Using Azure Active Directory Interactive when authenticating from Azure Functions to Azure SQL DB
I'm trying to authenticate access from an Azure function to Azure SQL DB using am Azure Active Directory managed identity and the Active Directory Interactive . I've successfully used the instructions at https://learn.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-connect-msi when trying to authenticate from an app service to Azure SQL DB, but in that case I can set up the authentication provider declaratively in the Web.config file. There seems to be no Web.config file for Azure Functions. How can I programmatically do the same thing as was done declaratively in the Web.config file for Azure Functions? Or is there a simpler approach to use here? I'm trying to avoid embedding secrets or using Key Value to store secrets, and I want a solution where I can still debug Azure Functions locally in Visual Studio, much as I can for app services.
Thanks, --Bonnie
How can I programmatically do the same thing as was done declaratively in the Web.config file for Azure Functions? Or is there a simpler approach to use here?
According to my test, if we want to use Azure MSI to connect Azure SQL in Azure function, please refer to the following steps:
Configure local.setting.json
{
"IsEncrypted": false,
"Values": {
"AzureWebJobsStorage": "<your storage connection string>",
"FUNCTIONS_WORKER_RUNTIME": "dotnet"
},
"ConnectionStrings": {
"SQLConnectionString": "Server=tcp:<server name>.database.windows.net,1433;Initial Catalog=<db name>;"
}
}
-
a. Sign in to Visual Studio and use
Tools>Optionsto open Options.b. Select
Azure Service Authentication, enter your Azure SQL admin account and select OK. develop the function For example
/* please install sdk :
Install-Package Microsoft.Azure.Services.AppAuthentication -Version 1.3.1
Install-Package System.Data.SqlClient -Version 4.6.1
*/
[FunctionName("Function1")]
public static async Task<IActionResult> Run(
[HttpTrigger(AuthorizationLevel.Anonymous, "get", "post", Route = null)] HttpRequest req,
ILogger log)
{
log.LogInformation("C# HTTP trigger function processed a request.");
string str = "SQLConnectionString";
string conStr = GetSqlAzureConnectionString(str);
var azureServiceTokenProvider = new AzureServiceTokenProvider();
string accessToken = await azureServiceTokenProvider.GetAccessTokenAsync("https://database.windows.net/");
var conn = new SqlConnection(conStr);
conn.AccessToken = accessToken;
string result = "";
var sql = "select * from StarWars where episode=1";
using (SqlCommand command = new SqlCommand(sql, conn))
{
conn.Open();
using (SqlDataReader reader = command.ExecuteReader())
{
while (reader.Read()) {
result = reader.GetString(2);
}
}
}
return new OkObjectResult($"Hello, {result}");
}
private static string GetSqlAzureConnectionString(string SQLConnectionString)
{
string conStr = System.Environment.GetEnvironmentVariable($"ConnectionStrings:{SQLConnectionString}", EnvironmentVariableTarget.Process);
if (string.IsNullOrEmpty(conStr)) // Azure Functions App Service naming convention
conStr = System.Environment.GetEnvironmentVariable($"SQLAZURECONNSTR_{SQLConnectionString}", EnvironmentVariableTarget.Process);
return conStr;
}
- Debug the function with Visual Studio. Please note that we need to install Azure Functions Core Tools before our debug it.
Besides, If you want to publish it after you debug, please refer to the following steps
- Create an Azure Function
Configure Azure SQL
a. Use your Azure Sql AD admin to connect Azure SQL vai SSMS
b. Add the MSI to the database you need use
USE [<db name>] GO create user [<function app name>] from external provider ALTER ROLE db_owner ADD MEMBER [<function app name>]Add your connection string in Azure Function app application settings
- What is the ES6 equivalent of Python 'enumerate' for a sequence?
- Java - creating a new thread
- Error 405 when trying create withdrawal order with okx api
- How do I update the snapshots in my React/TypeScript project?
- fs/promises API in TypeScript is not compiling correctly in JavaScript
- How do browser cookie domains work?
- How can I manually edit the list of recently opened files in VS Code?
- Any way to throttle calls to a specific API in Chrome DevTools while leaving others unthrottled?
- how can i close a Get overlay in flutter?
- How to access data from API Payload
- Spring-Data @Version-Property inspection does not work with primitives for Entity State Detection
- Soong UI permission denied AOSP build
- cocotb: access arrays of instances signals
- Why does TypeScript think my type is possibly undefined?
- Filter includes false is not a function
- Unhashable type in FastAPI request
- Learn Python, exercise 6.7
- JGit - Cannot invoke "org.eclipse.jgit.transport.SshSessionFactory.getSession" because "this.sch" is null
- MongoDB,webflux reactive, Springboot 3.3.4,Java21.0.6,Lombok (superbuilder class abstract of abstract) Hibernate not work mapping rep to obj
- Nest.js is giving cors error even when cors is enabled
- Print all local variables in a shell
- getBoundingClientRect returns an empty object
- How to extract r, g, b, a values from CSS color?
- How to use debug log in golang
- How is pi (π) calculated?
- The "list-style-type" style not working inside a :before pseudo-element in Chrome
- How to install extension from "vscode:extension/<extension name>"
- Android Kotlin AES/GCM Decryption javax.crypto.AEADBadTagException
- Install ruby using rbenv's downloaded file
- SQLAlchemy error: "TypeError: Additional arguments should be named <dialectname>_<argument>, got 'nullable'"