azure-functions-host: Unable to Retrieve the Azure function keys for functions created in version 2.0

Scenario: We have an Ibiza blade (Iot hUB) )where we are showing a list of all the azure functions in a selected subscription. When selecting the azure function, we are fetching the azure function key. Here is the URI we are using to fetch the key https://myfunctionAppName.scm.azurewebsites.net/api/functions/admin/masterkey

This worked perfectly with the Azure function runtime version 1.0.

But recently with the runtime version 2.0 we started getting 409 error.

{“Message”:“An error has occurred.”,“ExceptionMessage”:“Runtime keys are stored on blob storage. This API doesn’t support this configuration. Please change Environment variable AzureWebJobsSecretStorageType value to ‘Files’. For more info, visit https://aka.ms/funcsecrets",“ExceptionType”:“System.InvalidOperationException”,“StackTrace”:" at Kudu.Core.Functions.FunctionManager.<GetKeyObjectFromFile>d__9`1.MoveNext() in C:\Kudu Files\Private\src\master\Kudu.Core\Functions\FunctionManager.cs:line 141\r\n— End of stack trace from previous location where exception was thrown —\r\n at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)\r\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n at Kudu.Core.Functions.FunctionManager.<GetMasterKeyAsync>d__11.MoveNext() in C:\Kudu Files\Private\src\master\Kudu.Core\Functions\FunctionManager.cs:line 213\r\n— End of stack trace from previous location where exception was thrown —\r\n at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)\r\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n at Kudu.Services.Functions.FunctionController.<GetMasterKey>d__11.MoveNext() in C:\Kudu Files\Private\src\master\Kudu.Services\Functions\FunctionController.cs:line 121”}

I came across this document https://github.com/Azure/azure-functions-host/wiki/Key-management-API but realize that these API requires some auth token, may be because with 2.0 we are moved to a blob storage for keys.

After more finding I found there is a KUDU API to generate the auth token before retrieving the keys. So now I am making following calls

1. Kudu Auth: -https://myfunctionAppName.scm.azurewebsites.net/api/functions/admin/token
2. Get KEY:- https://myfunctionAppName.azurewebsites.net/admin/functions/myfunctionName/keys

Kudu API calls work fine and I GET the token. But when passing the token to second API, I am seeing following error.

Security issue: Request to send auth token to untrusted domain ‘askhura-custom-allocation-app.scm.azurewebsites.net’. Only a fixed set of domains should be configured to receive auth tokens.

Investigative information

Please provide the following:

• Timestamp:
• Function App version (1.0 or 2.0): 2.0
• Function App name: askhura-custom-allocation-app
• Function name(s) (as appropriate): HttpTrigger1
• Invocation ID:
• Region:

Repro steps

Provide the steps required to reproduce the problem:

Getting the error pasted above from my Ibiza blade. Tried to do the same steps in a C# console app. The error I got an unhandled exception that the connection was forcibly closed by the remote host. So didn’t get the exact error.

Note: I am able to run the above two APIs without any issue in a POSTMAN.

Expected behavior

Provide a description of the expected behavior.

Actual behavior

Provide a description of the actual behavior observed.

Known workarounds

Provide a description of any known workarounds.

Related information

Provide any related information

• Programming language used - C#
• Links to source - I am trying to replicate the steps from this blog post https://markheath.net/post/managing-azure-function-keys
• Bindings used