This is indeed possible! @cephalin is actually working on a topic which covers this exact scenario, and I believe it should be ready soon, but perhaps he can comment.

@mattchenderson Awesome.. Cant wait to hear about the solution!

You guys are kickass.. response times are unbelievable!! Go-Az :)

Here's a link to the published article: https://docs.microsoft.com/azure/app-service/app-service-web-tutorial-connect-msi

please-close

@vancourse We will now close this issue. If there are further questions regarding this matter, please reopen it and we will gladly continue the discussion.

Thank you, Matthew. I will go through the documentation!

-Ravi

On Fri, Apr 20, 2018 at 1:28 PM, Matthew Henderson <[email protected]

wrote:

Here's a link to the published article: https://docs.microsoft.com/
azure/app-service/app-service-web-tutorial-connect-msi

—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
https://github.com/MicrosoftDocs/azure-docs/issues/7456#issuecomment-383213288,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AEvrrPcfXtSS_4Inktcc2yV3vBYrI8ZVks5tqkT5gaJpZM4Tcbj3
.

Matt,
After reviewing the link above, turns out that we need to use Access Tokens in this approach..
Would you happen to have an example wherein I can store a reference to KV/ConnectionStringSecret directly in ConnectionString - and have AppSvc retrieve the value directly?

@mattchenderson @cephalin @femsulu

@vancourse We don't have support for this, although it's an area we're exploring. Are you basically looking to use existing connection string code? I'd like to understand the concern with the access token approach.

Matthew,

I like the access token approach. However, it would mean I have to open up
different apps ( in a microservice world ) and patch each app. Moreover, I
then have to fork between the dev/localdb connectivity vs azure db
connectivity... I am trying to keep my code free of target-env-specific
code..

Since this is such a generic functionality, I was hoping that Azure has a
built-in mechanism to handle the connectivity between Resource-1 and
Resource-2, provided Resource-1's MSI has RBAC permissions set for
accessing Resource-2.

More specifically, if WebApp is running under an MSI identity, which is
created as a user with grants in SQL DB.. shouldn't my app simply be able
to access the SQLServer? What is the necessity for accessTokens? ( Hoping
that the underlying Service Fabric takes care of the necessary
authentication ).

Cheers

On Tue, Apr 24, 2018 at 2:31 PM, Matthew Henderson <[email protected]

wrote:

@vancourse https://github.com/vancourse We don't have support for this,
although it's an area we're exploring. Are you basically looking to use
existing connection string code? I'd like to understand the concern with
the access token approach.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/MicrosoftDocs/azure-docs/issues/7456#issuecomment-384086756,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AEvrrFV0bfrNySR2eXA7Agf7oN9AcLZIks5tr5nCgaJpZM4Tcbj3
.

Noted. We've had some conversations with the various library teams about this. I definitely agree about the target-env-specific code. I don't have a good answer for your at the moment, but I think things will improve as we continue to build out MSI.