Skip to content

Feature | Azure Identity support - Phase 1 changes #1010

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 9 commits into from
Apr 15, 2021
Merged

Feature | Azure Identity support - Phase 1 changes #1010

merged 9 commits into from
Apr 15, 2021

Conversation

cheenamalhotra
Copy link
Member

@cheenamalhotra cheenamalhotra commented Mar 25, 2021
edited
Loading

Phase 1 changes

  • Add new dependency on Azure.Identity v1.3.0.
  • Use Azure.Identity library to acquire token using ManagedIdentityCredential() for Managed Identity based authentication modes (ActiveDirectoryMSI and ActiveDirectoryManagedIdentity)
  • Merge "AzureManagedIdentityAuthenticationProvider" into "ActiveDirectoryAuthenticationProvider" to support MSI modes from the same class "ActiveDirectoryAuthenticationProvider"
  • Transition below authentication modes to start using Azure.Identity to acquire access token:
    • ActiveDirectoryManagedIdentity > ManagedIdentityCredential()
    • ActiveDirectoryMSI > ManagedIdentityCredential()
    • ActiveDirectoryServicePrincipal > ClientSecretCredential()
      • New addition: Tenant id (required) - uses default from database info
  • Accept "Client Id" for User-Assigned Managed Identity as Azure.Identity doesn't support "Object Id"
    • Use existing "UserId" connection property to accept "Client Id" instead of "Object Id' starting with v3.0
  • Pass "Connect Timeout" from SqlConnection property to SqlAuthenticationParameters to provide cancellation token to all Async calls in order to cancel token acquire request after "timeout" milliseconds.
    • For Interactive Authentication on .NET Core: Cancellation token cancels request after 3 mins [as of current design]

Public Observations:

  • 1 Breaking change:
    • "User Id" now accepts "Client Id" instead of "Object Id" for User-Assigned Managed Identity.
      • It was initially designed to keep the behavior in sync with other SQL drivers, but Azure.Identity doesn't support Object Id
  • 1 new Public API (read only)
    • SqlAuthenticationParameters.ConnectionTimeout
  • 1 new Dependency on all supported platforms:
    • Azure.Identity v1.3.0

@cheenamalhotra cheenamalhotra added Public API 🆕 Issues/PRs that introduce new APIs to the driver. Breaking Change 🔨 Issues/PRs that are related with breaking API changes in the driver. labels Mar 25, 2021
@cheenamalhotra cheenamalhotra added this to the 3.0.0-preview2 milestone Mar 25, 2021
@cheenamalhotra cheenamalhotra merged commit 5e5771d into dotnet:main Apr 15, 2021
@cheenamalhotra cheenamalhotra linked an issue Apr 20, 2021 that may be closed by this pull request
Integrate with Azure.Identity #771
Closed
@SimonCropp SimonCropp mentioned this pull request Jun 9, 2021
Open
@usemam usemam mentioned this pull request Jun 22, 2021
Merged
@ccarpediem ccarpediem mentioned this pull request Aug 16, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
3 more reviewers

@johnnypham johnnypham johnnypham approved these changes

@JRahnama JRahnama JRahnama approved these changes

@DavoudEshtehari DavoudEshtehari DavoudEshtehari approved these changes

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
Breaking Change 🔨 Issues/PRs that are related with breaking API changes in the driver. Public API 🆕 Issues/PRs that introduce new APIs to the driver.
Projects
None yet
Milestone
3.0.0-preview2
Development

Successfully merging this pull request may close these issues.

Integrate with Azure.Identity
4 participants
@cheenamalhotra @johnnypham @JRahnama @DavoudEshtehari