Programmatically change System Assigned ID for an App in an Azure App Service
We are in the midst of a Azure tenant/subscription migration. During this migration we are going to lose all of our current system assigned IDs. This means that we will need to manually update each place.
EX: We have app configs pointed at a Key Vault Secret. The KV allows the app access to the secret based on it's system assigned ID. After migration this is all broken and will need rebuilt so access can be restored to the app.
With how many instances we have, this could be a very very long process.
Has anyone come across this issue before? Is this even doable?
I am trying to do this in a .Net7 console app but cannot seem to find out how to access the Webapp's ID settings. I have scoured the SDK documentation and ran in circles with the LLMs to no avail.
I have this accessing the appServicePlan but I do not see a way to go even deeper to get to the app that is in the plan. On top of that I am not even sure if once I do get there I will be able to change the system assigned ID setting.
// Sign into Azure
ArmClient armClient = new ArmClient(credential, subscriptionId);
// Verify a successful login by retrieving the subscription
var loginSuccess = await armClient.GetDefaultSubscription().GetAsync();
SubscriptionResource subscription = await armClient.GetDefaultSubscriptionAsync();
ResourceGroupCollection resourceGroups = subscription.GetResourceGroups();
ResourceGroupResource resourceGroup = await resourceGroups.GetAsync(resourceGroupName);
await foreach(AppServicePlanResource appServicePlan in resourceGroup.GetAppServicePlans())
{
foreach() // I want to get into the app here but I can't seem to find it.
}
Use managed identities to access App Configuration. Azure App Configuration and its .NET Core, .NET Framework, and grant a managed identity access to App Configuration and configure your app to use a managed identity when you connect to App Configuration.
Programmatically changing the system assigned ID for an App in an Azure App Service, you can use the Azure CLI to assign a system-assigned identity to an App Service. And use the Azure CLI to assign a user-assigned identity to an App Service.
Approach-1 To assign a system-assigned identity to an App Service using the Azure CLI
az webapp identity assign --name <app-name> --resource-group <resource-group-name>
To assign a user-assigned identity to an App Service using the Azure CLI
az webapp identity assign --name <app-name> --resource-group <resource-group-name> --identities <user-assigned-identity-resource-id>
And can use the az webapp identity remove command to remove the identity from the App Service.
Approach -2
Using the Get API
https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Web/sites/{name}?api-version=2022-03-01
Using the Update API
https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Web/sites/{name}?api-version=2022-03-01
For more information refer to the MS Docs - Web apps Get and Web Apps-Update.
- Why does an empty preprocessor command still evaluate to something?
- How to implement variable sized array within C struct
- Character array typecasting to integer
- How can I exclude non-numeric keys? CS50 Caesar Pset2
- How to get the sign, mantissa and exponent of a floating point number
- Why do MCU libraries use logic operations instead of bitfield structs?
- What kind of implementation can I use for a static associative array on a vintage system with very limited resources?
- Determine libraries to link against for a windows library function?
- Passing macro values to arm linker that places variable at a specific location
- running a program with wildcards as arguments
- How to perform addition of two vectors of 8-bit integers with a single addition in C/C++
- GNU RISC-V Embedded GCC throws "x ISA extension `xw' must be set with the versions" error
- Counting pulses using a swiss flow meter with an Arduino, how is it done?
- How to create a folder in C (need to run on both Linux and Windows)
- Is there any way to compute the width of an integer type at compile-time?
- How can I initialize all members of an array to the same value?
- Is C notably faster than C++
- How to get the Windows SDK version number a program is compiling with at compile time
- Confused by difference between expression inside if and expression outside if
- Equivalent of atoi for unsigned integers
- k&r: Exercise 1-18. Program takes input but doesnt produce any output?
- Using in C thrd_sleep() to either wait for time or interrupt by signal. Example?
- How can I compute `exp(x)/2` when `x` is large?
- c programming: answer always equates to 0
- Is it possible to access a parameter of a function from another function in C?
- Will this expression evaluate to true or false (1 or 0) in C?
- What Is the Return Value of strcspn() When Str1 Does not Contain Str2?
- Mapping a numeric range onto another
- Signalled and non-signalled state of event
- Why is faster to do a branch than a lookup?