Edit

Share via

Quickstart: Connect Azure App Service to databases and services with Service Connector

Get started with Service Connector to connect your Azure App Service to databases, storage accounts, and other Azure services. Service Connector simplifies authentication and configuration, enabling you to connect to resources using managed identities other authentication methods.

This article provides step-by-step instructions for both the Azure portal and Azure CLI. Choose your preferred method using the tabs above.

Prerequisites

  • This quickstart requires version 2.30.0 or higher of the Azure CLI. To upgrade to the latest version, run az upgrade. If using Azure Cloud Shell, the latest version is already installed.

Initial set-up

  1. If you're using Service Connector for the first time, start by running the command az provider register to register the Service Connector resource provider.

    az provider register -n Microsoft.ServiceLinker

    Tip

    You can check if the resource provider has already been registered by running the command az provider show -n "Microsoft.ServiceLinker" --query registrationState. If the output is Registered, Service Connector is already registered.

  2. Optionally, use the Azure CLI az webapp connection list-support-types command to get a list of supported target services for App Service.

    az webapp connection list-support-types --output table

Create a service connection in App Service

Use Service Connector to create a service connection between your Azure App Service and Azure Blob Storage. This example demonstrates connecting to Blob Storage, but you can use the same process for other supported Azure services.

  1. Select the Search resources, services and docs (G +/) search bar at the top of the Azure portal, type App Services, and select App Services.

    Screenshot of the Azure portal, selecting App Services.

  2. Select the App Service resource you want to connect to a target resource.

  3. Select Settings > Service Connector from the service menu. Then select Create.

    Screenshot of the Azure portal, selecting Service Connector and creating new connection.

  4. On the Basics tab, select or enter the following settings.

    Setting Example Description
    Service type Storage - Blob The target service type. If you don't have a Microsoft Blob Storage, you can create one or use another service type.
    Connection name my_connection The connection name that identifies the connection between your App Service and target service. Use the connection name provided by Service Connector or choose your own connection name.
    Subscription My subscription The subscription for your target service (the service you want to connect to). The default value is the subscription for this App Service resource.
    Storage account my_storage_account The target storage account you want to connect to. Target service instances to choose from vary according to the selected service type.
    Client type The same app stack on this App Service The default value comes from the App Service runtime stack. Select the app stack that's on this App Service instance.

  5. Select Next: Authentication to choose an authentication method.

    System-assigned managed identity is the recommended authentication option. Select System-assigned managed identity to connect through an identity that's generated in Microsoft Entra ID and tied to the lifecycle of the service instance.

  6. Select Next: Networking to configure the network access to your target service and select Configure firewall rules to enable access to your target service.

  7. Select Next: Review + Create to review the provided information. Then select Create to create the service connection. This operation might take a minute to complete.

Run the az webapp connection create command to create a service connection from App Service to Blob Storage with a system-assigned managed identity. You can run this command in two ways:

  • Generate the new connection step by step:

    az webapp connection create storage-blob --system-identity

  • Generate the new connection at once. Replace the placeholders with your own information: <source-subscription>, <source_resource_group>, <webapp>, <target-subscription>, <target_resource_group>, and <account>.

    az webapp connection create storage-blob \
   --source-id /subscriptions/<source-subscription>/resourceGroups/<source_resource_group>/providers/Microsoft.Web/sites/<webapp> \
   --target-id /subscriptions/<target-subscription>/resourceGroups/<target_resource_group>/providers/Microsoft.Storage/storageAccounts/<account>/blobServices/default \
   --system-identity

Tip

If you don't have a Blob Storage account, run az webapp connection create storage-blob --new --system-identity to create one and connect it to your App Service using a managed identity.

View App Service connections

  1. Once the connection has successfully been created, the Service Connector page displays existing App Service connections.

  2. Select the > button to expand the list and see the environment variables required by your application code. Select Hidden value to view the hidden value.

    Screenshot of the Azure portal, viewing connection details.

  3. Select Validate to check your connection. Select Learn more to see the connection validation details in the panel on the right.

    Screenshot of the Azure portal, validating the connection.

View App Service connections

Run the Azure CLI az webapp connection command to list connections to your App Service, providing the following information:

  • The name of the resource group that contains the App Service
  • The name of the App Service
az webapp connection list --resource-group "<your-app-service-resource-group>" -n "<your-app-service-name>" --output table

Related content

Follow the tutorials below to start building your own application with Service Connector.