Share via

How to configure Connection string without username and password by using managed instance Azure AD authentication with Azure SQL

Raghava Sai Akula 406 Reputation points
2023-03-24T13:31:22.6033333+00:00

Hi there ,

I am having 4 .net web applications hosted in IIS in the domain joined Azure VM.

User's image

I am using Azure Sql databases for all the applications(All dbs in a elastic pool of sql server) .

User's image

Coming to connection strings for DB connectivity ,right now I am using Admin Id and password in web.config

connectionString= "Server=server1234.database.windows.net,1433;Initial Catalog={DBname};Persist Security Info=False;User ID={SqlServerAdminId};Password=*******;TrustServerCertificate=False;" />

Now the requirement is to use managed identity(Azure AD Authentication) and make my connection string without userId & password.

connectionString="Data Source=server1234.database.windows.net;Initial Catalog={{DBname}};Authentication=Active Directory Integrated;"

I have created 4 different user Ids for 4 applications in Azure AD User's image

even I have created a group in Azure Active Directory as all these 4 Ids as part of that group and I have set the group as admin.User's image

and in IIS I am using that specific ids for that specific site

User's image

I have gone through couple of sites and most of their example is based on Azure App service(which in my case is an application hosted on VM )

could someone help me on this, I think I'm missing something related to adding each userid & db roles(db_datareader, db__datawriter) to each individual database to make it work

Azure SQL Database
Microsoft Security Microsoft Entra Microsoft Entra ID
Developer technologies VB
0 comments
Accepted answer
  1. Bjoern Peters 8,921 Reputation points
    2023-03-24T16:43:46.0866667+00:00

    Hi Raghava,

    Welcome to Q&A Forum; this is a great place to get support, answers, and tips.

    Thank you for posting your question; I'll be more than glad to help you out.

    You are correct... you have to grant those users access to the database!

    I think this blog post would help you to create the right connections. (add contained Azure AD user)

    https://www.mssqltips.com/sqlservertip/5242/adding-users-to-azure-sql-databases/

    I hope my answer is helpful to you,

    Your

    Bjoern Peters

    If the reply was helpful, please upvote and/or accept it as an answer, as this helps others in the community with similar questions. Thanks!

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.