stackoom
  简体   繁体   中英

How do I use Azure AD to connect to Azure SQL in my web app?

 原文  2018-12-11 23:56:32       azure/ azure-active-directory/ azure-sql-database

Question

I want to write a tool that uses a users's own Azure AD credentials to run queries against an Azure SQL database. Is that possible? I can setup my own app for authentication, but importantly I want the users to be able to enter free-form queries and use their own credentials when executing the SQL, not the permissions associated with my application.

2 answers

solution1
 0  2018-12-12 01:35:21

AS far as I known, C# provides ActiveDirectoryInteractive mode that can be used to connect to Azure SQL Database. For more details, please refer to the document .

solution2
 0  2018-12-12 04:10:33

Yes it's possible to implement the scenario you have described. Apart from the obvious Azure SQL Server and Web Application/API setup, there are two main things to highlight for Authentication.

Authentication Highlights

  • From Azure Active Directory standpoint, your application registration can make use of "Delegated Permissions" for Azure SQL, so that application can access database on behalf of signed-in user (instead of using SQL user from connection string or application's permissions).
  • Once you have authenticated the user to your web application using Azure AD and have the authentication token available in your web application/API, now make use of the OAuth 2.0 On-Behalf-Of flow described here on Microsoft Docs , to make sure you Web Application/API accesses the database.

I am giving more detailed steps and links to a blog from MS playground that does something very similar below.

Detailed Steps

  1. Enable Azure Active Directory Authentication for Azure SQL Server
  2. Add Azure Active Directory Users with appropriate role/permissions
  3. Register your web application/API to Azure Active Directory ( Registering application with Azure AD )

  4. For "Required Permissions" of your Application, Add and select

    a. Azure Portal > Azure AD > App Registrations > Your App Registration

    在此处输入图片说明

    b. Select "Azure SQL Database"

    在此处输入图片说明

    c. Select "Delegated Permissions" > "Azure SQL DB and Data Warehouse"

    在此处输入图片说明

  5. User authenticates to your Web Application/API using Azure AD. This can be directly to your web application (that calls Azure SQL Database), or through a client application that calls into your Web API (if have separate front end and API.. then API application makes calls to Azure SQL Database).

  6. Now that your web application/API has Azure AD Access token available to it, make use of On-behalf-of flow to call the Azure SQL Database, on behalf of the signed in user. This will utilize the delegated permissions from Azure AD that we setup earlier. Sample code for On-behalf-Of flow

Blog Post with more details

This is a blog post from MSFT playground, which does something similar. There are 3 parts to it. I am sharing the 2nd one which is most important. You can follow the other 2 as well as you see fit.

Part 2 – Azure API Application to query the Azure SQL Database

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How do I connect Azure SQL to my HTML5 web app How do I connect my Azure frontend static web app to my Azure backend app service via endpoints? How do I write a log file from my SQL Azure App Service Web App? How to connect Azure Web App to Azure SQL Database? How to Connect Azure Web App to Azure SQL Database Azure app service Web API connect to a SQL Server database, with Azure AD account/windows authentication Do i have to host my web site on Azure Hosting or use App Services to Use Azure Media Services? How can I connect my azure function with my azure sql How do I connect to an AD domain controller in Azure? How do I build my first Azure Static Web app?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM