Azure Question posted in
The official documentation to get you started can be found here.

How to configure access of a Azure App Service Web App to Azure SQL DB?

I’m trying out Azure. I’m hosting a C# .NET Core 8 MVC Web Application as a Azure App Service WebApp (Free Plan) and it should access a Azure SQL Server Database (Free Plan).

When the WebApp was created a User Managed Service Identity was created as well.

  • This UMSI has successful access to the Azure Key Vault by assigning it to the Role "Key Vault Secrets User".
  • UMSI is failing to access the SQL Server Database and I am not sure how to configure the access.I only found the Role "SQL Server Contributor" but nothing for the access to the database itself.

When the WepApp tries to access the Database im getting a Error as below

  • SqlException: ManagedIdentityCredential authentication failed: Service request failed.
    Status: 400 (Bad Request)

I do have the connection string in the app settings defined as below

"Server=tcp:sqlserveraddress.database.windows.net,1433;Initial Catalog=SQLDBName;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;Authentication="Active Directory Default";"

Does anyone know how to grant the User Managed Service Identity access to the database itself? The Database doesn’t have a IAM Screen.

Can’t believe I do need to use TSQL to administrate add the USMI as a user and login with permissions?

EDIT:
I’ve created a user for the UMSI and granted it db_datareader, db_datawriter, db_ddladmin as the App has to create tables from the migration. Didnt help. Error is still the same.

Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    Thanks to Bhavani for referring me to this

    I had to enable and create a System Managed Identity. Only the System Managed Identity is then created within Entra / ADD. After this the Application was able to access the Database. The User Managed Identity is not created in Entra / ADD.


  2. 0

    Based on your comments, you already added the managed identity user as external login.

    Besides that, double check the connection string. It should be as following:

    Server=tcp:[server-name].database.windows.net,1433;Initial Catalog=[catalog];Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;

    Also, assuming you’re using Entity Framework, add this to your DbContext:

    protected override void OnConfiguring(DbContextOptionsBuilder optionsBuilder)
{
    var connectionString = _configuration.GetConnectionString("Default");
    var sqlConnection = new SqlConnection(connectionString);

    var tokenCredential = new DefaultAzureCredential();
    sqlConnection.AccessToken = tokenCredential.GetToken(new TokenRequestContext(new[] { "https://database.windows.net/.default" })).Token;


    optionsBuilder.UseSqlServer(sqlConnection);
}
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search