![](/img/trans.png)
[英]Configure SQL Server with Azure Active Directory Service Principal authentication for Keycloak
[英]Does npm mssql supports authentication type azure-active-directory-access-token to connect to azure sql server
我讀過 mssql 模塊在內部使用 Tedious 連接到 azure sql db。 因此,我正在嘗試使用 azure-active-directory-access-token 建立連接。 但是,我收到錯誤 ConnectionError: Login failed for user token-identified principal
示例代碼:-
const mssql = require('mssql');
const msrestAzure = require("ms-rest-azure");
const clientSecret = "XXXXXXXXXXXXXXXXXXXXXXXXXXX";
const serverName = "XXXXXXXXXXXXXXXXXXXXXXXXXXX";
const databaseName = "XXXXXXXXXXXXXXXXXXXXXXXXXXX";
const clientId = "XXXXXXXXXXXXXXXXXXXXXXXXXXX";
const tenantId = "XXXXXXXXXXXXXXXXXXXXXXXXXXX";
let token = 0;
msrestAzure.loginWithServicePrincipalSecret(clientId,
clientSecret,
tenantId,
{
tokenAudience: "https://database.windows.net/",
},
).then((databaseCredentials) => {
return new Promise((resolve, reject) => {
databaseCredentials.getToken((err, results) => {
if (err) return reject(err);
resolve(results.accessToken);
});
});
}).then((token) => {
// console.log(token);
var config = {
server: serverName,
authentication: {
type: "azure-active-directory-access-token",
options: {
token: token,
}
},
options: {
database: databaseName,
encrypt: true,
}
};
return new mssql.connect(config);
}).then(pool => {
console.log('Connected to MSSQL')
return pool;
}).catch((error) => {
console.log(error);
});
有一種方法可以使用它連接 Azure SQL 服務器,通過 azure-active-directory-access-token 在 NodeJS(NPM) 身份驗證中使用服務主體。
1.創建一個服務主體
az login
az ad sp create-for-rbac -n 'MyApp' --skip-assignment
2.配置SQL數據庫
A。 使用您的 Azure Sql AD 管理員連接 Azure SQL vai SSMS
b. 將服務主體添加到您需要使用的數據庫中
create user [<Azure_AD_principal_name>] from external provider
ALTER ROLE db_owner ADD MEMBER [<Azure_AD_principal_name>]
3.代碼
var msrestAzure = require("ms-rest-azure");
var { Connection, Request } = require("tedious");
let clientSecret = "xxx";
let serverName = "xxx.database.windows.net";
let databaseName = "xxx";
let clientId = "xxx";
let tenantId = "xxx";
async function getConnect() {
// way for Azure Service Principal
let databaseCredentials = await msrestAzure.loginWithServicePrincipalSecret(
clientId,
clientSecret,
tenantId,
{
tokenAudience: "https://database.windows.net/",
},
);
// getting access token
let databaseAccessToken = await new Promise((resolve, reject) => {
databaseCredentials.getToken((err, results) => {
if (err) return reject(err);
resolve(results.accessToken);
});
});
var config = {
server: serverName,
authentication: {
type: "azure-active-directory-access-token",
options: {
token: databaseAccessToken,
},
},
options: {
debug: {
packet: true,
data: true,
payload: true,
token: false,
log: true,
},
database: databaseName,
encrypt: true,
},
};
var connection = new Connection(config);
connection.connect();
connection.on("connect", function (err) {
if (err) {
console.log(err);
}
executeStatement(connection);
});
connection.on("debug", function (text) {
console.log(text);
});
}
function executeStatement(connection) {
request = new Request("select * from CSVTest", function (err, rowCount) {
if (err) {
console.log(err);
} else {
console.log(rowCount + " rows");
}
connection.close();
});
request.on("row", function (columns) {
columns.forEach(function (column) {
if (column.value === null) {
console.log("NULL");
} else {
console.log(column.value);
}
});
});
request.on("done", function (rowCount, more) {
console.log(rowCount + " rows returned");
});
connection.execSql(request);
}
getConnect()
.then(() => {
console.log("run successfully");
})
.catch((err) => {
console.log(err);
});
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.