There is an Azure Web App service and I have to call an API get method on that service. The web app service is under Identity Provider protection and the caller has to be an Azure function.
I have gotten the following message Azure function has started to work: "You do not have permission to view this directory or page." That message has sent from Azure Web App (protected by Azure identity provider)
As you guys can realize, the Azure function does not have permission to call the protected Azure Web App service. The reason is clear for me, the web app service is protected by Azure Identity Provider.
How can I call the get method on Web App service from the Azure function in this case?
2
Answers
The way to do this is to use Managed Identities
You give your Azure function a System-assigned Identity.
And then you grant rights to that System-assigned Identity on your Azure Web App.
See: https://learn.microsoft.com/en-us/azure/app-service/overview-managed-identity?tabs=portal%2Chttp
How I understand that this should work is that you have to enable managed identity on your Azure Function. This will create a managed Application (Service Principal) inside your Azure Active Directory.
Then you will have to grant this managed application permission to invoke your Azure Web App.
In your Azure Function, you will have to add some implementation to acquire a token for your Azure Web App using the managed identity you have created earlier. With the token, you can create a REST request that contains the access token for your API.
Here is a code example for .NET