0

I have a generic ASP.NET Core Web API that uses EF Core to connect to a SQL Server instance that uses Microsoft Entra MFA account.

The connectivity prompt for the SQL Server looks like this:

enter image description here

I have no problem connecting to this database locally using the following connection string and the code:

string connectionString = "Server=tcp:some-server.database.windows.net,1433;Authentication=Active Directory Interactive;Database=some-database;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;";
    
protected override void OnConfiguring(DbContextOptionsBuilder optionsBuilder)
      => optionsBuilder.UseSqlServer(connectionString, builder =>
        {
            builder.EnableRetryOnFailure(5, TimeSpan.FromSeconds(10), null);
        });

However, every time I connect locally, a browser opens with a prompt where I have to enter my password.

Obviously, that mode won't work once I deploy the app into an App Service or a container.

I know that I have to use a secret token and add Service Principal as SQL Server user somehow.

I have generated Service Principal Name, Secret, Application (Client) ID, Tenant ID, Subscription ID, Object ID, and the Directory ID.

How do I generate a proper connection string for this connection and what other steps I should take to properly deploy the app?

Thank you very much in advance

Improve this question
4
  • This question is similar to: Connecting to Azure DB with Active Directory-Universal with MFA Support Authentication in C#. If you believe it’s different, please edit the question, make it clear how it’s different and/or how the answers on that question are not helpful for your problem. Commented Nov 4 at 17:42
  • 1
    @DaleK not this and question in particular, and whatever I asked was deleted anyway as I asked this question in a wrong topic Commented Nov 4 at 17:53
  • 1
    It was posted as an opinion-based question, @DaleK , but (as the OP mentions) was deleted as they aren't seeking opinions. (Then the latter duplicate was deleted for the same reason.) Commented Nov 4 at 18:00
  • Since you have a service principal with a client_id and client_secret have you tried using Authentication=Active Directory Service Principal yet? Ref: Connect to Azure SQL with Microsoft Entra authentication and SqlClient Commented Nov 4 at 21:33

1 Answer 1

Reset to default
1

I found a solution, here is the connection string that I had to use and SQL commands I had to run in the SQL Server

string connectionString = "Server=tcp:<server name>.database.windows.net,1433;Initial Catalog=<database name>;Persist Security Info=False;User ID=<application_client_id>;Password=<application_client_secret>;MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Authentication=Active Directory Service Principal;";

CREATE USER [sql_user] FROM EXTERNAL PROVIDER;
ALTER ROLE db_datareader ADD MEMBER [sql_user];
ALTER ROLE db_datawriter ADD MEMBER [sql_user];
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.