set. |
No | 00000000-0000-0000-0000-000000000000 |
Resource ID | Azure__SignalR__Endpoints__{endpointName}__managedIdentityResourceId |
When credential is set to managedidentity , this property can be set to specify the resource Identifier to be used when obtaining a token. The property accepts a resource identifier corresponding to the resource ID of the user-defined managed identity. It's invalid to specify both a resource ID and a client ID. If neither are specified, the system-assigned identity is used. This property is used differently in local development scenarios, when credential shouldn't be set. |
No | /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myrg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/myusermanagedidentity |
For more information about multiple endpoints, see Scale SignalR Service with multiple instances
Next steps
For details on how to configure and use SignalR Service and Azure Functions together, refer to Azure Functions development and configuration with Azure SignalR Service.