Azure Data Factory Web Connection with System Assigned Managed Identity is not working for API Authentication

Jonas Lomholdt 6 Reputation points
2023-11-24T08:39:04.7033333+00:00

I have a ADF (Azure Data Factory) where my pipeline needs to do a Web request to an API that's secured by Azure AD. I have configured a linked service Web Connection for the endpoint and selected "System Assigned Managed Identity" for Authentication. In the "Resource" field I have added the "Application ID URI" for the app registration connected to the API I'm trying to call. In my pipeline I have added the "Web" Activity and try to invoke the API. It fails with a 401 saying "it lacks valid authentication credentials".

"Invoking endpoint failed with HttpStatusCode - '401 : Unauthorized', message - 'Client request has not been completed because it lacks valid authentication credentials for the requested endpoint(url).'"

I have control over the API so I enabled PII logging and pulled the token out it receives. So I can confirm a JWT token is being passed along in the headers. It even validates the aud claim correctly. But still it's not working.

If I run an `az account get-access-token --resource

Azure Data Factory
Azure Data Factory
An Azure service for ingesting, preparing, and transforming data at scale.
10,160 questions
{count} votes