How to use managed identity to authenticate azure function making http call?

Rachana Koneru 0 Reputation points Microsoft Employee
2023-10-12T16:38:54.4933333+00:00

I have an azure function that's triggered by service bus topic. It then needs to make a http call to another api hosted on an azure app service. I enabled system-assigned managed identity on the function app and granted it read access to my web app.

In my code, I'm trying to get the bearer access token like this but it fails saying the resource id with my url doesn't exist in MS tenant. Do I need an azure AD app for my web app? I thought using managed identity eliminated the need for this? How can I fix this?

var tokenCredential = new DefaultAzureCredential();
var accessToken = await tokenCredential.GetTokenAsync(
    new TokenRequestContext(new[] { "https://my-webapp-uri/.default" })
).ConfigureAwait(false);
Azure Functions
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
4,400 questions
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,045 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Pramod Valavala 20,591 Reputation points Microsoft Employee
    2023-10-12T21:51:56.73+00:00

    @Rachana Koneru Before you can request a token for your API, you need to register it on Azure AD and expose scopes.

    In your Web API, you would validate the token (authentication) and parse it to extract scopes/roles from it, checking to make sure the user has access to the API called (authorization).

    You can read more about the concepts for a Web API and how you can use built-in features in ASP.NET (Core) to achieve this in your Web API if you are building using C# and .NET in the official docs.

    0 comments No comments