I am trying to disable local authentication for my Cosmos DB and use Managed Identity for my Web App and Function App which connects to it. I have granted both apps the Cosmos DB Built-in Contributor role and verified they are assigned via az cli. However, I am getting the error:
"The MAC signature found in the HTTP request is not the same as the computed signature. Server used following string to sign - . Learn more: https:\/\/aka.ms\/cosmosdb-tsg-mac-signature","Local Authorization is disabled. Use an AAD token to authorize all requests."
This is the updated Cosmos Client:
var cosmosClient = new CosmosClient(_endpointUrl, new DefaultAzureCredential(), options);
I have followed this guide to disable local auth https://learn.microsoft.com/en-us/azure/cosmos-db/how-to-setup-rbac#disable-local-auth
Is the Cosmos DB Built in Contributor Role enough?
Fixed - missed a Cosmos Client init which was still using key auth.