I would like to achieve following:
Avoid SQL authentication on Azure for my production configuration and use Active Directory integrated authentication
When I go to the connection string section of Azure and copy following connection string:
Server=[my server name];Initial Catalog=[my db name];Persist Security Info=False;User ID=[my user name];MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Authentication="Active Directory Integrated";
and try using it I get following exception:
Exception message: Cannot use 'Authentication=Active Directory
Integrated' with 'User ID', 'UID', 'Password' or 'PWD' connection
string keywords., Exception stacktrace: at
System.Data.SqlClient.SqlConnectionString..ctor(String
connectionString) at
System.Data.SqlClient.SqlConnectionFactory.CreateConnectionOptions(String
connectionString, DbConnectionOptions previous) at
System.Data.ProviderBase.DbConnectionFactory.GetConnectionPoolGroup(DbConnectionPoolKey
key, DbConnectionPoolGroupOptions poolOptions, DbConnectionOptions&
userConnectionOptions) at
System.Data.SqlClient.SqlConnection.ConnectionString_Set(DbConnectionPoolKey
key)
As I have very limited db admin/infrastructure experience I am unaware why the 'User ID' breaks everything when it is explicitly listed in the connection string I get on Azure.
A few things to note:
SQL authentication works
I have Active Directory admin set
Your connection string should look like below on C#:
string ConnectionString =
#"Data Source=n9lxnyuzhv.database.windows.net; Authentication=Active Directory Integrated; Initial Catalog=testdb;";
SqlConnection conn = new SqlConnection(ConnectionString);
conn.Open();
Please read this documentation and this documentation for more information.
Just Try it by removing User ID part in connection string, when you are using
Authentication="Active Directory Integrated"
Server=[my server name];Initial Catalog=[my db name];Persist Security Info=False;MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Authentication="Active Directory Integrated";
Try changing the IP address in your Azure database. There is a tutorial on Lynda.com on this.
Related
I'm trying to connect in excel vba to a azure sql database using adodb and AD Integration but none of the connection strings I am using seem to work.
I am using ADODB.Connection in conjunction with the string below to connect to my sql server.
I've tried without using AD integrated security (that is, with a username and password) Public Const ConnectionString = "Provider=sqloledb;Data Source=company.database.windows.net; Initial Catalog=testdb; User Id=userinput; Password=pwinput;" and that works fine.
but trying with AD integration doesnt work (gives an error of invalid connection string attribute)
Public Const ConnectionString = "Provider=sqloledb;Data Source=company.database.windows.net; Initial Catalog=testdb;Authentication=ActiveDirectoryIntegrated;Encrypt=True"
I have tried with and without the end bit of Encrypt=True and still get the same error
I'm using SqlClient in my Azure function. Currently when I try to create a new instance passing the connection string, I receive the following message
Keyword not supported: 'authentication'
My connection string is
server=tcp:mydbserver.database.windows.net;database=mydb;UID=AnyString;Authentication=Active Directory Interactive
My azure function has 'Identity' setting enabled.
My other .NET apps running as AppService are working excellent connecting to the same DB, but they use EntityFramework
I have tried to remove Authentication=Active Directory Interactive and also add the following line to the connection
connection.AccessToken = new Microsoft.Azure.Services.AppAuthentication.AzureServiceTokenProvider().GetAccessTokenAsync("https://database.windows.net/").Result;
But I'm just getting different error messages like Login failed for user '' or Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'
Thanks!
Make sure you use Microsoft.Data.SqlClient not System.Data.SqlClient namespace
I got success with the following steps:
1. Provision an Azure Active Directory administrator for your Azure SQL Database server.
Note: Please ensure that you set a user as the AAD administrator for your Azure SQL Server.
2. Connect to your Azure SQL Database with the AAD account in step 1. You can use SSMS or just connect to your database from the portal.
3. Add service principal and assign a role
CREATE USER [Azure_AD_principal_name] FROM EXTERNAL PROVIDER;
EXEC sp_addrolemember 'db_datareader', 'Azure_AD_principal_name';
4. Code sample
string sqlResource = "https://database.windows.net/";
string tenantId = "e4c9ab4e-****-****-****-230ba2a757fb";
string serverName = "{server}.database.windows.net";
string databaseName = "{database}";
var token = new AzureServiceTokenProvider().GetAccessTokenAsync(sqlResource, tenantId).ConfigureAwait(false).GetAwaiter().GetResult();
string sqlConnectionString = String.Format("Data Source=tcp:{0},1433;Initial Catalog={1};Persist Security Info=False;Connect Timeout=30;Encrypt=True;TrustServerCertificate=False", serverName, databaseName);
using (SqlConnection connection = new SqlConnection(sqlConnectionString))
{
connection.AccessToken = token;
using (SqlCommand command = new SqlCommand("SELECT Distinct TABLE_NAME FROM information_schema.TABLES", connection))
{
connection.Open();
using (SqlDataReader reader = command.ExecuteReader())
{
while (reader.Read())
{
Console.WriteLine(reader[0]);
}
}
}
}
I believe the connection.AccessToken property is the only way of doing this in .NET Core as per this conversation.
As for the error you are seeing with this, is probably because a user for the managed identity has not been created in the database. Follow the steps in this section for that.
Here is the SQL Script for reference
CREATE USER [<identity-name>] FROM EXTERNAL PROVIDER;
ALTER ROLE db_datareader ADD MEMBER [<identity-name>];
ALTER ROLE db_datawriter ADD MEMBER [<identity-name>];
ALTER ROLE db_ddladmin ADD MEMBER [<identity-name>];
GO
where <identity-name> is the name of the managed identity configured in Azure AD.
Hi I posted this to the log4net user group but thought I'd post it here as well.
I'm working on a project that requires Azure MSI to connection from Azure PaaS to Azure SQL. Wondering if log4net’s ADOAppender supports this already connection mechanism already. From what I can tell it doesn't but thought I'd ask the community before extending log4net.
To support MSI apps can’t connect to a database with a connectionstring alone, they need to get an access token from Azure and then set the AccessToken property on the SqlConnection object. Like the code below is doing:
private static SqlConnection GetSqlConnection()
{
var sqlConnection = new SqlConnection(GetConnectionString());
if (sqlConnection.DataSource != "(localdb)\\MSSQLLocalDB")
sqlConnection.AccessToken = new AzureServiceTokenProvider()
.GetAccessTokenAsync("https://database.windows.net/").Result;
return sqlConnection;
}
This code is using two Microsoft nuget packages to get the access token.
Thanks!
I'm have an Azure Web App where I've set the connection string to point to an Azure SQL DB. I'd prefer to use an Azure Active Directory username/password for authentication so I used the following connection string:
Server=tcp:mydb.database.windows.net,1433;Initial Catalog=mytable;Persist Security Info=False;User ID={your_username};Password={your_password};MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Authentication="Active Directory Password";
This causes my app to fail with the error:
Keyword not supported: 'authentication'
If I use the SQL Authentication (i.e. remove the Authentication="Active Directory Password" and change User ID and Password to an appropriate SQL username and password), everything works as expected.
Is it possible to use Active Directory Password with an Azure Web App connection string in order to use an AAD username/password to connect to an Azure SQL Db?
Please change the connection string as shown below:
string ConnectionString =
#"Data Source=n9lxnyuzhv.database.windows.net; Authentication=Active Directory Password; Initial Catalog=testdb; UID=bob#contoso.onmicrosoft.com; PWD=MyPassWord!";
SqlConnection conn = new SqlConnection(ConnectionString);
conn.Open();
Another option:
string ConnectionString =
#"Data Source=n9lxnyuzhv.database.windows.net; Authentication=Active Directory Integrated; Initial Catalog=testdb;";
SqlConnection conn = new SqlConnection(ConnectionString);
conn.Open();
Please note the text following the Authentication keyword.
How can I build connection string for connecting to Azure SQL Database using Azure AD account?
Currently, I am using the following but it does not seem to be correct. It does not use Authentication Type: Active Directory Password.
Part of PowerShell script I am using:
server=$Server.database.windows.net;initial catalog=$Databasename;Authentication=Active Directory Password;Integrated Security=False;uid=$Username;password=$Password
I really appreciate your help.
I managed to resolve the issue; It was actually the order of properties.
The following connection string worked
Data Source=$Server.database.windows.net;initial catalog=Master;User ID=$Username;password=$Password;authentication=Active Directory Password
However, this does not work
Data Source=$Server.database.windows.net;initial catalog=Master;authentication=Active Directory Password;User ID=$Username;password=$Password
The only difference is the order of "Authentication" tag.
I never thought order of properties matter in ConnectionString.
In the example, they use this format:
Data Source=n9lxnyuzhv.database.windows.net;
Authentication=Active Directory Password;
Initial Catalog=testdb;
UID=bob#contoso.onmicrosoft.com;
PWD=MyPassWord!";
So try to use PWD instead of Password.