mirror of
https://github.com/ckaczor/sqltoolsservice.git
synced 2026-01-13 17:23:02 -05:00
Azure Active Directory (Azure AD) is becoming Microsoft Entra ID (#2237)
This commit is contained in:
Cheena Malhotra
@@ -51,7 +51,7 @@ namespace Microsoft.Kusto.ServiceLayer.Connection
|
||||
CategoryValues = new CategoryValue[]
|
||||
{ new CategoryValue { DisplayName = "SQL Login", Name = "SqlLogin" },
|
||||
new CategoryValue { DisplayName = "Windows Authentication", Name = "Integrated" },
|
||||
new CategoryValue { DisplayName = "Azure Active Directory - Universal with MFA support", Name = AzureMFA }
|
||||
new CategoryValue { DisplayName = "Microsoft Entra ID - Universal with MFA support", Name = AzureMFA }
|
||||
},
|
||||
IsIdentity = true,
|
||||
IsRequired = true,
|
||||
|
||||
@@ -6,7 +6,7 @@
|
||||
namespace Microsoft.SqlTools.Authentication
|
||||
{
|
||||
/// <summary>
|
||||
/// Supported Active Directory authentication modes
|
||||
/// Supported Microsoft Entra authentication modes
|
||||
/// </summary>
|
||||
public enum AuthenticationMethod
|
||||
{
|
||||
|
||||
@@ -37,8 +37,8 @@ namespace Microsoft.SqlTools.Authentication
|
||||
public string[] Scopes { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// <see cref="Guid"/> Connection Id, that will be passed to Azure AD when requesting access token.
|
||||
/// It can be used for tracking AAD request status if needed.
|
||||
/// <see cref="Guid"/> Connection Id, that will be passed to Microsoft Entra when requesting access token.
|
||||
/// It can be used for tracking Microsoft Entra authentication request status if needed.
|
||||
/// </summary>
|
||||
public Guid ConnectionId { get; set; }
|
||||
|
||||
@@ -56,7 +56,7 @@ namespace Microsoft.SqlTools.Authentication
|
||||
/// <param name="resource">Resource for which token is requested.</param>
|
||||
/// <param name="scopes">Scopes for access token</param>
|
||||
/// <param name="userName">User hint information</param>
|
||||
/// <param name="connectionId">Connection Id for tracing AAD request</param>
|
||||
/// <param name="connectionId">Connection Id for tracing Microsoft Entra authentication request</param>
|
||||
public AuthenticationParams(AuthenticationMethod authMethod, string authority, string audience,
|
||||
string resource, string[] scopes, string userName, Guid connectionId) {
|
||||
this.AuthenticationMethod = authMethod;
|
||||
|
||||
@@ -83,7 +83,7 @@ namespace Microsoft.SqlTools.Authentication
|
||||
{
|
||||
SqlToolsLogger.Pii($"{nameof(Authenticator)}.{nameof(GetTokenAsync)} | Unexpected username format, email not retreived: {@params.UserName}. " +
|
||||
$"Accepted formats are: 'johndoe@org.com' or 'John Doe - johndoe@org.com'.");
|
||||
throw new Exception($"Invalid email address format for user: [{username}] received for Azure Active Directory authentication.");
|
||||
throw new Exception($"Invalid email address format for user: [{username}] received for Microsoft Entra authentication.");
|
||||
}
|
||||
|
||||
if (accounts.MoveNext())
|
||||
|
||||
@@ -9,7 +9,7 @@ namespace Microsoft.SqlTools.Authentication.Sql
|
||||
{
|
||||
/// <summary>
|
||||
/// Provides an implementation of <see cref="SqlAuthenticationProvider"/> for SQL Tools to be able to perform Federated authentication
|
||||
/// silently with Microsoft.Data.SqlClient integration only for "ActiveDirectory" authentication modes.
|
||||
/// silently with Microsoft.Data.SqlClient integration only for Microsoft Entra authentication modes.
|
||||
/// When registered, the SqlClient driver calls the <see cref="AcquireTokenAsync(SqlAuthenticationParameters)"/> API
|
||||
/// with server-sent authority information to request access token when needed.
|
||||
/// </summary>
|
||||
@@ -20,11 +20,11 @@ namespace Microsoft.SqlTools.Authentication.Sql
|
||||
private IAuthenticator authenticator;
|
||||
|
||||
/// <summary>
|
||||
/// Instantiates AuthenticationProvider to be used for AAD authentication with MSAL.NET and MSAL.js co-ordinated.
|
||||
/// Instantiates AuthenticationProvider to be used for Microsoft Entra authentication with MSAL.NET and MSAL.js co-ordinated.
|
||||
/// </summary>
|
||||
/// <param name="applicationName">Application Name that identifies user folder path location for reading/writing to shared cache.</param>
|
||||
/// <param name="applicationPath">Application Path directory where application cache folder is present.</param>
|
||||
/// <param name="authCallback">Callback that handles AAD authentication when user interaction is needed.</param>
|
||||
/// <param name="authCallback">Callback that handles Microsoft Entra authentication when user interaction is needed.</param>
|
||||
public AuthenticationProvider(IAuthenticator authenticator)
|
||||
{
|
||||
this.authenticator = authenticator;
|
||||
@@ -59,17 +59,17 @@ namespace Microsoft.SqlTools.Authentication.Sql
|
||||
cts.CancelAfter(parameters.ConnectionTimeout * 1000); // Convert to milliseconds
|
||||
|
||||
/* We split audience from Authority URL here. Audience can be one of the following:
|
||||
* The Azure AD authority audience enumeration
|
||||
* The Microsoft Entra authority audience enumeration
|
||||
* The tenant ID, which can be:
|
||||
* - A GUID (the ID of your Azure AD instance), for single-tenant applications
|
||||
* - A domain name associated with your Azure AD instance (also for single-tenant applications)
|
||||
* One of these placeholders as a tenant ID in place of the Azure AD authority audience enumeration:
|
||||
* - A GUID (the ID of your Microsoft Entra instance), for single-tenant applications
|
||||
* - A domain name associated with your Microsoft Entra instance (also for single-tenant applications)
|
||||
* One of these placeholders as a tenant ID in place of the Microsoft Entra authority audience enumeration:
|
||||
* - `organizations` for a multitenant application
|
||||
* - `consumers` to sign in users only with their personal accounts
|
||||
* - `common` to sign in users with their work and school accounts or their personal Microsoft accounts
|
||||
*
|
||||
* MSAL will throw a meaningful exception if you specify both the Azure AD authority audience and the tenant ID.
|
||||
* If you don't specify an audience, your app will target Azure AD and personal Microsoft accounts as an audience. (That is, it will behave as though `common` were specified.)
|
||||
* MSAL will throw a meaningful exception if you specify both the Microsoft Entra authority audience and the tenant ID.
|
||||
* If you don't specify an audience, your app will target Microsoft Entra and personal Microsoft accounts as an audience. (That is, it will behave as though `common` were specified.)
|
||||
* More information: https://docs.microsoft.com/azure/active-directory/develop/msal-client-application-configuration
|
||||
**/
|
||||
|
||||
|
||||
@@ -6,7 +6,7 @@
|
||||
namespace Microsoft.SqlTools.Authentication.Utility
|
||||
{
|
||||
/// <summary>
|
||||
/// Configuration used by <see cref="Authenticator"/> to perform AAD authentication using MSAL.NET
|
||||
/// Configuration used by <see cref="Authenticator"/> to perform Microsoft Entra authentication using MSAL.NET
|
||||
/// </summary>
|
||||
public class AuthenticatorConfiguration
|
||||
{
|
||||
|
||||
@@ -15,7 +15,7 @@ namespace Microsoft.SqlTools.Utility
|
||||
public const string ActiveDirectoryInteractive = "ActiveDirectoryInteractive";
|
||||
public const string ActiveDirectoryPassword = "ActiveDirectoryPassword";
|
||||
|
||||
// Azure authentication (MSAL) constants
|
||||
// Microsoft Entra authentication (MSAL) constants
|
||||
public const string ApplicationClientId = "a69788c6-1d43-44ed-9ca3-b83e194da255";
|
||||
public const string AzureTokenFolder = "Azure Accounts";
|
||||
public const string AzureAccountProviderCredentials = "azureAccountProviderCredentials";
|
||||
|
||||
@@ -71,7 +71,7 @@ namespace Microsoft.SqlTools.Migration.Contracts
|
||||
public List<string> LoginList { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// Azure active directory domain name (required for Windows Auth)
|
||||
/// Microsoft Entra domain name (required for Windows Auth)
|
||||
/// </summary>
|
||||
public string AADDomainName{ get; set; }
|
||||
}
|
||||
|
||||
@@ -146,7 +146,7 @@ namespace Microsoft.SqlTools.ResourceProvider.Core.Contracts
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Represents a tenant (an Azure Active Directory instance) to which a user has access
|
||||
/// Represents a Microsoft Entra tenant to which a user has access
|
||||
/// </summary>
|
||||
public class Tenant
|
||||
{
|
||||
|
||||
@@ -53,7 +53,7 @@ namespace Microsoft.SqlTools.ServiceLayer.Connection
|
||||
CategoryValues = new CategoryValue[]
|
||||
{ new CategoryValue { DisplayName = "SQL Login", Name = "SqlLogin" },
|
||||
new CategoryValue { DisplayName = "Windows Authentication", Name = "Integrated" },
|
||||
new CategoryValue { DisplayName = "Azure Active Directory - Universal with MFA support", Name = AzureMFA }
|
||||
new CategoryValue { DisplayName = "Microsoft Entra ID - Universal with MFA support", Name = AzureMFA }
|
||||
},
|
||||
IsIdentity = true,
|
||||
IsRequired = true,
|
||||
|
||||
@@ -42,7 +42,7 @@ namespace Microsoft.SqlTools.ServiceLayer.Connection
|
||||
internal const string PasswordPlaceholder = "******";
|
||||
private const string SqlAzureEdition = "SQL Azure";
|
||||
|
||||
public const int MaxTolerance = 2 * 60; // two minutes - standard tolerance across ADS for AAD tokens
|
||||
public const int MaxTolerance = 2 * 60; // two minutes - standard tolerance across ADS for Microsoft Entra tokens
|
||||
|
||||
// SQL Error Code Constants
|
||||
// Referenced from: https://learn.microsoft.com/en-us/sql/relational-databases/errors-events/database-engine-events-and-errors?view=sql-server-ver16
|
||||
@@ -329,7 +329,7 @@ namespace Microsoft.SqlTools.ServiceLayer.Connection
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Requests an update of the azure auth token
|
||||
/// Requests an update of the Microsoft Entra auth token
|
||||
/// </summary>
|
||||
/// <param name="refreshToken">The token to update</param>
|
||||
/// <returns>true upon successful update, false if it failed to find
|
||||
@@ -955,7 +955,7 @@ namespace Microsoft.SqlTools.ServiceLayer.Connection
|
||||
}
|
||||
|
||||
// This clears the uri of the connection from the tokenUpdateUris map, which is used to track
|
||||
// open editors that have requested a refreshed AAD token.
|
||||
// open editors that have requested a refreshed Microsoft Entra token.
|
||||
this.TokenUpdateUris.Remove(disconnectParams.OwnerUri, out bool result);
|
||||
|
||||
// Call Close() on the connections we want to disconnect
|
||||
@@ -1105,7 +1105,7 @@ namespace Microsoft.SqlTools.ServiceLayer.Connection
|
||||
|
||||
if (commandOptions.EnableSqlAuthenticationProvider)
|
||||
{
|
||||
// Register SqlAuthenticationProvider with SqlConnection for AAD Interactive (MFA) authentication.
|
||||
// Register SqlAuthenticationProvider with SqlConnection for Microsoft Entra Interactive (MFA) authentication.
|
||||
var provider = new AuthenticationProvider(GetAuthenticator(commandOptions));
|
||||
SqlAuthenticationProvider.SetProvider(SqlAuthenticationMethod.ActiveDirectoryInteractive, provider);
|
||||
|
||||
@@ -1932,7 +1932,7 @@ namespace Microsoft.SqlTools.ServiceLayer.Connection
|
||||
SqlConnection sqlConn = new SqlConnection(connectionString);
|
||||
sqlConn.RetryLogicProvider = SqlRetryProviders.ServerlessDBRetryProvider();
|
||||
|
||||
// Fill in Azure authentication token if needed
|
||||
// Fill in Microsoft Entra authentication token if needed
|
||||
if (connInfo.ConnectionDetails.AzureAccountToken != null && connInfo.ConnectionDetails.AuthenticationType == AzureMFA)
|
||||
{
|
||||
sqlConn.AccessToken = connInfo.ConnectionDetails.AzureAccountToken;
|
||||
|
||||
@@ -655,7 +655,7 @@ namespace Microsoft.SqlTools.ServiceLayer.LanguageServices
|
||||
try
|
||||
{
|
||||
// This clears the uri of the connection from the tokenUpdateUris map, which is used to track
|
||||
// open editors that have requested a refreshed AAD token.
|
||||
// open editors that have requested a refreshed Microsoft Entra token.
|
||||
connectionService.TokenUpdateUris.Remove(uri, out var result);
|
||||
// if not in the preview window and diagnostics are enabled then clear diagnostics
|
||||
if (!IsPreviewWindow(scriptFile)
|
||||
|
||||
@@ -21,7 +21,7 @@ namespace Microsoft.SqlTools.ServiceLayer.ObjectManagement
|
||||
// Authenticate with password.
|
||||
[EnumMember(Value = "SqlAuthentication")]
|
||||
SqlAuthentication,
|
||||
// Authenticate with Azure Active Directory.
|
||||
// Authenticate with Microsoft Entra ID.
|
||||
[EnumMember(Value = "AADAuthentication")]
|
||||
AADAuthentication,
|
||||
// User that cannot authenticate.
|
||||
|
||||
@@ -15,7 +15,7 @@ namespace Microsoft.SqlTools.Shared.Utility
|
||||
public const string ActiveDirectoryInteractive = "ActiveDirectoryInteractive";
|
||||
public const string ActiveDirectoryPassword = "ActiveDirectoryPassword";
|
||||
|
||||
// Azure authentication (MSAL) constants
|
||||
// Microsoft Entra authentication (MSAL) constants
|
||||
public const string ApplicationClientId = "a69788c6-1d43-44ed-9ca3-b83e194da255";
|
||||
public const string AzureTokenFolder = "Azure Accounts";
|
||||
public const string AzureAccountProviderCredentials = "azureAccountProviderCredentials";
|
||||
|
||||
@@ -24,7 +24,7 @@ namespace Microsoft.SqlTools.SqlCore.ObjectExplorer
|
||||
/// Expands the node at the given path and returns the child nodes.
|
||||
/// </summary>
|
||||
/// <param name="connectionString"> Connection string to connect to the server </param>
|
||||
/// <param name="accessToken"> Access token to connect to the server. To be used in case of AAD based connections </param>
|
||||
/// <param name="accessToken"> Access token to connect to the server. To be used in case of Microsoft Entra ID based connections </param>
|
||||
/// <param name="nodePath"> Path of the node to expand </param>
|
||||
/// <param name="serverInfo"> Server information </param>
|
||||
/// <param name="options"> Object explorer options </param>
|
||||
|
||||
@@ -561,7 +561,7 @@ namespace Microsoft.SqlTools.ServiceLayer.UnitTests.Connection
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Verify that password is ignored when using Active Directory Interactive authentication.
|
||||
/// Verify that password is ignored when using Microsoft Entra Interactive authentication.
|
||||
/// </summary>
|
||||
[TestCase("user", "anything", AzureMFA)]
|
||||
[TestCase("user", "anything", ActiveDirectoryInteractive)]
|
||||
|
||||
@@ -19,7 +19,7 @@ using NUnit.Framework;
|
||||
namespace Microsoft.SqlTools.ServiceLayer.UnitTests.ResourceProvider
|
||||
{
|
||||
/// <summary>
|
||||
/// Tests to verify FirewallRuleService by mocking the azure authentication and resource managers
|
||||
/// Tests to verify FirewallRuleService by mocking the Microsoft Entra authentication and resource managers
|
||||
/// </summary>
|
||||
public class FirewallRuleServiceTest
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user