Log in to the database using an SSMS admin account and run this code to assign read permissions for our App Service.Īfter adding the user and assigning them the appropriate role, we can call our Application Programming Interface (API), which will retrieve the information from the database. For this reason, it is better to add the user to the database with more restricted permissions. If we add the Managed Identity web app to the “admin” group, it will be used to read and/or write to the database in our App Service.Īdding the MSI directly to the “admin” group is not good practice. Private endpoints or service endpoints should be used. Remember that an SQL server typically contains sensitive data so it should never be made public. Now, log in using SQL Server Management Studio (SSMS) from a machine with network access to the SQL server. Now that the AAD group has been configured as admin for the SQL server, it can be seen at the SQL server level. Note: providing a group of admins is preferable. Click “Set admin” and choose an Azure AD identity.Granting access to the database is straightforward. The Managed Identity web app will be used to connect to the SQL database as shown below: This will create an Enterprise Application in the Azure Active Directory (AAD): An application can also have multiple user-assigned identities.įollow the steps below to enable this from the portal: User-assigned: A user-assigned identity is a standalone resource that can be assigned to multiple applications.An application can only have one system-managed identity. System-assigned: Since this identity is linked to the App Service, deleting the App Service will also delete the identity.There are two types of managed identities: To keep things simple, we will enable it through the Azure Portal. There are different ways to enable a managed identity for an app service (PowerShell, Azure Command-Line Interface, Azure Portal, etc.). In this post, we will demonstrate this method using a service app.īefore we get started, you need to deploy the following resources:Įnabling the Managed Service Identity (MSI) How can you connect to an SQL database transparently and securely using Azure Active Directory (AD) authentication rather than the traditional method (user ID and password)? This is what we will look at today, step by step. Post co-written by Yacine Smail and Amine Teffahi
0 Comments
Leave a Reply. |