App Service -> Azure SQL DB using a managed identity. Strange exception

0
votes

I am trying to set up a connection from my App Service to Azure SQL DB with managed identity. I am using this tutorial https://docs.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-connect-msi But when my app tries to connect to the database it breaks with exception

One or more errors occurred.;
INNER EXCEPTION 1: One or more errors occurred.;
INNER EXCEPTION 2: Parameters: Connection String: [No connection string specified], Resource: https://database.windows.net/, Authority: https://login.windows.net/B0BBBC89-2041-434F-8618-BC081A1A01D4. Exception Message: Tried the following 4 methods to get an access token, but none of them worked.
Parameters: Connection String: [No connection string specified], Resource: https://database.windows.net/, Authority: https://login.windows.net/B0BBBC89-2041-434F-8618-BC081A1A01D4. Exception Message: Tried to get token using Managed Service Identity. Access token could not be acquired. Received a non-retryable error. MSI ResponseCode: BadRequest, Response: {\"StatusCode\":400,\"Message\":\"No MSI found for specified ClientId/ResourceId.\",\"CorrelationId\":\"ad10102e-dd69-479e-b9f5-29b9a3248983\"}
Parameters: Connection String: [No connection string specified], Resource: https://database.windows.net/, Authority: https://login.windows.net/B0BBBC89-2041-434F-8618-BC081A1A01D4. Exception Message: Tried to get token using Visual Studio. Access token could not be acquired. Visual Studio Token provider file not found at \"D:\\local\\LocalAppData\\.IdentityService\\AzureServiceAuth\\tokenprovider.json\"
Parameters: Connection String: [No connection string specified], Resource: https://database.windows.net/, Authority: https://login.windows.net/B0BBBC89-2041-434F-8618-BC081A1A01D4. Exception Message: Tried to get token using Azure CLI. Access token could not be acquired. 'az' is not recognized as an internal or external command, operable program or batch file.
Parameters: Connection String: [No connection string specified], Resource: https://database.windows.net/, Authority: https://login.windows.net/B0BBBC89-2041-434F-8618-BC081A1A01D4. Exception Message: Tried to get token using Active Directory Integrated Authentication. Access token could not be acquired. Failed to get user name from the operating system.

Does anyone know where to look for the cause?

1
azureazure-sql-databaseazure-managed-identity
Have you add the Azure MSI as Azure SQL database contained user:docs.microsoft.com/en-us/azure/azure-sql/database/…?Jim Xu
Do you have any update/Jim Xu

1 Answers

0
votes

We understand what the problem is. The article deals with system-assigned managed identity. We use user-assigned managed identitiy. The app service has not been configured correctly. On the identification tab, it was necessary to add a user account who has access to the database. On the configuration tab, it was necessary to add a key

AzureServicesAuthConnectionString=RunAs=App;AppId={Guid of db user}