Watch the step by step implementation as a You tube Video.

Step 1: Create an Azure App Service (Web App)

1. Go to Azure Portal → Search for “App Services” → Click “Create”.
2. Choose Subscription and Resource Group (or create a new one).
3. Set the following values:
   • Name: my-adf-web-app
   • Publish: Code
   • Runtime Stack: .NET 8 (or any preferred language)
   • Operating System: Windows or Linux
   • Region: Choose a region close to your resources.
   • Plan: Choose a basic plan (B1) for testing.
4. Click Review + Create → Click Create.

---

Step 2: Enable Managed Identity for Web App

1. In Azure Portal, go to App Services → Select my-adf-web-app.
2. Click on Identity under Settings.
3. Under System Assigned, toggle the switch to On.
4. Click Save, and copy the Object ID (you’ll need it later).

---

Step 3: Grant Permissions to Managed Identity on ADF

1. Go to Azure Data Factory in the Azure Portal.
2. Click on Access Control (IAM) → Click Add Role Assignment.
3. Select:
   • Role: Data Factory Contributor (or Data Factory Operator for limited access).
   • Assign Access To: Managed Identity.
   • Select Members: Choose your Web App (my-adf-web-app).
4. Click Save.

Step 4: Write Code in Azure App Service to Call ADF Pipeline

Use the following C# code inside your Web App to invoke the ADF pipeline using Managed Identity.

C# Code (ASP.NET Core)

using Microsoft.AspNetCore.Mvc;
using Azure.Identity;
using System.Net.Http;
using System.Threading.Tasks;
using Azure.Core;

[Route("api/[controller]")]
[ApiController]
public class ADFController : ControllerBase
{
    private readonly HttpClient _httpClient;
    private readonly string _adfPipelineUrl = "https://management.azure.com/subscriptions/xxxx-xxxx-xxx-xxx/resourceGroups/jbadf/providers/Microsoft.DataFactory/factories/jbadfapp/pipelines/jb_Copydata/createRun?api-version=2018-06-01";

    public ADFController()
    {
        _httpClient = new HttpClient();
    }

    [HttpGet("trigger")]
    public async Task<IActionResult> TriggerPipeline()
    {
        var credential = new DefaultAzureCredential();
        var token = await credential.GetTokenAsync(new TokenRequestContext(new[] { "https://management.azure.com/.default" }));

        _httpClient.DefaultRequestHeaders.Add("Authorization", $"Bearer {token.Token}");

        var response = await _httpClient.PostAsync(_adfPipelineUrl, null);

        if (response.IsSuccessStatusCode)
        {
            return Ok("ADF Pipeline triggered successfully.");
        }
        return StatusCode((int)response.StatusCode, "Failed to trigger pipeline.");
    }
}

Step 5: Deploy the Code to Azure App Service

1. In Visual Studio, create an ASP.NET Core Web API project.
2. Copy the above C# code into your Controller or Service.
3. Deploy your code to Azure App Service using:
   • Right-click on the project → Publish → Azure App Service.

---

Step 6: Test the Web App

1. Navigate to https://my-adf-web-app.azurewebsites.net.
2. Trigger the endpoint that executes the above code.
3. Your ADF pipeline should now run successfully!

This is the simplest way to invoke an ADF pipeline from Azure App Services using Managed Identity.

Possible Errors Expected,

Error triggering ADF pipeline: DefaultAzureCredential failed to retrieve a token from the included credentials. See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/defaultazurecredential/troubleshoot

• EnvironmentCredential authentication unavailable. Environment variables are not fully configured. See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/environmentcredential/troubleshoot
• WorkloadIdentityCredential authentication unavailable. The workload options are not fully configured. See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/workloadidentitycredential/troubleshoot
• ManagedIdentityCredential authentication unavailable. No response received from the managed identity endpoint.
• VisualStudioCredential authentication failed: Visual Studio Token provider can’t be accessed at D:DWASFilesSitesJBAPPLocalAppData.IdentityServiceAzureServiceAuthtokenprovider.json
• AzureCliCredential authentication failed: Azure CLI not installed
• AzurePowerShellCredential authentication failed: Az.Accounts module >= 2.2.0 is not installed.
• AzureDeveloperCliCredential authentication failed: Azure Developer CLI could not be found.

Error triggering ADF pipeline: The client ’66a2225c-f1b5-439b-b375-78ae2b744f2f’ with object id ’66a2225c-f1b5-439b-b375-78ae2b744f2f’ does not have authorization to perform action ‘Microsoft.DataFactory/factories/pipelines/createRun/action’ over scope ‘/subscriptions/xxxx-xxxx-xxxx/resourceGroups/jbadf/providers/Microsoft.DataFactory/factories/jbadfapp/pipelines/jb_Copydata’ or the scope is invalid. If access was recently granted, please refresh your credentials.
Status: 403 (Forbidden)
ErrorCode: AuthorizationFailed

Content:
{“error”:{“code”:”AuthorizationFailed”,”message”:”The client ’66a2225c-f1b5-439b-b375-78ae2b744f2f’ with object id ’66a2225c-f1b5-439b-b375-78ae2b744f2f’ does not have authorization to perform action ‘Microsoft.DataFactory/factories/pipelines/createRun/action’ over scope ‘/subscriptions/xxxx-xxxx-xxxx/resourceGroups/jbadf/providers/Microsoft.DataFactory/factories/jbadfapp/pipelines/jb_Copydata’ or the scope is invalid. If access was recently granted, please refresh your credentials.”}}

Headers:
Cache-Control: no-cache
Pragma: no-cache
x-ms-failure-cause: REDACTED
x-ms-request-id: 896c9766-5ee3-4dbb-b3b6-71800e2ee564
x-ms-correlation-request-id: REDACTED
x-ms-routing-request-id: REDACTED
Strict-Transport-Security: REDACTED
X-Content-Type-Options: REDACTED
X-Cache: REDACTED
X-MSEdge-Ref: REDACTED
Date: Tue, 18 Feb 2025 08:23:20 GMT
Content-Length: 512
Content-Type: application/json; charset=utf-8
Expires: -1

Thank You,
Vivek Janakiraman

Disclaimer:
The views expressed on this blog are mine alone and do not reflect the views of my company or anyone else. All postings on this blog are provided “AS IS” with no warranties, and confers no rights.