使用Windows身份验证将Azure应用服务连接到Azure SQL数据库 [英] Connect an Azure App Service to an Azure SQL Database with Windows Authentication

问题描述

我们有:

• Azure App Service (例如myappservice.azurewebsites.net)(用C#和.net core 2.2编写)
• 一个 Azure SQL Server (例如myserver.database.net)

• an Azure App Service (like myappservice.azurewebsites.net) (written in C# & .net core 2.2)
• An Azure SQL Server (like myserver.database.net)

当前，App Service通过 SQL Server身份验证(登录名和密码)连接到SQL数据库.

Currently the App Service connects to the SQL Database via SQL Server Authentication (login+password).

但是，如果可能的话，我们希望使用 Windows身份验证.即该服务应该能够在不发送用户名和密码的情况下登录.这样，我们就不需要在我们的服务中存储任何登录信息.有可能吗?

However, if possible, we would like to have Windows Authentication. i.e. the service should be able to login without sending username and password. That way we would not need to store any login information in our service. Is that possible?

推荐答案

使用该应用程序服务将具有一个带有指纹的身份，而sql将通过创建与该应用程序名称相同的用户来授予该身份访问权限.这将消除对用户名和密码的需求.唯一的缺点是，如果删除并重新创建了该应用程序，则由于它具有不同的指纹，因此需要删除并重新创建sql端的用户.只有在删除并重新创建应用程序服务后，更新或重新部署才需要

The app service will have an identity with a thumbprint and sql will give that identity access by creating the user of the same name as the app service. This would eliminate the need for a username and password. The only downside is if the app is deleted and recreated the user on the sql side would need to be dropped and recreated since it has a different thumbprint. This is only if the app service is deleted and recreated, not needed for updates or redeployments

这篇关于使用Windows身份验证将Azure应用服务连接到Azure SQL数据库的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！