How to Setup Auth with Managed Identity - Build a CRUD API with Azure Functions and SQL server
Вставка
- Опубліковано 24 чер 2022
- Use managed identity to connect to SQL server from Azure functions. We'll create a CRUD API in two languages: C# and python. The API will read and write from the database. This is a typical use case for microservice architectures and using managed identity saves a lot of configurations and is currently a recommended best practice to secure your workloads. This video also deep dives into explaining how to create data bindings in Azure functions. So this is a part 2 of the authenticate and data bindings videos and goes a lot deeper than the other videos. I'm still figuring out how best to make these videos so let me know if something doesn't make sense or work.
This video is really helpful. This saved my exploration time.
Very good video. I like the schemas you made for architecture purposes. It gives a nice overview.
Crisp and clear 👍🏻👍🏻
Amazing video. Please advise how to create tests for the app?
Where can we find the source code for this?
can you share the git repo - thanks for the video
still in pre-release :(
My SQL SERVERE MANAGED INSTANCE. is on a different resource group and different subscription that of Azure Functions and Data factory can you please tell me how to resolve this. Your help is highly appreciated
You may be able to move your resources across subscriptions and resource groups. In order to find out, open up your group and select "move" on the overview screen. Select the target resource group and then the resources. The system will run a validation and let you know if a move is allowed. Finally select move to start the process.
learn.microsoft.com/en-us/azure/azure-resource-manager/management/move-resource-group-and-subscription#use-the-portal
Where was the authentication. Misleading title
Sorry, I should have been clearer in the content. This video shows how to use AD for identity and then you use RBAC to authorize that identity. The first step is to give the function an identity. You can provide you own identity certificates, or you can let Azure manage the identity lifecycle for you. Once you assign the managed identity, you turn on AD authentication which will validate the identity for every connection. Then on the SQL side, you use RBAC to grant access to that identity. So, the combination of these statements: CREATE USER [FNName] FROM EXTERNAL PROVIDER and ALTER ROLE db_datareader ADD MEMBER [FNName] will grant the identity 'FNName' reader access.