question

skdev avatar image
1 Vote"
skdev asked SantoshMallena-4803 commented

What should be 'Resource ID' value in Azure function linked service in data factory for managed identity access?

I have an azure function app with Microsoft AD authentication enabled. I have configured Azure data factory pipeline to access an anonymous function through Azure function linked service.
I want to use Managed identity authentication from data factory to Azure function. I have added data factory managed identity to a role in Azure function AD application.

What should be 'Resource ID' value while creating Azure function linked service in data factory for managed identity access?
I tried giving the value 'api://<ADApplicationID>' and resource id (/subscription/xxxx/reourcegroup/xxx/provider/xx....', but both didnt work, which keeps throwing a 401 Unauthorized error.
The same works by hitting the azure function URL with Web activity in ADF pipeline with managed identity authentication without any issues.

azure-data-factoryazure-functionsazure-managed-identity
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

HimanshuSinha-MSFT avatar image
0 Votes"
HimanshuSinha-MSFT answered SantoshMallena-4803 commented

Hello @skdev ,
Thanks for the ask and using the Microsoft Q&A platform .
When you create a Azure function , the deployment process creates a app id . You can see the same

127980-image.png

Now navigate to the AAD search with the app name .

128073-image.png

Please use the application ID In the resource id and it should work . I just tested that on my side .

128042-image.png

128037-image.png


Please do let me know how it goes .
Thanks
Himanshu
Please do consider clicking on "Accept Answer" and "Up-vote" on the post that helps you, as it can be beneficial to other community members



image.png (82.0 KiB)
image.png (22.1 KiB)
image.png (4.3 KiB)
image.png (22.2 KiB)
· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @HimanshuSinha-MSFT I tried using the Application ID in the Resource ID field, but it throws 401 error with message 'You do not have permission to view this directory or page'
Couple of things:
1. I have the 'User assignment required' set to yes for the Enterprise application of the function app.
2. I have added the ADF managed identity to the Enterprise app using New-AzureADServiceAppRoleAssignment powershell cmdlet.

But still facing the above issue.



0 Votes 0 ·

Hello @skdev ,
Are still facing the issue , actually i was also facing the error , but once I resolved the permission , I was able to make it work . Please do let me know how it goes .
Thanks
Himanshu

0 Votes 0 ·
skdev avatar image skdev HimanshuSinha-MSFT ·

Yes @HimanshuSinhamfst-5269 Still facing the same issue. When you say resolve permission, did you add the adf managed identity to an app role?

0 Votes 0 ·
Show more comments