In my Az Function I have system assigned managed identity enabled and a user assigned managed identity assigned. I would like to use the user assigned managed identity to access some resources, so I put the following code to initialize ARMClient.
DefaultAzureCredentialOptions option = new DefaultAzureCredentialOptions
{
ManagedIdentityClientId = "xxxxxxx"
};
var credential = new DefaultAzureCredential(option);
_armClientUAI = new ArmClient(credential, subscriptionId);
Also, would like to grant access to the function itself to some resources, so I do not set AZURE_CLIENT_ID in App Setting as this will route to user assigned identity instead.
After deployed my function to Azure, it failed to access those resources that user assigned managed identity has been grant. Looks like it uses system assigne managed identity even I set client id explicitly. From the doc here, it mentioned the check order for DefaultAzureCredential as follows, but did not say how it determines when both system assigned and user assigned are enabled.
- EnvironmentCredential
- ManagedIdentityCredential
- SharedTokenCacheCredential
- IntelliJCredential
- AzureCliCredential
- AzurePowerShellCredential
- Fails if none of the credentials above could be created.
Tried to set the client id explicitly, but not working.
