Azure SQL Database
An Azure relational database service.
5,754 questions
Refer the below aspect :
Creating a database scope cred with random name :
Failure :
Update the cred as per proper URL name :
How to use Managed Identity to call a azure function from Azure SQL Database using sp_invoke_external_endpoint
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(275.2, 61%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAS%3C/text%3E%3C/svg%3E)
Ayush Shrivastava
120
Reputation points
How to use Managed Identity to call a azure function from Azure SQL Database using sp_invoke_external_endpoint.
When I try to create a credential using this query
CREATE
And then run my rest endpoint to call the Azure function
EXEC sp_invoke_external_rest_endpoint
@url = N'https://{appName}.azurewebsites.net/api/{functionName}',
@method = 'POST',
@credential = {name},
@payload = @json_body,
@response = @response OUTPUT;
I shows me this error
SQL Error [31630] [S0001]: The database scoped credential '{name}' cannot be used to invoke an external rest endpoint.
{count} votes
-
Nandan Hegde 32,416 Reputation points MVP2024-08-26T15:31:45.4366667+00:00 Can you please provide the database scoped cred SQL statement?
-
Ayush Shrivastava 120 Reputation points
2024-08-27T06:19:44.59+00:00 CREATE DATABASE SCOPED CREDENTIAL auth
with identity = 'Managed Identity', secret = '{"resourceid":"{app id of the auth app that I have created under authentication section}"}'
-
Ayush Shrivastava 120 Reputation points
2024-08-28T06:29:33.89+00:00 @Nandan Hegde Any update here !!
-
Ayush Shrivastava 120 Reputation points
2024-08-28T06:30:23.6066667+00:00 @Nandan Hegde Any update on the question.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(198.4, 69%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESR%3C/text%3E%3C/svg%3E)
Sai Raghunadh M 1,045 Reputation points Microsoft Vendor2024-09-03T07:01:53.2+00:00 Hi @ Ayush Shrivastava,
Just checking in to see if the below answer provided by @Nandan Hegde helped. If this answers your query, do click
Accept AnswerandYesfor was this answer helpful. And, if you have any further query do let us know.
Sign in to comment
Accepted answer
-
Nandan Hegde 32,416 Reputation points MVP
2024-08-30T04:23:29.97+00:00 -
Sai Raghunadh M 1,045 Reputation points Microsoft Vendor
2024-09-04T08:28:22.5566667+00:00 Hi @ Ayush Shrivastava,
Just checking in to see if the above answer provided by @Nandan Hegde helped. If this answers your query, do click
Accept AnswerandYesfor was this answer helpful. And, if you have any further query do let us know. -
Ayush Shrivastava 120 Reputation points
2024-09-04T16:17:21.6233333+00:00 Thanks @Nandan Hegde
This works. Do you know what permission my server's managed identity need to trigger the function. It's throwing 403 right now.
It would be helpful if you can share screenshots.
-
Ayush Shrivastava 120 Reputation points
2024-09-04T16:52:29.1666667+00:00 Although I have configured it to throw 401
it's throwing
"http": {
"code": 403,
"description": "Forbidden"
}
-
Ayush Shrivastava 120 Reputation points
2024-09-04T21:16:17.43+00:00 @Nandan Hegde following up on my question above
-
Nandan Hegde 32,416 Reputation points MVP
2024-09-05T03:13:50.8666667+00:00 Can you please specify what permission you have provided the Azure SQL server on the Azure function?
-
Ayush Shrivastava 120 Reputation points
2024-09-05T06:47:55.55+00:00 Yes Sure,
I used IAM section in the function App and provided contributor since I didn't see any role related to Azure functions.
If I am not mistaken I need to provide Azure function's access to my SQL Server's Managed Identity right ?
-
Ayush Shrivastava 120 Reputation points
2024-09-05T06:55:11.6133333+00:00 This is the role that I am using.
-
Ayush Shrivastava 120 Reputation points
2024-09-05T06:56:04.6033333+00:00 Also Nanda do you think we can connect over a meeting to discuss and resolve this one.
Sign in to comment -
2 additional answers
Sort by: Most helpful
-
Sai Raghunadh M 1,045 Reputation points Microsoft Vendor
2024-08-29T06:16:20.9766667+00:00 Hi @ Ayush Shrivastava,
Thanks for the question and using MS Q&A platform.
You created a special username and password called a "database scoped credential" that allows your Azure SQL Database to access your Azure Function.
To use this username and password in your call to sp_invoke_external_rest_endpoint, you need to specify the name of the credential in the @credential parameter of the stored procedure. In your case, you named the credential "auth".
So, to use the credential in your call to sp_invoke_external_rest_endpoint, you can replace {name} in your query with the name of the database scoped credential you created, which is "auth". (@credential = {auth} This will allow your Azure SQL Database to authenticate with your Azure Function and call it successfully.
For your better understanding please go through this Document: sp_invoke_external_rest_endpoint (Transact-SQL)
Hope this helps. Do let us know if you have any further queries.
If this answers your query, do click
Accept AnswerandYesfor was this answer helpful.-
Ayush Shrivastava 120 Reputation points
2024-08-29T07:26:48.86+00:00 I understand this and this is not the issue. Even if I add @credentials it errors out and throws this error.
-
Sai Raghunadh M 1,045 Reputation points Microsoft Vendor
2024-08-29T08:26:35.1233333+00:00 Have you granted the necessary permissions to the Managed Identity of your Azure SQL Database to call Azure Function?
-
Ayush Shrivastava 120 Reputation points
2024-09-04T19:00:10.44+00:00 That is where I am struggling.
@Sai Raghunadh M It's not very clear what permission is needed to call the function
Sign in to comment -
-
Nandan Hegde 32,416 Reputation points MVP
2024-08-29T15:59:12.3633333+00:00 Hello Ayush
Apologies to have missed out on this thread.
assuming that you have followed all the steps w.r.t app creation to access provision as stated below :
The above error comes in case if the database scoped credential name is other then the URL.
Try having the databasecope cred name as below :
[https://{appName}.azurewebsites.net/api/{functionName}]
-
Ayush Shrivastava 120 Reputation points
2024-08-30T10:48:21.2366667+00:00 Will try this and update here.
Sign in to comment -