无法使用AppService中的Active Directory集成身份验证连接到Azure SQL Server [英] Can not connect to Azure SQL Server using Active directory integrated authentication in AppService

问题描述

我们已将Web应用程序部署在Azure App Service上.我们的数据库也位于配置为使用AAD身份验证的Azure上(我们已分配AAD管理员).

We have web application deploy on Azure App Service. Our database is also on Azure which is configured to use AAD authentication (We have assigned AAD Admin).

我们正在使用Web应用程序中的以下连接字符串通过以下连接字符串连接到该服务器和数据库.

We are using below connection string in web app to connect to this server and database using below connections string.

数据源= xxxxxxx.database.windows.net;初始 目录= xxxxxxx;持久安全信息= False;身份验证=活动 目录集成

Data Source=xxxxxxx.database.windows.net;Initial Catalog=xxxxxxx;Persist Security Info=False;Authentication=Active Directory Integrated

请注意:使用本地系统时，此连接字符串可以正常工作.但是，当我们在Azure App Service中使用此conn字符串时，出现以下错误:

Please note: This connection string is working fine when using thru local system. But getting below error when we use this conn string in Azure App Service:

无法通过身份验证用户NT Authority \ Active中的匿名登录 目录(Authentication = ActiveDirectoryIntegrated).错误代码 0x4BC;状态10指定的域名格式无效

Failed to authenticate the user NT Authority\Anonymous Logon in Active Directory (Authentication=ActiveDirectoryIntegrated). Error code 0x4BC; state 10 The format of the specified domain name is invalid

推荐答案

根据您的描述，我发现您使用了 Active Directory集成身份验证.

According to your description, I found you used the Active Directory integrated authentication.

要使用集成的Windows身份验证，您域的Active Directory必须与Azure Active Directory联合.您连接到数据库的客户端应用程序(或服务)必须在用户的域凭据下在加入域的计算机上运行

To use integrated Windows authentication, your domain’s Active Directory must be federated with Azure Active Directory. Your client application (or a service) connecting to the database must be running on a domain-joined machine under a user’s domain credentials

如果您将Web应用发布到Azure，则Azure的Web应用服务器将不在您域的Active Directory中.因此，SQL Server将不会通过身份验证.

If you published the web app to Azure, Azure's web app server will not be in your domain’s Active Directory. So the SQL server will not pass the auth.

我建议您尝试使用 Active Directory密码身份验证，而不是使用Active Directory集成身份验证.

I suggest you could try to use Active Directory password authentication instead of the Active Directory integrated authentication.

使用天蓝色的AD用户名和密码，如下所示替换连接字符串.会很好用的.

Replace the connection string as below use azure AD user name and password. It will work well.

Server=tcp:brandotest.database.windows.net,1433;Initial Catalog=bradnotestsql;Persist Security Info=False;User ID={your_username};Password={your_password};MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Authentication="Active Directory Password";

这篇关于无法使用AppService中的Active Directory集成身份验证连接到Azure SQL Server的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！