2

A have an Azure Website running which connects to an Azure SQL through Entity Framework 6. Everything runs and I'm using standard username/password (sql login) to connect.

Now, I would like to switch over to using AAD for authenticating to sql. I already have an AD Application set up for the website.

My question is:

  1. How do I connect with my cert or clientid/clientSecret?
  2. How do I ensure that the SqlAzureExecutionStrategy is still in function

Any guidance is much appreciated Thanks!

Casper Jensen
  • 551
  • 1
  • 5
  • 15

2 Answers2

2

There are three ways connecting to SQL database by using Azure Active Directory authentication.

  1. Connecting using integrated (Windows) authentication
  2. Connecting with an Azure AD principal name and a password
  3. Connecting with an Azure AD token

More detail about the Azure AD authentication for the Azure SQL database, you can refer here.

And if you were trying the config the connecting with access token the code sample provided by this blog is helpful. Also it is helpful to familiar with to authenticate with Azure AD with the client credential flow using the certificate from this link.

And based on my understanding, the connection string you used doesn't effect the Connection Resiliency feature which provided by the Entity Framework.

Fei Xue
  • 14,369
  • 1
  • 19
  • 27
  • OK, so as my "Azure Web App" by definition is not a domain joined box then we can rule out option 1. Option 2 is more or less what I'm trying to avoid: having usr/pwd in my config. That leaves us with option 3. I can use ADAL as you mention in the link above to get a token. Then I can pass that to the SqlConnection. Fine. Then what happens when the token expires? How do I regenerate a new one in EF6? Is there an event that I can listen for or? – Casper Jensen Jan 09 '17 at 10:42
  • When the token is expired, the SQL operation should be occur the exception. We need to add the exception handling to new the new database context with the new access token. And based on my understanding, the token is not suitable to work for this scenario. The username/password is recommend. – Fei Xue Jan 09 '17 at 11:21
  • BTW I ended up using solution 3 (Tokens) and then handling the renewal myself. I could have wished that this was an integrated part of the provider in some way... Thanks anyway – Casper Jensen Mar 20 '17 at 07:58
0

This is what can be done in this scenario. Generally, when you first acquire a token you will get an information when the token expires. With this you should keep the time-tracking and repeat your connection code acquiring a token before the token expires.

MirekS SQL PM
  • 114
  • 1