I am trying to call a Function app from ADF using MSI. I have enabled managed identity for ADF as well as have enabled AAD authentication/authorization for Function app.
Now when I make a web call from ADF (with the underlying specification)
I get the following error.
I even added ADF as contributor to Function App. I must be missing something, but not sure what exactly
First of all, please make sure you selected the Create New AD App option when you configure the function app with Azure AD auth, then azure will do all the configurations for you automatically, this will reduce unnecessary trouble. Also remember to set Authorization level of your function to Anonymous, because we configured the function app with Azure AD auth.
In your case, the error was caused by the wrong Resource, it should be the Application ID URI of the AD App corresponded to the function app, i.e. https://<functionapp-name>.azurewebsites.net(this is configured by azure automatically when you select Create New AD App as mentioned above).
Besides, you should note, if you just do the steps above, all the service principals(MSI is essentially a service principal)/users in your AAD tenant can access the function app, if you just want your MSI to access the function app, then you need to leverage the Azure AD App role, I have posted the details here, if you don't mind this, just ignore the step 2 and step 3, it will also work.
`