Imagine that I have:
An Azure Function (func) that exposes an http endpoint (api1)
An Azure App Service (service1) that has a Managed Service Identity configured (msi1)
I would like to configure everything in such a way that service1 can make an HTTP request to api1, and api1 knows that the request is coming from msi1. Furthermore, I would like to be able to configure service1 in the Azure portal to either allow or disallow access to api1.
Basically I want to configure which app services have access to which functions (or vice-versa) as much as possible in the Azure portal, without having to create and manage API tokens or keys in application settings.
I would like to stress that this is service-to-service - service1 does not request any login information from its users.
I believe that this should be possible, but most of the documentation that I have come across describes situations in which a user logs in via Microsoft/Facebook/Google/Whatever and gets an access token in that way. I know that I can use client credentials on an application registration to create a valid bearer token; but that shouldn't be necessary because service1 is executing under the security context of msi1.
