User assigned identity
- let the function app to read/manage azure resources
- can be assigned to multiple resources and we have more flexibility when using user-assigned identity
System assigned identity
- let the function app to connect to sql db using its own identity instead of username + password, which is less secure
- solely used by one resource
- with this, SQL_CONNECTION_STRING in configuration doesn't require to contain username or password. Instead, it sets Authentication to Active Directory Managed Identity
- to be able to use this, you should
1.enable function app system assigned identity by clicking Identity> Status On
2.add user assigned identity
***NOTE: make sure to change IdentityId in configuration to the client (applicaton) Id of the user assigned identity
3.update SQL_CONNECTION_STRING in configuration to use Active Directory Managed Identity
4.In sql db, create a function app as sql user and make it as db_owner
CREATE USER [function app name]
FROM EXTERNAL PROVIDER
WITH DEFAULT_SCHEMA = dbo;
ALTER ROLE db_owner ADD MEMBER [function app name];
5.you can test your function code by clicking your function app > Code+Test > Test/Run > Run
6.you can see the result by clicking Monitor
Top comments (0)