Unclear which service principal to choose when using managed identity and/or deployment slot

[filipgoris]

Type of issue

Missing information

Description

If your NET app has deployment slots or a system-assigned managed identity, it appears twice in the list of Enterprise Applications to add to a security group when following the steps on this page.

I'm not sure if it is the the deployment slot or the managed identity that causes the second entry, but it is not at all obvious which one to choose. Both entries appear as 'Enterprise Application' with exactly the same name. The GUID in Details is not the Object ID.

If you want to directly assign the app a role on the resource instead of through a security group, it also appears twice in the list of service principals to add a role assignment.

Here it is even more difficult to find the right entry to add.

It takes a lot of trial-and-error, and searching through concealed Object- and Application IDs to find the correct service principal to assign access to. Maybe it would be worthwhile to explain where the second entry comes from, or how to choose the correct one in order to avoid confusion.

Page URL

https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication/local-development-service-principal?tabs=azure-portal%2Cvisual-studio%2Ccommand-line

Content source URL

https://github.com/dotnet/docs/blob/main/docs/azure/sdk/authentication/local-development-service-principal.md

Document Version Independent Id

5f9196ed-1c42-99b8-5b04-05a9840f637e

Article author

@alexwolfmsft

Metadata

• ID: 20964cc4-7216-3e08-d007-4df16080e4eb
• Service: dotnet-azure