DEV Community

Vimal
Vimal

Posted on • Edited on

Protecting Custom Skillset API

#azuresearchservice #customskillset #azurefunctions #easyauth

Azure AI Search is a platform as a service that lets developers integrate search with applications seamlessly.

Before the data is indexed for searching, the need to enrich data(e.g data from unstructured documents like pdf) can be achieved by using in-built or custom skill sets. Custom Web API skill sets help extend the enrichment functionality by implementing the functionality using a Custom Web API endpoint.

Custom skill set API can be hosted on Azure functions. Azure functions would be a good fit for such scenarios, given the event driven nature of the function and pay per usage feature.

Azure functions can be protected by built in authentication (EasyAuth). This a type of azure resource to azure resource authentication scenario.

Additional configuration is required to allow Azure Search indexer to invoke the Custom Skillsets hosted on Azure functions.

Steps:

Enable managed identity for Azure Search

Configure azure function to use [Azure AD] login

(https://learn.microsoft.com/en-us/azure/app-service/configure-authentication-provider-aad)

Configure Azure Search as known client application of the Azure function

  • Navigate to Identity under Settings for Azure search, copy the Object ID:
    Image description

  • Navigate to Microsoft Entra ID >Manage > All Applications and search using the copied object ID

Image description

  • Copy the Application ID from the above step. Navigate to Azure functions and edit authentication. Add the copied Application ID to Allow requests from specific client applications list of the Azure function

Image description

This is an important step or you will receive a403 forbidden error.

Image description

Configure the custom Skillset

Update skillset configuration (json file) with Id of the azure functions from the previous step in the authresourceId attribute. Note: only the resourceId is required, don't add the scope.

"authresourceId":"<functionAzureAppId>"

{
    "skills": [
      {
        "@odata.type": "#Microsoft.Skills.Custom.WebApiSkill",
        "name": "myCustomSkill",
        "description": "This skill calls an Azure function, which in turn calls TA sentiment",
        "uri": "https://indexer-e2e-webskill.azurewebsites.net/api/DateExtractor?language=en",
"authresourceId":"<functionAzureAppId>"
        "context": "/document",
        "httpHeaders": {
            "DateExtractor-Api-Key": "foo"
        },
        "inputs": [
          {
            "name": "contractText",
            "source": "/document/content"
          }
        ],
        "outputs": [
          {
            "name": "contractDate",
            "targetName": "date"
          }
        ]
      }
  ]
}
Enter fullscreen mode Exit fullscreen mode

Role Assignment for Azure Search

As a final step, assign a contributor role to Azure Search (using managed identity) on Azure Functions

Heroku
 Promoted

Heroku

Deploy with ease. Manage efficiently. Scale faster.

Leave the infrastructure headaches to us, while you focus on pushing boundaries, realizing your vision, and making a lasting impression on your users.

Get Started

Top comments (0)

profile
AWS
 Promoted

AWS GenAI LIVE image

How is generative AI increasing efficiency?

Join AWS GenAI LIVE! to find out how gen AI is reshaping productivity, streamlining processes, and driving innovation.

Learn more

👋 Kindness is contagious

Explore a trove of insights in this engaging article, celebrated within our welcoming DEV Community. Developers from every background are invited to join and enhance our shared wisdom.

A genuine "thank you" can truly uplift someone’s day. Feel free to express your gratitude in the comments below!

On DEV, our collective exchange of knowledge lightens the road ahead and strengthens our community bonds. Found something valuable here? A small thank you to the author can make a big difference.

Okay