尝试对Azure SQL进行身份验证失败,仅使用纯云(非联合)Azure Active Directory [英] Attempts to authenticate against Azure SQL are failing with cloud-only (non-federated) Azure Active Directory
问题描述
大家好,
我们有一个仅限云的环境,包含以下内容:
We have a cloud-only environment that consists of the following:
- VM加入运行IIS应用程序的Azure AD(使用域服务)
- VM joined to Azure AD (using Domain Services) running IIS application
- 在我为应用程序配置的特定用户身份下在VM上运行的ASP.NET应用程序池。此身份是我的Azure AD的一部分,它是一个云原生身份(不与内部部署AD或类似的东西联合)。
- ASP.NET application running on the VM under a specific user identity that I configured for the app pool. This identity is part of my Azure AD and it is a cloud native identity (not federated with an on premise AD or anything like that).
- Azure SQL数据库
- Azure SQL database
由于合规性原因,我们的应用程序不得在web.config中以纯文本形式提供任何密码。 我们尝试获得集成身份验证是行不通的,因为将web.config更改为具有如下连接字符串:
Due to compliancy reasons, our application MUST NOT have any passwords in plain-text within the web.config. Our attempts to get integrated authentication are not working, as changing the web.config to have a connection string like this:
connectionString =" Server = XXXXXX,1433; Initial Catalog = XXXXX; Persist Security Info = False; MultipleActiveResultSets = False; Encrypt = True; TrustServerCertificate = False; Authentication ='Active
Directory Integrated';"
尝试连接到该网站会产生此错误:
Attempts to connect to the website generate this error:
我已经按照官方MS文档在sql上设置集成身份验证 包括创建包含的数据库用户,并将用户添加为sql admin。
I've followed the official MS document on setting up integrated auth on sql Including creating the contained database user, and adding the user as a sql admin.
我们希望不要更改应用程序端的任何代码,因为理想的解决方案只是允许我们从web.config中删除纯文本密码,并用集成身份验证替换它。
We are looking to NOT change any code on the application side, as the ideal solution would just allow us to remove the plain-text passwords from the web.config and substitute that with integrated authentication.
请告诉我可能缺少的内容。
Please let me know what I may be missing.
谢谢!
推荐答案
美好的一天Alex,
Good day Alex,
检查此c onnection string:
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-aad-authentication-configure#active-directory-integrated-authentication-1
Check this connection string:
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-aad-authentication-configure#active-directory-integrated-authentication-1
string ConnectionString =
@"Data Source=n9lxnyuzhv.database.windows.net; Authentication=Active Directory Integrated; Initial Catalog=testdb;";
注意:不需要使用 引号来表示身份验证名称。
Note: there is not need in using quotation marks for the Authentication name.
这篇关于尝试对Azure SQL进行身份验证失败,仅使用纯云(非联合)Azure Active Directory的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!