0

I have an ASP.NET web application running on prem windows server. We need to connect to an Azure SQL MI from the C# code. I tried as below example code:

string ConnectionString1 = @"Server=demo.database.windows.net; Authentication=Active Directory Managed Identity; Encrypt=True; Database=testdb";

using (SqlConnection conn = new SqlConnection(ConnectionString1)) {
    conn.Open(); //Erroring out
}

Error Message: Unhandled Exception: Microsoft.Data.Sqlclient.Sqlexception: ManagedIdentityCredential authentication failed: Managed identity response was not in the expected format.

What am I missing?

Note: I am able to connect to the same azure SQL managed instance via SQL server Management studio using active directory authentication. Seeing the issue only when we try to establish connectivity from the c# code

ShubhamWagh
  • 565
  • 2
  • 9
Xavier
  • 1,672
  • 5
  • 27
  • 46
  • Have you looked at this guidance https://learn.microsoft.com/en-us/azure/azure-sql/managed-instance/connect-application-instance?view=azuresql#connect-from-on-premises ? – Anand Sowmithiran Dec 30 '22 at 06:36

1 Answers1

1

I have an ASP.NET web application running on prem windows server.

Managed Identity is not available on on-prem servers unless they are configured as Azure ARC-Enabled

Otherwise, to authenticate to Managed Instance from an on-prem server using .NET, you can use any of the Azure AD Auth methods documented here, in addition to SQL Auth and even Windows Auth.

But the most common approaches are probably

SQL Server Auth

or

Active Directory Service Principal Auth

David Browne - Microsoft
  • 80,331
  • 6
  • 39
  • 67
  • Thanks David. In such case what is the alternate approach we can take to connect to Azure SQL MI instead of Managed Identity? – Xavier Dec 30 '22 at 16:34
  • Thanks David. So does it mean if we have to use Managed identity we should use the Azure web server instead on prem server? Will Managed identity work in that case when we have a web application running in Azure web server and try to connect to Azure SQL MI from code? – Xavier Dec 30 '22 at 18:49
  • Managed Identity works on Azure App Service, Azure VMs, and many other Azure services. But it's also simple to provision an App Registration in AAD, generate a client secret and use Service Principal Auth; you just have to manage the client secret. – David Browne - Microsoft Dec 30 '22 at 18:50
  • Thanks for all the clarification and details. I will go through these documentation and try implementing this. – Xavier Dec 30 '22 at 20:23