Authenticate Azure Function with Azure Web App Using Managed Service Identity

Thank you, happy to hear that and glad you like it! 😀

Souciance Eqdam Rashti Thank you - glad you liked it😀

Thanks for the comment - glad it helps!

@@RahulNath do you have the sample code

@@ChandanKumar-es7bz Have you checked the associated blog post? It has the relevant code www.rahulpnath.com/blog/how-to-authenticate-azure-function-with-azure-web-app-using-managed-service-identity/
Let know if that helps

Awesome - glad you liked it!

Glad it was helpful!

Very happy to hear that! Hope you are liking the other videos.

Glad it helped!

Thank you for the comment and glad you liked it!

Thank you Ashish!

Looks like it is not able to make a successful connection using Managed Identity. Can you check this post and associated video for more details on Managed Identity and setting it up www.rahulpnath.com/blog/defaultazurecredential-from-azure-sdk/
Let me know if you have additional questions.

I got same error. How did you get it resolved?

Glad you liked it!

Thank you very much!

Thank you!

Thank you Vinoth. Is this what you are looking for ?
www.rahulpnath.com/blog/defaultazurecredential-from-azure-sdk/
www.rahulpnath.com/blog/azure-managed-service-identity-and-local-development/
If not , could you please clarify your question.

@@RahulNath Thanks Rahul for your reply. I will come back after working it out. Thanks for sharing this link

Did you try inspecting the token in jwt.io to see what it contains? Can you provide more details on your setup? I'm assuming you don't have any Azure function in the mix (just checking since the comment is under this video 😀)

@@RahulNath Thanks for the video, well explained! However, I have the exact same problem as Fatgamer. Is there a way that i can email you the problem? The JWT doesn't seem to have the scope or claim so obviously the API is rejecting it.

@@arunampk Hard to tell what the problem is - Did you try inspecting the token using jwt.io? Sometimes it might take a few minutes for the claims to reflect.

@@RahulNath The bit which is missing in this video is the AD set up i.e. how to do app registrations etc. I feel i would have been amazing i you shown end to end. Any thoughts Rahul?

@@arunampk Did you get a chance to check this blog post? www.rahulpnath.com/blog/how-to-authenticate-azure-function-with-azure-web-app-using-managed-service-identity/
It explains the AD Setup as well, which is covered as part of a separate video

Hey Shrutika , Any reason you are trying to run it with .NET framework instead of core? This link will help you with the .NET versions and the support for Azure Functions
docs.microsoft.com/en-us/azure/azure-functions/functions-versions?tabs=in-process%2Cv4&pivots=programming-language-csharp&WT.mc_id=AZ-MVP-5003875
Think you will need to be on 1.x function runtime to be able to run it. Let me know if that helps or if you have additional questions.

@@RahulNath lemme try this and get back to you

@@RahulNath I checked the csproj file its v1 net6.0
v4 . Funny part is the same setup runs on my collegues laptop which i set up. not sure whats issue in my system

@@TheShrutika What issue do you see in yours?

Can I attach screenshots somewhere !? So it can be easily understood

To get ManagedIdentity working on a local machine there are a couple of ways. I have written about it here in this blog post-www.rahulpnath.com/blog/azure_managed_service_identity_and_local_development/
DefaultAzureCredential is the new library to be used when getting ManagedIdentity token. You can read more about it here www.rahulpnath.com/blog/defaultazurecredential_from_azure_sdk/
I also have videos on the same, which are linked in the blog posts. Let me know if that helps and if you have any further questions.

Which part are you specifically looking for to debug locally? I did write about Managed Identity local development here www.rahulpnath.com/blog/azure-managed-service-identity-and-local-development/

Thanks Vivek. The API is secured using Managed Identities. Azure is managing the Id/Secret for us in this case. You can read more about it here docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview?WT.mc_id=AZ-MVP-5003875. Anyone who has access to your azure subscription and has the appropraite access to your resources only will be able to do this. Let know if that answers your question and need further info

@@RahulNath I have some follow up questions :-
1. How to provide access to functions apps and other backend and web API's, present in different RGs ?
2. How to provide access to functions apps and other backend and web API's, present in different subscriptions ?
3. Suppose if I have 2 functions Apps(F1 and F2) , for both I have configured System MI as enabled, I want only F1 to access my API and not F2 , how can I control this ?

@@vasuroy6214 Hey Vasu, Within the same tenant you should be able to use Managed Identities. If you are looking at cross tenant then you will not be able to use Managed Identity but will have to use app tokens/Identity Server depending on your setup.

Glad you liked it. Sometimes it takes around 10-15 minutes to reflect. Are you still facing the same error? You can console log the auth token and inspect it in jwt.io/ to check if everything is set up correctly. In case you didn't see it, there is an associated blog post here too www.rahulpnath.com/blog/how-to-authenticate-azure-function-with-azure-web-app-using-managed-service-identity/
Can you double check all your steps and let know if you are still facing the issue?

@@RahulNath Thanks for replying. I am getting access token using MSI but while calling api from function app, I am getting unauthorized and not returning any value from api.

@@RahulNath It worked for me now.. I forgot to add "app.UseAuthentication();" in web api's startup file. Once again thanks !

@@sawarkarashish Awesome glad you sorted it out!

@@sawarkarashish Thanks, this was the issue and was able to run through the steps smoothly. Thanks for the video @Rahul

Sorry Rajesh. didn’t understand. what’s hard coded ?

@@RahulNath when see it @3.13 (video time) client secret has been hard coded over here and on 6.38, after removing, its open to use by anyone.

@@Rajeshsingh-ws5th Which is the whole premise of the video. Continue watching and I show you how to remove needing any secrets. Please hear at 4:35 . Keen, you hear your thoughts.

Also please watch the introduction where I set the context on the video 0:27. I first show the normal way of using it (the client and secret will be moved to config file 4:35 and for demo purposes is shown in the code) and then refactor to use Managed Identity where you don't need any kind of auth and Azure infra takes care of it for you. Hope that clears your question. Happy to help if you have more questions.