/ManagedIdentityLab

Primary LanguageC#

Welcome to the Managed Identity Lab wiki!

in this lab we will be able to use Managed Identity (User & System) to connect to the following from Function App :

  1. Storage Account.
  2. Key Vault.
  3. SQL DataBase.

This is general overview about what this lab covers

alt text

As you can on the above image we have to sides :

1. Function App or Web App:

Brefily all what you need from App side is to enable the Managed Identity (System or User) and then start using it to have access to one of the above destionions.

I. System Identity

alt text

II. User Identity

alt text

2. Destionion servies (Storage,KV,SQL ..etc )

I. Storage Account all what you need to Add Azure role assignments and azure will take care about the rest of steps .

alt text

II. Key Vault
A. Add Access policies

alt text

B. Select principal : you need to select your App Name (Managed Identity Name)

alt text

III. SQL
  1. Set you login account as Admin .

alt text

  1. Login to SQL DB using this account

alt text

  1. Run the below Query :
DROP USER IF EXISTS [YourAppName]
GO
CREATE USER [YourAppName] FROM EXTERNAL PROVIDER;
ALTER ROLE db_datareader ADD MEMBER [YourAppName];
ALTER ROLE db_datawriter ADD MEMBER [YourAppName];
ALTER ROLE db_ddladmin ADD MEMBER [YourAppName];
GRANT EXECUTE TO [YourAppName];
GO

Note Your local.settings.json should look like this :

{
  "IsEncrypted": false,
  "Values": {
    "AzureWebJobsStorage": "<XX>",
    "FUNCTIONS_WORKER_RUNTIME": "dotnet",
    "sqldb_connection": "Server=tcp:<XX>.database.windows.net,1433;Initial Catalog=<XX>;",
    "AppID": "<XX>",
    "KVURL": "<XX>",
    "StorageURL": "<XX>"
  }
}