Azure功能-SQL连接-Active Directory身份验证-错误 [英] Azure Function - SQL Connection - Active Directory Authentication - Error

问题描述

你好，

我用C#编写了一个HTTP触发器Azure函数，该函数从Azure SQL数据库(SQL Server)中获取一些数据.我使用AuthorizationLevel.Anonymous.
当我使用完整的连接字符串(带有用户名和密码)时，一切都很好，但是当我使用部分连接字符串以启用Active Directory身份验证时，它在conn.Open()中返回以下错误:

System.Data.SqlClient.SqlException:用户'NT AUTHORITY \ ANONYMOUS LOGON'登录失败

使用部分连接字符串，我的代码如下:

var tokenProvider = new AzureServiceTokenProvider();
字符串accessToken = tokenProvider.GetAccessTokenAsync("https://database.windows.net/").Result;

使用(SqlConnection conn =新的SqlConnection(connectionString/* partial */))
{
  conn.AccessToken = accessToken;
  conn.Open(); //错误(在上方)
  //我的代码
}

当我使用AuthorizationLevel.Function时，所有内容都与AuthorizationLevel.Anonymous一样(只是Function URL不同).
我尝试使用AuthorizationLevel.User或AuthorizationLevel.System，但是在那种情况下，URL根本无法到达我的功能(空响应，而功能日志中没有任何内容).

在我的功能应用程序中，我配置了:
认证/授权> App Service身份验证开启
Azure Active Directory设置>管理模式:Express
身份>系统分配为ON

要使用Active Directory身份验证，是否需要做其他配置或代码更改?

谢谢
Yevgeny

Hello,

I wrote an HTTP Trigger Azure Function in C# that fetches some data from Azure SQL database (SQL Server). I use AuthorizationLevel.Anonymous.
Everything is fine when I use full Connection String (with username and password), but when I use partial Connection String in order to enable Active Directory Authentication it returns the following error in conn.Open():

System.Data.SqlClient.SqlException : Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'

With the partial connection string my code is as follows:

var tokenProvider = new AzureServiceTokenProvider();
string accessToken = tokenProvider.GetAccessTokenAsync("https://database.windows.net/").Result;

using (SqlConnection conn = new SqlConnection(connectionString/*partial*/))
{
  conn.AccessToken = accessToken;
  conn.Open(); // Error (above)
  //my code
}

When I use AuthorizationLevel.Function everything works as with AuthorizationLevel.Anonymous (just the Function URL is different).
I tried to use AuthorizationLevel.User or AuthorizationLevel.System, but in those cases the URL doesn’t reach my function at all (empty response and nothing in the function log).

In my Function App I configured:
Authentication / Authorization > App Service Authentication ON
Azure Active Directory Settings > Management mode: Express
Identity > System assigned ON

Is there any additional configuration or code changes I have to do in order work with Active Directory Authentication?

Thanks,
Yevgeny

推荐答案

我认为您正在寻找 doc 了解有关设置的详细步骤.

I think you are looking for Managed Service Identity. Refer to this doc for detailed steps on how to set it up.

更新:错过了您已经设置了身份的信息.您是否已根据此配置其权限

UPDATE: Missed that you setup Identity already. Have you configured its permissions according to this doc?

这篇关于Azure功能-SQL连接-Active Directory身份验证-错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！