Azure SQL Database
An Azure relational database service.
5,428 questions
Based on my understanding, only SQL auth is supported for cross database queries and AD auth is not supported.
How to access database by External Datasource using Service Principal Name(SPN)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 65%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDP%3C/text%3E%3C/svg%3E)
Devendra Parmar
20
Reputation points
I am seeking a solution for cross-database access via an external data source using Service Principal credentials. Specifically, I want to perform Transact-SQL queries from one database to another using Service Principal credentials. To achieve this, I am using Service Principal Name(SPN) for creating required Database Scoped Credentials (DSC) and External Datasource.
Here is how I am creating the DSC:
CREATE DATABASE SCOPED CREDENTIAL testManageAccessSPN2 WITH IDENTITY = 'CLIENT_ID' , SECRET = 'CLIENT_SECRET';
Where CLIENT_ID is a special id from the overview tab of App registration (Application (client) ID) And Secret = CLIENT_SECRET from the "Certificate & secrets"
Format:
CLIENT_ID = 00000000-0000-0000-0000-000000000000
CLIENT_SECRET = O7q8Q~otvRVdha.EmqEsyxxxxxxxxxxxxx
However, when I try to access the database using these credentials, I encounter the following error:
An error occurred while establishing connection to remote data source: [Microsoft][ODBC Driver 17 for SQL Server][SQL Server]Login failed for user '
I have tested these credentials by logging into SSMS, and they are working fine. Please assist me with a possible solution. Thanks.
{count} votes
-
Erland Sommarskog 107K Reputation points2024-07-21T20:25:00.38+00:00 Just to be sure: you are doing this in Azure SQL Database and you want to access another Azure SQL Database?
-
Devendra Parmar 20 Reputation points
2024-07-22T04:12:37.85+00:00 Just FYI, i am Using Azure SQL Database.
-
Erland Sommarskog 107K Reputation points
2024-07-22T15:41:20.28+00:00 OK. Can you show us the commands you use to set up the connection and then how you tested it? Blank out any ids, usernames and passwords. Great if you can show a screenshot with the commands and the error message. Same if you can show a screenshot of a successful login through SSMS.
Sign in to comment
Accepted answer
-
Nandan Hegde 31,511 Reputation points MVP2024-07-23T02:56:04.5966667+00:00 -
Devendra Parmar 20 Reputation points
2024-07-24T10:39:48.5633333+00:00 Thanks, @Nandan Hegde for replying, I have another question: Will we be able to use Azure AD identity in Elastic Query in the future? Will Microsoft introduce that in the future?
Sign in to comment -
2 additional answers
Sort by: Most helpful
-
Amira Bedhiafi 19,946 Reputation points2024-07-21T18:47:50.64+00:00 Have you tried adding user to db_owner role ?
Check these old threads :
https://learn.microsoft.com/en-us/answers/questions/1336664/elastic-database-query-failing
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(275.2, 61%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAS%3C/text%3E%3C/svg%3E)
Ayush Shrivastava 0 Reputation points2024-07-22T14:36:45.4666667+00:00 These are not helpful as I am not able to do cross functional query using service principle. Any other solution.
Sign in to comment -
-
LiHongMSFT-4306 25,651 Reputation points2024-07-22T02:09:35.6966667+00:00 Here are some resolutions from this blog:
Enable the option "Allow Azure services and resources to access this server" and to set the option "Public network access" to "Selected networks" in the remote Azure SQL Database server's firewall configuration.
If "Allow Azure services" is not secure enough for your requirements, you could also try to create IP address firewall rules for each of the local databases. You need to catch the firewall errors and get the public IP address of the database that is attempting to log in. You could then add that IP in a firewall rule to the remote server and retry the query. This approach is relatively complex to implement, as it is a manual process and cannot be automated. It is also possible that the IP address may change in the future.
If neither of these is a valid option, you may consider moving the Azure SQL Databases to an Azure SQL Managed Instance, which natively allows cross-database queries.
Best regards,
Cosmog
If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".