Repository files navigation

This is a sample repo to demonstrate how to use Azure Functions System Assigned Managed Identity to connect to Power Apps WebAPI - without any password, secret or certificate.

Blog Post:https://dreamingincrm.com/2021/11/16/connecting-to-dataverse-from-function-app-using-managed-identity/

⚠ This repo was updated Aug-2023, so the content in the blog post does not exactly line up with what is currently in the repo. The repo shows the latest and greatest as on Sep, 2023

ℹOct 2024 Azd Community Standup presented the repohttps://github.com/Azure-Samples/functions-quickstart-dotnet-azd. Please also refer this for comparison.

This is a sample repo that shows how to use Bicep to create Function App and how to use the Function App's System Assigned Managed Identity to connect to Dataverse. This application uses the Azure Developer CLI (azd) to deploy all the resources.

The following prerequisites are required to use this application. Please ensure that you have them all installed locally.

• Azure Developer CLI
• .NET SDK 6.0
• Azure Functions Core Tools (4+)
• Node.js with npm (16.13.1+)
• Power Platform CLI

If you don't want to install these tools locally you can always run the whole repo locally, using Dev Containers by clicking the Dev Containers button, or entirely in the browser by clicking the GitHub Codespaces button on the top.

The easiest option is to run this single command using Azure Developer CLI.

azd up

This command will deploy the required resources and the Function App's application code as well.

You can also run provisioning first using

azd provision

following by Function App's application code deployment using

azd deploy

All the resources in Azure can be easily cleanup using

azd down

For the full list of command refer toazd docs.

The Function App can be deployed in 1 of 3 possible configurations.

1. Azure Functions in Consumption Plan - This does not have any VNet or Storage level network isolation features. If you are just interesting in testing out how Functions connects to Dataverse as Managed Identity start here.
2. Azure Function in Elastic Premium with only Service Endpoints and VNet - Storage account is isolated to the VNet and Azure Functions traffic to Storage Account goes via the VNet using public Internet. This is the entry level security in terms of internal network traffic. This is controlled by thecreateVNet parameter in main.bicep.
3. Azure Function in Elastic Premium with Private Endpoints - Storage Account is isolated to the VNet. Function App communicates with Storage Account using VNet over Private Link connection. Traffic in Private Link goes through Microsoft Backbone not via public internet. Traffic to the Function App i.e people invoking the Functions via HTTP still is over the public internet. This is controlled by thecreatePrivateLink parameter.

This repo has azdposthooks setup. So, the newly provisioned Function App will be automatically added as an Application User with System Administrator role usingpac admin assign-user.