It would be easier to answer to your question if you could provide more details about your use case. Nevertheless I'll try to answer it with my assumptions. ( in bold )
Using a Web Activity in Azure Data Factory to call an Azure Function.
Unfortunately, you can not use the System Assigned Managed Identity and Client Certificate authentication methods in the Web Activity simultaneously.
If you still want to use both methods simultaneously then
- you need to turn on the Managed Identity authentication in the Web Activity and
- pass the certificate in a custom header and validate it in the Azure Function's code.
Please note that passing the certificate in a custom header has nothing to do with the built-in Azure Function's Client certificate mode. You should leave the Client certificate mode on Ignore state under the Azure Function's General settings. In this case the Azure Function's frontend load balancer will forward the headers transparently to the client code.
Providing two independent methods to authenticate to Azure Function
If you are going to allow the Azure Function to provide the two methods for its clients independently then you should select the allow option under the Client certificate mode settings in the Azure Function.
In this case the clients will be prompted by the frontend load balancer for a certificate first. If no certificate is provided the load balancers forwards the request to the Easy-Auth middleware to authenticate the caller. Unauthenticated requests will be blocked by the middleware.
With this fallback method you can provide two authentication methods independently.
Please let me know if my assumptions are correct or if you need more details how to configure the components to accomplish the suggested solutions.
