Azure SQL 服务器 - 无法验证来自管道的链接服务
[英]Azure SQL Server - can't authenticate linked service from pipeline
问题描述
So, I was provisioned an Azure SQL server into my subscription of Azure, and I am using Azure Data Factory. 
So, I was provisioned an Azure SQL server into my subscription of Azure, and I am using Azure Data Factory. Well, starting to use it嗯,开始使用
The problem I ran into is the following.我遇到的问题如下。 I am able to connect我可以连接 to Azure SQL Server database via
通过 Azure SQL 服务器数据库
- SQL Management Studio,
- via Visual Studio Code with SQL Tools extension,
- and with Azure data studio.
I was able to create tables and stored procedures.我能够创建表和存储过程。 All this I am doing by logging in using Authentication type我通过使用身份验证类型登录所做的所有这些
"Azure Active Directory - Universal With MFA"
.. and providing my "Active Directory Admin". ..并提供我的“Active Directory Admin”。 (The "Server Admin" does not work as I do not know what the password was when it was created and our sys admin said "it was blank"??) (“服务器管理员”不起作用,因为我不知道创建密码时的密码是什么,我们的系统管理员说“它是空白的”??)
However, when I try to set up a linked service on Azure Data Factory and connect to the same SQL Server - I do not see that option (Azure Active Directory - Universal With MFA) in the drop down for Authentication type.但是,当我尝试在 Azure 数据工厂上设置链接服务并连接到同一 SQL 服务器时 - 我在身份验证类型的下拉列表中看不到该选项(Azure Active Directory - 通用 MFA)。
Those available那些可用的
- SQL Authentication
- System Assigned Managed Identity
- Service Principal
- User Assigned Managed Identity
I tried them all, and I can't connect using either.我都试过了,我都无法连接。
My understanding is that there is more to be done on the server management side, but I do not understand what.我的理解是在服务器管理方面还有更多工作要做,但我不明白是什么。
1 个解决方案
解决方案1
1 2022-09-19 16:13:48
You can use service principal method to create a success linked service to your SQL database using Azure active directory authentication.您可以使用service principal方法使用 Azure 活动目录身份验证创建与 SQL 数据库的成功链接服务。 You need to follow the steps below:您需要按照以下步骤操作:
- First create an
app registrationin Azure active directory.首先在 Azure 活动目录中创建app registration。 Go to azure active directory and selectApp registrations.Go 到 azure 活动目录和 select App registrations。
Create a new app registration with certain name.
创建具有特定名称的新应用程序注册。 As you can see in the above image, I have created it with the name for_sql_db.正如您在上图中看到的,我使用名称for_sql_db创建了它。Since you already have set your SQL server with Azure Active directory admin, create a user using the name of the
app registrationcreated above.由于您已经将 SQL 服务器设置为 Azure 活动目录管理员,因此请使用上面创建的app registration名称创建一个用户。 Assign this user any required role.为该用户分配任何所需的角色。 I have used the following queries in my query editor of SQL database.我在 SQL 数据库的查询编辑器中使用了以下查询。
CREATE USER [for_sql_db] FROM EXTERNAL PROVIDER;
ALTER ROLE [db_owner] ADD MEMBER [for_sql_db];
Once the user is created in your SQL database, go to data factory to create linked service.
在 SQL 数据库中创建用户后,go 到数据工厂以创建链接服务。Select the SQL server and database you want to create linked service to.
Select SQL 服务器和要创建链接服务的数据库。 Choose the Authentication as Service Principal.选择 Authentication as Service Principal。Then you can see
Tenant, Service principal ID and Service principal key.然后您可以看到Tenant, Service principal ID and Service principal key。 Go to the app registration you have created.Go 到您创建的应用程序注册。 Here you can see Directory tenant ID and application client ID.在这里您可以看到目录租户 ID 和应用程序客户端 ID。 Give them as following:给他们如下:
linked service Tenant: Directory Tenant ID
Service principal ID: application client ID
- For Service principal key, you need to create a secret in your app registration (for_sql_db).对于服务主体密钥,您需要在应用注册 (for_sql_db) 中创建一个密钥。
After creating the client secret, copy its value and use it as
Service principal keyin data factory linked service.创建客户端密钥后,复制其值并将其用作数据工厂链接服务中的Service principal key。You can see that, I have followed the above procedure and successfully created linked service to my SQL database.
你可以看到,我已经按照上面的步骤成功地创建了到我的 SQL 数据库的链接服务。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.