Acquiring Azure AD Token for Azure SQL Server

Question

I'm trying to develop a web application that uses a certificate to authenticate with AD and then acquires a token to connect to a SQL Azure DB.

I've followed all the steps in https://azure.microsoft.com/en-us/documentation/articles/sql-database-aad-authentication/ and https://github.com/Azure-Samples/active-directory-dotnet-daemon-certificate-credential except I'm using the code sample from here - https://blogs.msdn.microsoft.com/sqlsecurity/2016/02/09/token-based-authentication-support-for-azure-sql-db-using-azure-ad-auth/

Everything goes well until I get to the line

result = await authContext.AcquireTokenAsync(sqlDBResourceId, certCred);

I'm not quite sure what to put in for sqlDBResourceId , I've tried

"https://<databasename>.database.windows.net/"
"https://<databasename>.windows.net/"
"<databasename>"

but I always get

{"AADSTS50001: The application named https://databasename.database.windows.net/ was not found in the tenant named tenantname.onmicrosoft.com. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.\\r\\nTrace ID: \\r\\nCorrelation ID: \\r\\nTimestamp: 2016-08-09 23:35:38Z"}

I was able to recieve a token when I used https://graph.windows.net/ as the sqlDBResourceId . So perhaps I haven't set up my tenant-directory-domain-db relationship correctly? Any advice on where to start would be greatly appreciated.

Answer 1

Jack Zeng是正确的-不要试图弄乱代码示例中的默认资源字符串，只需使用https://database.windows.net/即可 。

Answer 2

https://database.windows.net/作为sqlDBResourceId是正确的答案Thx Mirek