SqlConnection should support Azure AD token-based authentication #19366
Comments
|
Related to dotnet/SqlClient#10 |
|
It's a bit strange that Azure is such a huge and important part of Microsoft, but .NET Standard and .NET Core aren't given the necessary resources to support it. I don't mean to blame anyone here, it's just that I'd love to use .NET Core but still cannot do so more than 3 years after it was announced. |
|
The PR referred to by @keeratsingh is dotnet/corefx#30342 |
|
@nathandavidson @stijnherreman Closing this is issue since it is addressed by pr #30342. |
|
@afsanehr: great! So this will be released in .NET Core 2.2? |
|
Security should be number 1. This should have been released already. |
|
The PR was merged into master, which will ship in 3.0. |
|
I think everyone waiting for this would like to see it in 2.2. |
|
How this implementation will impact the pool connection key ? If there is two differents AccessToken with the same connection string, does it mean that they can share the same connection pool or not ? |
|
A new connection pool is created for every access token. |
|
+1 for getting this into .NET Core 2.2. By the time 2.2 comes out this issue will be 2 years old. |
|
@afsanehr @David-Engel @keeratsingh any decision on whether this update will be ported to 2.2? |
|
@wienleung @Liero @paulirwin @stijnherreman We are currently in the process of porting this fix over to .NET Core 2.2, will updated here once the process is complete. |
|
Reopening the issue to track port to 2.2 (PR dotnet/corefx#31039). |
|
The AccessToken property is now added to .NET Core 2.2. 🎉 EDIT: While the PR was merged into the branch prior to 2.2 Preview1 release, it missed packaging changes and the package didn't ship at all, so it will be part of 2.2 Preview2 release (released on 2018/9/12). |
|
Thanks @afsanehr for addressing this popular issue. For those who will ask: we have not AFAIK announced a date for 2.2 yet. It will definitely be before 3.0 😀 Meantime, if anyone has a chance to try this out of the repo (either master or release/2.2) it would be great if you could indicate here to confirm you were successful. |
|
2.2. is currently planned for Q4 2018: https://github.com/dotnet/core/blob/master/roadmap.md#upcoming-ship-dates |
|
Can you give us an update on when we should be able to test this feature/start using it in development. Would that be 2.2.100-preview2? |
|
Why can't this be distributed as a nuget package as opposed to with the full core sdk? |
|
@jnevins-gcm shipping standalone packages leads to test matrix explosion + things don't work properly together when they should, etc. It caused lots of troubles for both the customers and the team and with .NET Core we started shipping platform as single NuGet package. |
|
Can we consume 2.2 as a nuget package instead of having to use the windows installer for the core sdk? |
|
@jnevins-gcm I think you will need the SDK, but I let area owners to have final word on the topic. |
|
Ok, is this the right forum to get that answer? Who should I be asking? |
|
@jnevins-gcm @karelz is correct. You need to update the SDK and SqlClient version both. |
|
The sqlclient is included in the sdk’s net ore reference assemblies though? |
|
If the sqlclient update is separate, where do I get it? |
|
@jnevins-gcm SlqClient update is NOT separate. We do not ship or support separate packages which are part of .NET Core platform -- see my previous reply https://github.com/dotnet/corefx/issues/13660#issuecomment-420337898 explaining why. |
|
It is included but you need to include the version you want in your csproj file. <ItemGroup>
<PackageReference Include="System.Data.SqlClient" Version="4.6.0-preview2-26905-02" />
</ItemGroup>You can check the latest version of SqlClient from here: |
|
I guess I don’t understand your release model. netstandard2.0 started down the road of “no individual nuget packages for libraries that are part of the netstandard surface area”. You reference netstandard (implicitly) and the platform specific netstandard implementation forwards to the correct platform specific (or platform agnostic) implementation assembly that is distributed as part of that platform’s clr redistributable. SqlClient isn’t part of netstandard. Okay, so that being the case, how is it tied to a specific version of the netcore sdk? I’m looking at your nuget package on myget. It has both platform neutral (netstandard) implementations and a netcoreapp specific implementation. But no netcoreapp2.2 specific tfm. Can you please help me understand how SqlClient is coupled to the netcore sdk and where that dependency is expressed and why I can’t or shouldn’t be able to just add a PackageReference to the one you linked to on myget without installing netcore sdk 2.2? |
|
according to the readme, this should be included in preview1 but after i installed the SDK and added the new Sql package to version 4.6.0-preview2-26905-02 but still don't see the AccessToken on SqlConnection |
|
@swettstein while the PR was merged for 2.2 Preview1, it omitted packaging changes leading to not shipping the bits at all. They will be available in 2.2 Preview2 (also clarified above - https://github.com/dotnet/corefx/issues/13660#issuecomment-413921458). |
|
So is that to say my understanding as I described above is actually correct? |
|
@jnevins-gcm (had to check with experts again) In nutshell, whatever is part of netstandard, has to be in each platform inbox. Some APIs (outside of netstandard) may ship as well as standalone packages. Decision what ships as standalone package is based on business need, and not on "can it be done". Hope it clarifies things. Let's keep the general platform/targeting discussion separate. It is not specific to SqlClient. |
|
@bloodybeet did you use 2.2 Preview2? |
|
@bloodybeet Would you be able to file a new issue as Karel recommended? It would be easier to continue discussion there. In the meantime, I would recommend to check if you have created a contained database user and grant the necessary permissions. Please refer to this link for more information |
|
Even better: the access token wasn't coming from database.windows.net, but management.core.windows.net - fixed and working as expected. I have deleted all messages to keep this thread clean ;) |
ghost
locked as resolved and limited conversation to collaborators
The desktop .NET Framework 4.6 and newer has an
AccessTokenproperty on theSqlConnectionclass (MSDN) which can be used to authenticate to a SQL Azure database using an access token issued by Azure AD (examples here). However, this property is not present on the version ofSqlConnectionprovided in the System.Data.SqlClient NuGet package, including the latest preview v4.3.0-preview1-24530-04. In case it's an important detail, the project in question is a library project targeting 'netstandard1.6'.The lack of the
AccessTokenproperty makes it difficult, if not impossible, to support modern directory-based auth scenarios for Azure SQL DB while also targeting .NET Standard (I have not attempted to use the connection string-based AAD options, but for various reasons those would not be applicable for my project). I have yet to find a workaround other than setting the target framework to 'net46', which I would like to avoid except as a last resort.The text was updated successfully, but these errors were encountered: