1

I have a Django application which connects to an Azure SQL Server through traditional username and password combination and it works fine.

The library I am using for this is mssql-django. Here is the link to it. https://github.com/microsoft/mssql-django

This is the extract from the settings.py

DATABASES = {
    "default": {
        "ENGINE": "mssql",
        "NAME": "db_name",
        "USER": "foo",
        "PASSWORD": "password",
        "HOST": "foo.database.windows.net",
        "PORT": "1433",
        "OPTIONS": {
            "driver": "ODBC Driver 17 for SQL Server", 
        },
    },
}

However, I want to connect to the Azure SQL Server using Managed Identities. The library I am using talks about this in this link: https://github.com/microsoft/mssql-django/wiki/Azure-AD-Authentication

Towards the bottom of the above link they suggest to use this setting:

DATABASES = {
    "default": {
        "ENGINE": "mssql",
        "NAME": "db_name",
        "HOST": "foo.windows.net",
        "PORT": "1433",
        "OPTIONS": {
            "driver": "ODBC Driver 17 for SQL Server",
            "extra_params": "Authentication=ActiveDirectoryMsi",
        },
    },
}

But how do I set up the managed identity in my local laptop, so that it can authenticate with Azure? I understand that this would work for an App Service or an Azure VM, but how to set this up for local laptop?

Arun T
  • 1,114
  • 6
  • 17

1 Answers1

1

Managed Service Identity can be used only for the resources that are hosted on Azure

As your application is hosted in your local laptop, you cannot use Managed Service Identity

In your case, you can use service principal authentication instead of Managed Service Identity

If your application is hosted in Azure (either Azure App service or Azure VM), then you can create Managed Identity for your Azure Resource and provide the required permissions for the managed identity in the Azure SQL server

Then you would be able to use Managed Service Identity for your application

RamaraoAdapa
  • 2,837
  • 2
  • 5
  • 11
  • 1
    Sorry for the delay in the reply. Got stuck in other things. I had a hunch about this. But I read few articles that there might be a possibility of using Azure MI with local development too. But I was not able to find a way with Django / Python. But my doubt is that, If you are familiar with the application called DBeaver used for viewing databases, they have an option to use Managed Identity in their software. Which means there could be a way to set up Managed Identity in our local machines. – Arun T Jan 20 '22 at 16:47
  • Even I have the similar situation now, were you able to find the solution for your question? – Sai Varun Kumar May 24 '22 at 12:07