-
Notifications
You must be signed in to change notification settings - Fork 4.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG] : SQL connection pool issue when using the MSI token for SQL generated with Azure.Identity #28572
Comments
//cc: @christothes |
Thank you for your feedback. Tagging and routing to the team member best able to assist. |
If you want to use |
@ShivangiReja, |
@RanjanMishra92 Looking at release notes Active Directory Default authentication support is added in Microsoft.Data.SqlClient 3.0 |
Adding context, EntityFrameworkCore.SqlServer v3.1.7 depends on Microsoft.Data.SqlClient v1.1.3. |
To explain a little bit how connection pooling works in SqlClient with regard to access tokens, each different access token will have a different pool in SqlClient. So if you are stress testing and generating a new access token for 30,000 connections, you will get 30,000 connections against the database and 30,000 different connection pools. From your repro steps, I can't tell if you are performing steps 1 and 2 for each connection, or if you are using the same access token (just step 2) for all connections. Based on the results, it sounds like you are doing the former. The latter would result in a connection pool with only the number of physical database connections up to MaxPoolSize. Either way, upgrading to a newer version of Microsoft.Data.SqlClient that supports Authentication = "Active Directory Managed Identity" or "Active Directory Default" will work much better as SqlClient will handle token acquisition and renewal for you (you won't need step 1 at all). You will just need the Authentication option in your connection string. |
Hi @RanjanMishra92. Thank you for opening this issue and giving us the opportunity to assist. We believe that this has been addressed. If you feel that further discussion is needed, please add a comment with the text “ |
Hi @RanjanMishra92, since you haven’t asked that we “ |
Library name and version
Azure.Identity 1.5.0
Describe the bug
We migrated our solution from ADAL to MSAL , and in our code we were using Microsoft.Azure.Services.AppAuthentication which was used to get the MSI token and that token was used by SQL (entity framework core) to authenticate. As this Microsoft.Azure.Services.AppAuthentication package has a dependency on ADAL we have replaced it with Azure.Identity 1.5.0.
So when we use the MSI token generated for SQL with Azure.Identity , SQL connection pooling seems to be broken , as we started getting below error related to the SQL connection pool.
Error :
Resource ID : 2. The session limit for the elastic pool is 30000 and has been reached. See 'http://go.microsoft.com/fwlink/?LinkId=267637' for assistance.
Changed database context to ''.
Changed language setting to us_english.
when we keep all settings same and switch back to old code which was using MSI tokens generated from : Microsoft.Azure.Services.AppAuthentication we do not see this error on same load test execution.
Expected behavior
The expected behavior is that it should not break the SQL connection pooling with MSI token generated with Azure.Identity.
Actual behavior
We are getting SQL connection pooling error with MSI token generated with Azure.Identity,
Error :
Resource ID : 2. The session limit for the elastic pool is 30000 and has been reached. See 'http://go.microsoft.com/fwlink/?LinkId=267637' for assistance.
Changed database context to ''.
Changed language setting to us_english.
Reproduction Steps
Generate the MSI token for SQL resource
var tokenCredential = new Azure.Identity.DefaultAzureCredential();
var managedIdentityTokenForSql = tokenCredential.GetToken(
new Azure.Core.TokenRequestContext(
new[] { "https://database.windows.net/.default" }, tenantId: "your_tenantId")).Token;
Now use this token and pass to the entity framework core :
var connection = Database.GetDbConnection() as SqlConnection;
if (connection != null)
{
connection.AccessToken = managedIdentityTokenForSql;
}
perform load test on this where more number of transactions are executed against SQL DB.
Environment
The text was updated successfully, but these errors were encountered: