I need to query Azure SQL Server using Azure Active Directory, I have tried mssql, tediuos, odbc npm's
I'm always getting the same error:
Cannot open the server {server} requested by the login.
Login failed
How to fix this?
Actually, mssql uses tedious as TDS driver, and Azure Active Directory Authentication is currently not supported by tedious. The issue has been reported here.
So, you need to switch to C# to connect Azure SQL Database with Azure AD identity.
Related
I've got an Azure App Service that needs access to a classic SQL Server (non-Azure SQL, not SQL Managed Instance) and I'd prefer to do this via System Managed Identity. This is enabled on the App Service and a corresponding Enterprise Application is created on Azure AD.
The SQL Server is also connected to this Azure AD and User accounts on the AD already have access to the database. However I can't find how to create a login for the Enterprise Application. If this was an Azure SQL database I could do it with CREATE LOGIN [AZUREAD\app] FROM EXTERNAL PROVIDER but this does not work on a classic SQL Server, only on Azure SQL/MI.
A solution would be to use SQL accounts and reference the login/password in the connection strings, but as mentioned I'd much rather use Azure AD for authentication.
To answer my own question: SQL Server 2022 includes Azure AD authentication Link
Using integrated security or an access token it will be possible to authenticate with an App Registration.
This is currently in preview with no RTM date specified.
Two questions I am not in a position to confirm via deploying to an Azure resource group (due to my account limitations). So far, I have not found resources that answers my questions.
1. AD Users and Groups
Can Active Directory (AD) Users and AD Groups SQL Server Logins or Database users be migrated from On premise SQL databases to Azure SQL?
The environment I will be working on has the on premise AD synced to Azure Active Directory (AAD).
So far, I have only seen that SQL Logins can be migrated.
2. Authentication
I know that SQL Login and Windows Authentication login are options to connect to the Source database. Are both of these option also available in the destination Azure SQL database?
So far I have only seen SQL Login as an option for connection to the destination database (see below screenshot). This might be because there are no AAD accounts associated with the blank Azure SQL target database I am trying to connect to. The Server Admin is set for the target database.
No, unfortunately you can't migrate the Active Directory (AD) Users and AD Groups to Azure SQL Database. Yes, you move SQL logins from the SQL Server source to Azure SQL Database by using Database Migration Service in offline mode.
You can also migrate Windows users and groups using T-SQL DDL syntax with the help of this tutorial.
You can use Azure AD authentication to connect with Azure SQL Database. It is an alternative to SQL Logins Authentication. Please refer Azure Active Directory authentication for more details.
You can simply use SQL Server Management Studio (SSMS) to connect with Azure SQL Database using Azure AD credentials. Install the SSMS on your local windows machine and login with AAD credentials as shown in image below.
I am not able to connect to Azure sql server from my machine, I have added my public IP and azure sql server is configured for remote access but I am getting error
Cannot connect to your Azure SQL DB logical server/Azure SQL MI server, exception: Cannot open server "SERVER NAME" requested
by the login. The login failed.
Note: I am able to connect to Azure SQL database from Azure portal.
If that's the case, you should try to download Azure Data Studio and log in with your Microsoft account that you used for Azure.
May I ask you to add in a screenshot of your login detail (you can just fake the login but the syntax must be the same) so that the community is able to understand the situation better :D
I am trying to connect to Azure database via DataGrip using Active Directory connection (Note: not Active directory - password)
I followed accepted answer from this
I set integratedSecurity=false and authentication=ActiveDirectoryIntegrated.
When trying to connect to Test Connection I get error message
Connection to Azure SQL Database failed. Cannot set "Authetication" with "IntegratedSecurity" set to "true".
Is it some kind of bug that can be repaired, if so how could I solve this issue?
Edit:
More information:
On Azure Portal I can see that this is SQL database.
Server name ends with database.windows.net.
When I try to connect via Connection String (in Data Grip Add data from URL) generated by Azure I am not able to connect also.
The DataGrip support us using Azure Active Directory Authentication. Please see: Microsoft Azure .
You can get the connect string (URL) with Active Directory integrated authentication from Portal:
Replace the URL with the Connect string(Active Directory integrated authentication):
Hope this helps.
There is a lot of confusion around terminology here.
In short, the connection string attribute Integrated Security=true indicates you want to use "windows authentication". This type of authentication might be supported by any Azure SQL (anything whose hostname ends in database.windows.net). Azure SQL only supports Azure Active Directory authentication, butit might be possible to implement single sign on between a windows domain account and Azure Active Directory.
I've setup an SSAS server and I've connected it with my active directory server.
But when I try to login on the ssas server (sql server management studio) using an active directory account I get the following error:
Cannot connect to SQLASServer.
The integrated security 'ClaimsToken' is not supported for native connections. (Microsoft.AnalysisServices.AppLocal.AdomdClient)
This error shows up before it actually tries to connect or anything so if I try to login using a bogus username and no password I still get the same error.
When I login to the server with an active directory account and then login on sql server management studio using Windows Authentication it does work without any errors.
Does anybody know how I can solve this issue?
Make sure you choose Windows Authentication from the Authentication dropdown. The options that say “Active Directory” are poorly worded as they mean Azure Active Directory and are not appropriate for on premises SSAS.
If that does not solve it provide a screenshot of your connection dialog in SSMS.
my mistake was that I had chosen Azure Analysis Services from before from the first drop down menu so I was getting this error. Once I changed it to SQL database, the option to connect with Azure Active Directory was available as well as to connect through SQL database credentials. In order to use the Azure Active Directory you need to create an active directory account and set that account as admin on Azure Portal first.