通过Powershell将Azure应用注册连接到Azure SQL数据库

问题描述 投票:0回答:1

需要Powershell脚本在本地运行,该脚本将作为Azure AD应用程序注册登录到Azure SQL数据库。我可以获取App Registration的访问令牌,但是尝试使用它登录数据库时出现错误:

使用“ 0”参数调用“ Open”的异常:“用户'NT AUTHORITY \ ANONYMOUS LOGON'登录失败。“

我已经在目标数据库中创建了用户并应用了授权。

CREATE USER [App Reg Dave Test] FROM EXTERNAL PROVIDER;
ALTER ROLE [db_datareader] ADD MEMBER [App Reg Dave Test];
ALTER ROLE [db_datawriter] ADD MEMBER [App Reg Dave Test];  

我不确定是否有必要,但是我还为SQL数据库User_Impersonation和App_Impersonation的App注册授予了api权限。这是我的PS代码的示例。 $ connection.open()命令失败。
#-- Intall ADAL.ps
# Import-Module ADAL.PS

#-----------------------------------
#--  Get Token for App Registration
#-----------------------------------

$tenantId = "448b9f7b-9e69-xxxx-xxxx-xxxxxxxxxxxx"
$authority = "https://login.microsoftonline.com/$tenantId/oauth2/v2.0/authorize"
$resourceUrl = "api://123a7216-7b20-yyyy-yyyy-yyyyyyyyyyyy"
$clientId = "123a7216-7b20-yyyy-yyyy-yyyyyyyyyyyy"
$secret = ConvertTo-SecureString -String "X87ZK@NPw=zzzzzzzzzzzzzzzzzzzx/-" -AsPlainText -Force
$response = Get-ADALToken -Authority $authority -Resource $resourceUrl -ClientId $clientId -ClientSecret $secret
$token = $response.AccessToken

#-----------------------------------
#--  Connect to DB
#-----------------------------------

$sqlServerUrl = "dave-sqls2.database.windows.net"
$database = "advworks"
$connectionString = "Server=tcp:$sqlServerUrl,1433;Initial Catalog=$database;Persist Security Info=False;MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;"
$connection = New-Object System.Data.SqlClient.SqlConnection($connectionString)

# Add AAD generated token to SQL connection token
$connection.AccessToken = $response.AccessToken

$connection  #-- Output connection object for debugging.

$query = "SELECT @@Servername, @@Version"
$command = New-Object -Type System.Data.SqlClient.SqlCommand($query, $connection)
$connection.Open()

$adapter = New-Object System.Data.sqlclient.sqlDataAdapter $command
$dataset = New-Object System.Data.DataSet
$adapter.Fill($dataSet) | Out-Null
$connection.Close()
$dataSet.Tables

需要Powershell脚本在本地运行,该脚本将作为Azure AD应用程序注册登录到Azure SQL数据库。我可以获取App Registration的访问令牌,但是出现错误...

powershell azure-active-directory azure-sql-database adal
1个回答
0
投票

根据您提供的PowerShell脚本,您使用了错误的resourceUrl。请将资源网址更新为https://database.windows.net/。有关更多详细信息,请参阅blog

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.