AD Login Delegate to Azure SQL DB in Razor Web App

Marcus Searing 1 Reputation point
2021-06-11T19:28:22.09+00:00

Background: I built a Razor Pages web app that connects to Azure SQL DB and have successfully set up Azure AD single sign on. I have a DB context class which use AD interactive authentication, but when I publish the app to the Web App Service, I have to configure the Azure SQL DB dependency and I am forced to hard-code a username and password.

I have created users and logins in the DB and also utilize RLS as not all users have a need to see all data in certain tables, so I want to retain the security measures already in place.

Problem: Because the username and password are hard-coded all users will be able to see, edit, delete information they shouldn't, so I need to configure pass-through authentication to the DB.

Anyone have examples on how to achieve this?

Just how you can configure Power BI to have end users use their own credentials to access the SQL DB, I need to this with my web app.

104942-screenshot-2021-06-10-141654.png

Azure SQL Database
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,439 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Praveen Babu Vejandla 26 Reputation points
    2021-06-12T09:54:53.16+00:00
    0 comments
  2. Oury Ba-MSFT 16,076 Reputation points Microsoft Employee
    2021-06-15T19:33:58.28+00:00

    Hi @Marcus Searing Azure Active Directory (Azure AD) Pass-through Authentication will allow your users to sign in to both on-premises and cloud-based applications by using the same passwords and each password is a domain password for individual users, so each user has a different password. This article explains this in more details. Let us know if that helps.
    Regards,
    Oury