Connecting from Azure App Service to Azure Sql Database works for System Assigned but not User Assigned managed identity

Question

I am able to connect my (.Net 6) Azure App to my Azure Sql Server by:

1. Turning on the System Assigned Identity on the Azure App
2. Set the Azure Active Directory admin in the Azure Sql Server instance to this new identity
3. Add this new identity as an owner (or contributor) in the Sql Server access control
4. Use a connection string such as (Server=tcp:mydbs.database.windows.net;Database=thedb;Authentication=Active Directory Managed Identity;TrustServerCertificate=True;) in the code in the (.Net 6) app.

There are a lot of Azure CLI guides for doing this but the Azure Web UI can do a lot more now and the above steps work.

However, I need to connect to the same database from another Azure App. You can't make 2 identities the admin of the database so I tried to switch to using a User Assigned identity (that I created as part of my Resource Group) instead. The steps were:

1. Turn off System Managed Id in the Azure App, and added the User Managed identity on the Identity page.
2. Changed the Azure Active Directory admin in the Azure Sql Server instance to be this new User Managed identity.
3. Added this identity as an Owner in the Sql Access Control.
4. Left the Connection String the same.

It doesn't work. I think the Sql Connection isn't picking up the User Managed Id like it did for the System Managed Id when the app tries to log in to the database.

Any ideas?

Answer 1

Ok one way of solving this is to create a group in AAD, put the Azure App System Id into it, then give it the admin rights in the Azure Sql Database. Then I can just add more Azure App System Ids into the group when I need to. I'd still like to know the steps or connection string tricks needed to let an (.Net 6) Azure App use a User Assigned identity.