尝试对Azure SQL进行身份验证失败，仅使用纯云（非联合）Azure Active Directory [英] Attempts to authenticate against Azure SQL are failing with cloud-only (non-federated) Azure Active Directory

问题描述

大家好，

我们有一个仅限云的环境，包含以下内容：

We have a cloud-only environment that consists of the following:

- VM加入运行IIS应用程序的Azure AD（使用域服务）

- VM joined to Azure AD (using Domain Services) running IIS application

- 在我为应用程序配置的特定用户身份下在VM上运行的ASP.NET应用程序池。此身份是我的Azure AD的一部分，它是一个云原生身份（不与内部部署AD或类似的东西联合）。

- ASP.NET application running on the VM under a specific user identity that I configured for the app pool. This identity is part of my Azure AD and it is a cloud native identity (not federated with an on premise AD or anything like that).

- Azure SQL数据库

- Azure SQL database

由于合规性原因，我们的应用程序不得在web.config中以纯文本形式提供任何密码。 我们尝试获得集成身份验证是行不通的，因为将web.config更改为具有如下连接字符串：

Due to compliancy reasons, our application MUST NOT have any passwords in plain-text within the web.config.  Our attempts to get integrated authentication are not working, as changing the web.config to have a connection string like this:

connectionString =" Server = XXXXXX，1433; Initial Catalog = XXXXX; Persist Security Info = False; MultipleActiveResultSets = False; Encrypt = True; TrustServerCertificate = False; Authentication ='Active
Directory Integrated';"

尝试连接到该网站会产生此错误：

Attempts to connect to the website generate this error:

我已经按照官方MS文档在sql上设置集成身份验证  包括创建包含的数据库用户，并将用户添加为sql admin。  

I've followed the official MS document on setting up integrated auth on sql Including creating the contained database user, and adding the user as a sql admin.  

我们希望不要更改应用程序端的任何代码，因为理想的解决方案只是允许我们从web.config中删除纯文本密码，并用集成身份验证替换它。 

We are looking to NOT change any code on the application side, as the ideal solution would just allow us to remove the plain-text passwords from the web.config and substitute that with integrated authentication. 

请告诉我可能缺少的内容。

Please let me know what I may be missing.

谢谢！

推荐答案

美好的一天Alex，

Good day Alex,

检查此c onnection string：

https://docs.microsoft.com/en-us/azure/sql-database/sql-database-aad-authentication-configure#active-directory-integrated-authentication-1

Check this connection string:
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-aad-authentication-configure#active-directory-integrated-authentication-1

string ConnectionString =
@"Data Source=n9lxnyuzhv.database.windows.net; Authentication=Active Directory Integrated; Initial Catalog=testdb;";

注意：不需要使用 引号来表示身份验证名称。

Note: there is not need in using quotation marks for the Authentication name.

这篇关于尝试对Azure SQL进行身份验证失败，仅使用纯云（非联合）Azure Active Directory的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！