Azure功能-SQL连接-Active Directory身份验证-错误 [英] Azure Function - SQL Connection - Active Directory Authentication - Error
问题描述
你好,
我用C#编写了一个HTTP触发器Azure函数,该函数从Azure SQL数据库(SQL Server)中获取一些数据.我使用AuthorizationLevel.Anonymous.
当我使用完整的连接字符串(带有用户名和密码)时,一切都很好,但是当我使用部分连接字符串以启用Active Directory身份验证时,它在conn.Open()中返回以下错误:
System.Data.SqlClient.SqlException:用户'NT AUTHORITY \ ANONYMOUS LOGON'登录失败
使用部分连接字符串,我的代码如下:
var tokenProvider = new AzureServiceTokenProvider();
字符串accessToken = tokenProvider.GetAccessTokenAsync("https://database.windows.net/").Result;
使用(SqlConnection conn =新的SqlConnection(connectionString/* partial */))
{
conn.AccessToken = accessToken;
conn.Open(); //错误(在上方)
//我的代码
}
当我使用AuthorizationLevel.Function时,所有内容都与AuthorizationLevel.Anonymous一样(只是Function URL不同).
我尝试使用AuthorizationLevel.User或AuthorizationLevel.System,但是在那种情况下,URL根本无法到达我的功能(空响应,而功能日志中没有任何内容).
在我的功能应用程序中,我配置了:
认证/授权> App Service身份验证开启
Azure Active Directory设置>管理模式:Express
身份>系统分配为ON
要使用Active Directory身份验证,是否需要做其他配置或代码更改?
谢谢
Yevgeny
Hello,
I wrote an HTTP Trigger Azure Function in C# that fetches some data from Azure SQL database (SQL Server). I use AuthorizationLevel.Anonymous.
Everything is fine when I use full Connection String (with username and password), but when I use partial Connection String in order to enable Active Directory Authentication it returns the following error in conn.Open():
System.Data.SqlClient.SqlException : Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'
With the partial connection string my code is as follows:
var tokenProvider = new AzureServiceTokenProvider();
string accessToken = tokenProvider.GetAccessTokenAsync("https://database.windows.net/").Result;
using (SqlConnection conn = new SqlConnection(connectionString/*partial*/))
{
conn.AccessToken = accessToken;
conn.Open(); // Error (above)
//my code
}
When I use AuthorizationLevel.Function everything works as with AuthorizationLevel.Anonymous (just the Function URL is different).
I tried to use AuthorizationLevel.User or AuthorizationLevel.System, but in those cases the URL doesn’t reach my function at all (empty response and nothing in the function log).
In my Function App I configured:
Authentication / Authorization > App Service Authentication ON
Azure Active Directory Settings > Management mode: Express
Identity > System assigned ON
Is there any additional configuration or code changes I have to do in order work with Active Directory Authentication?
Thanks,
Yevgeny
推荐答案
我认为您正在寻找 doc 了解有关设置的详细步骤.
I think you are looking for Managed Service Identity. Refer to this doc for detailed steps on how to set it up.
更新:错过了您已经设置了身份的信息.您是否已根据此配置其权限
UPDATE: Missed that you setup Identity already. Have you configured its permissions according to this doc?
这篇关于Azure功能-SQL连接-Active Directory身份验证-错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!