[Feature Request] Support Managed Identity auth for AzureWebJobsDashboard and AzureWebJobsStorage

Currently we setup connection strings for AzureWebJobsStorage, AzureWebJobsDashboard and WEBSITE_CONTENTAZUREFILECONNECTIONSTRING. It would be great if we could give the managed identity for the function or web app permissions to the appropriate storage account and just provide storage account names here.

While there is security benefits around the managed identity, it’s also a nice thing around the configuration of say an azure function app where in ARM I currently have the same key retrieval three times as:

"AzureWebJobsDashboard": "[concat('DefaultEndpointsProtocol=https;AccountName=', variables('storageAccountName'), ';AccountKey=', listKeys(variables('storageAccountResourceId'),'2015-05-01-preview').key1)]",
"AzureWebJobsStorage": "[concat('DefaultEndpointsProtocol=https;AccountName=', variables('storageAccountName'), ';AccountKey=', listKeys(variables('storageAccountResourceId'),'2015-05-01-preview').key1)]",
"WEBSITE_CONTENTAZUREFILECONNECTIONSTRING": "[concat('DefaultEndpointsProtocol=https;AccountName=', variables('storageAccountName'), ';AccountKey=', listKeys(variables('storageAccountResourceId'),'2015-05-01-preview').key1)]",

For migration, maybe a check for a new configuration variable say ManagedAzureWebJobsStorageAccountName or similar and fallback to storage connection string config and maybe make them mutually exclusive. When this is set, use the managed identity auth and appropriate storage account name from this string config value.

It seems the first place might be in StorageAccountOptions.cs and go from there.

I’d be happy to contribute towards making this happen but open to discussion around it’s downsides, implementation guidance etc etc.