Migrate to Innovate Summit:
Learn how migrating and modernizing to Azure can boost your business's performance, resilience, and security, enabling you to fully embrace AI.Register now
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Microsoft Entra ID was previously known as Azure Active Directory (Azure AD).
Multifactor authentication for Azure SQL Database
Active Directory Interactive authentication supports multifactor authentication using Microsoft.Data.SqlClient to connect to Azure SQL data sources. In a client C# program, the enum value directs the system to use the Microsoft Entra interactive mode that supports multifactor authentication to connect to Azure SQL Database. The user who runs the program sees the following dialog boxes:
A dialog box that displays a Microsoft Entra user name and asks for the user's password.
If the user's domain is federated with Microsoft Entra ID, the dialog box doesn't appear, because no password is needed.
If the Microsoft Entra policy imposes multifactor authentication on the user, a dialog box to sign in to your account will display.
The first time a user goes through multifactor authentication, the system displays a dialog box that asks for a mobile phone number to send text messages to. Each message provides the verification code that the user must enter in the next dialog box.
A dialog box that asks for a multifactor authentication verification code, which the system has sent to a mobile phone.
Before you run the C# example, it's a good idea to check that your setup and configurations are correct in SQL Server Management Studio (SSMS). Any C# program failure can then be narrowed to source code.
Verify server-level firewall IP addresses
Run SSMS from the same computer, in the same building, where you plan to run the C# example. For this test, any Authentication mode is OK. If there's any indication that the server isn't accepting your IP address, see server-level and database-level firewall rules for help.
Verify Microsoft Entra multifactor authentication
Run SSMS again, this time with Authentication set to Azure Active Directory - Universal with MFA. This option requires SSMS version 18.6 or later.
For SSMS versions prior to 18.x, guest users must provide the Microsoft Entra domain name or tenant ID for the database: Select Options > AD domain name or tenant ID. SSMS 18.x and later automatically recognizes the tenant.
To find the domain name in the Azure portal, select Microsoft Entra ID > Custom domain names. In the C# example program, providing a domain name is not necessary.
C# code example
Note
If you are using .NET Core, you will want to use the Microsoft.Data.SqlClient namespace. For more information, see the following blog.
This is an example of C# source code.
C#
using System;
using Microsoft.Data.SqlClient;
publicclassProgram
{
publicstaticvoidMain(string[] args)
{
// Use your own server, database, and user ID.// Connection string - user ID is not provided and is asked interactively.string ConnectionString = @"Server=<your server>.database.windows.net; Authentication=Active Directory Interactive; Database=<your database>";
using (SqlConnection conn = new SqlConnection(ConnectionString))
{
conn.Open();
Console.WriteLine("ConnectionString2 succeeded.");
using (var cmd = new SqlCommand("SELECT @@Version", conn))
{
Console.WriteLine("select @@version");
var result = cmd.ExecuteScalar();
Console.WriteLine(result.ToString());
}
}
Console.ReadKey();
}
}
Administer an SQL Server database infrastructure for cloud, on-premises and hybrid relational databases using the Microsoft PaaS relational database offerings.
Learn about how to use Microsoft Entra ID for authentication with Azure SQL Database, Azure SQL Managed Instance, and Synapse SQL in Azure Synapse Analytics