[release/2.2] Added AAD Authentication using Access Token #31039
Conversation
removed unused parts in code removed unnecessary code fix a comment Review feedbacks from Stephen Toub + Added a verification test addressed review feedbacks use Debug.Fail instead of Debug.Assert
There was a problem hiding this comment.
Approving as this is a port of #30342 on Release 2.2 branch
| @@ -34,6 +34,7 @@ public sealed partial class SqlConnection : DbConnection, ICloneable | |||
| private SqlCredential _credential; | |||
| private string _connectionString; | |||
| private int _connectRetryCount; | |||
| private string _accessToken; // Access Token to be used for token based authententication | |||
There was a problem hiding this comment.
typo in comment, authentication
| // If a connection is connecting or is ever opened, AccessToken cannot be set | ||
| if (!InnerConnection.AllowSetConnectionString) | ||
| { | ||
| throw ADP.OpenConnectionPropertySet("AccessToken", InnerConnection.State); |
There was a problem hiding this comment.
possible nameof(AccessToken) ?
|
@Petermarcu @stephentoub @danmosemsft Could you please review this pr? This is the same as #30342 targeting to 2.2 Release branch. I have modified the code changes @Wraith2 has suggested, will update the PR once I receive your feedback. Thanks! |
| { | ||
| return ADP.InvalidOperation(SR.GetString(SR.ADP_InvalidMixedUsageOfAccessTokenAndUserIDPassword)); | ||
| } | ||
| static internal Exception InvalidMixedUsageOfCredentialAndAccessToken() |
There was a problem hiding this comment.
Nit: it'd be good to consistently use "internal static" rather than sometimes using "static internal"
| { | ||
| return _accessToken; | ||
| } | ||
| } |
There was a problem hiding this comment.
This can just be:
internal string AccessToken => _accessToken;similar to the property right above it.
| @@ -74,6 +85,13 @@ private void CalculateHashCode() | |||
| _hashValue = _hashValue * 17 + _credential.GetHashCode(); | |||
| } | |||
| } | |||
| else if (_accessToken != null) | |||
| { | |||
| unchecked | |||
There was a problem hiding this comment.
Why is the unchecked needed? Is checked arithmetic enabled for this project?
There was a problem hiding this comment.
I can see unchecked being used in other parts of the SqlClient project.
|
@afsanehr let's ask @Petermarcu what process he wants here when he returns tomorrow. |
…ccessToken2.2 # Conflicts: # pkg/Microsoft.NETCore.Platforms/Microsoft.NETCore.Platforms.pkgproj # src/packages.builds
|
@dotnet-bot Test OSX x64 Debug Build please |
|
@dotnet-bot Test OSX x64 Debug Build |
|
@danmosemsft Just confirming @Petermarcu approved merging this pr. |
|
@afsanehr @keeratsingh I see this adds API (addition to ref*cs). I don't believe we can do that in servicing safely. Was this already discussed? If not, this shoudl go in 2.2 or 3.0. Also if https://github.com/dotnet/corefx/issues/31082 depends on this the same would be true for that. |
karelz
changed the title
danmoseley
removed
the
Servicing-consider
|
This is in the 2.2 branch but we did not have the package authoring correct to get it in the impending preview 1. We can follow up to get it in preview 2. |
| @@ -1403,7 +1471,7 @@ public static void ChangePassword(string connectionString, SqlCredential credent | |||
| throw ADP.InvalidArgumentLength(nameof(newSecurePassword), TdsEnums.MAXLEN_NEWPASSWORD); | |||
| } | |||
|
|
|||
| SqlConnectionPoolKey key = new SqlConnectionPoolKey(connectionString, credential); | |||
| SqlConnectionPoolKey key = new SqlConnectionPoolKey(connectionString, credential: null, accessToken: null); | |||
There was a problem hiding this comment.
Was changing credential to null here expected? There is another similar spot below on line 1512 as well.
There was a problem hiding this comment.
/cc: @danmosemsft / @stephentoub for visibility
There was a problem hiding this comment.
@afsanehr @keeratsingh own this
There was a problem hiding this comment.
Line 1512 has a bug and credential shouldn't be passed in as null, instead of the credential parameter should be passed through.
There was a problem hiding this comment.
Also this line, i.e. 1474, its buggy. No null should be passed in for Credential
Fixes #13660
2.2 Servicing:
Description:
The desktop .NET Framework 4.6 and newer has an AccessToken property on the SqlConnection class which can be used to authenticate to an Azure SQL database using an access token issued by Azure AD. However, this property is not present on the version of SqlConnection provided in the System.Data.SqlClient NuGet package of CoreFX. The lack of the AccessToken property makes it difficult, if not impossible, to support modern directory-based auth scenarios for Azure SQL DB while also targeting .NET Standard.
Customer Impact:
The lack of a way to connect to an Azure SQL database in CoreFx keeps existing Azure SQL customers from adopting CoreFX. It also precludes customers who already use CoreFX from subscribing to Azure SQL services. This small change will enable customers to move forward with a CoreFx + Azure SQL combination.
The code is already in the master branch of the corefx repo.
Regression?
None. These changes are ported over from .NET Framework to .NET Core.
Risk:
Low. The code changes already existed on .NET Framework.
The same pr#30342 is already merged on master branch.