Maybe more explanation later, but for now, just this snippet:
CREATE USER [my-azure-function-app] FROM EXTERNAL PROVIDER;
EXEC sp_addrolemember 'db_owner', 'my-azure-function-app';
Assumes you have an Azure Function App called my-azure-function-app and used the Identity blade to create a System assigned identity, which was also named my-azure-function-app.
Some other sources suggested using the Object ID of the managed identity, but I had no luck with that approach.
As far the connection string, I had some trouble finding the correct format, but turns out you want Authentication="Active Directory Managed Identity"
, for something like this:
Server=tcp:my-database-server.database.windows.net,1433;Initial Catalog=MyCatalog;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;Authentication="Active Directory Managed Identity";
Leave a Reply