Menu
To connect to Azure SQL Database using MFA (which is in SSMS as "Active Directory - Universal") Microsoft recommends and currently only has a tutorial on connecting with C# using Microsoft.IdentityModel.Clients.ActiveDirectory
Setting Authentication='Active Directory Interactive'; in a regular ODBC connection string from Python or Powershell results in the error
Cannot find an authentication provider for 'ActiveDirectoryInteractive'
This seems to be because per Microsoft's example code at https://docs.microsoft.com/en-us/azure/sql-database/active-directory-interactive-connect-azure-sql-db you need to explicitly create your own auth provider class when creating the connection:
public static void Main(string[] args)
{
var provider = new ActiveDirectoryAuthProvider();
SC.SqlAuthenticationProvider.SetProvider(
SC.SqlAuthenticationMethod.ActiveDirectoryInteractive,
//SC.SqlAuthenticationMethod.ActiveDirectoryIntegrated, // Alternatives.
//SC.SqlAuthenticationMethod.ActiveDirectoryPassword,
provider);
Program.Connection();
}
I want to connect with pyodbc, so I can't implement the ActiveDirectoryInteractive provider.
Is there any way to generically acquire a token using OAuth and use it in the connection string, or otherwise implement the ActiveDirectoryInteractive provider without using .NET?
435
For more information, see Use Azure Active Directory authentication and Configure and manage Azure AD authentication with Azure SQL. If your Windows Server Active Directory is federated with Azure AD, users can authenticate with SQL Server using their Windows credentials, either as a Windows logins or an Azure AD login.
You need ODBC drivers for connecting your Python application to an Azure SQL database. The pyodbc is a library written in Python that uses the ODBC drivers to connect your Python application with an Azure SQL database.
You can now connect to SQL Server using the following authentication methods using Azure AD identities: Azure Active Directory Universal with Multi-Factor Authentication The current authentication modes, such as SQL authentication and Windows authentication remain unchanged.
Firstly, according to the subsection Additional considerations of the offical document Use Azure Active Directory Authentication for authentication with SQL, as below, pyodbc could connect Azure SQL Database with AAD authentication.
I was facing the same problem but on MacOs. As described above, the ODBC option using 'ActiveDirectoryInteractive' is only available for Windows.
In order to connect to the database using AAD MFA, I also used pyodbc but with an access token. To get the token there are a few things that you'll need to do:
Azure CLI
Microsoft ODBC Driver for SQL Server (Linux-MAC)
Before you run the code below, you must authenticate using azure cli, to do so run from cmd : az login
from azure.identity import AzureCliCredential
import struct
import pyodbc
# input params
server = '<your server address>'
database = '<database name>'
query = 'SELECT * from dbo.Address;'
# Use the cli credential to get a token after the user has signed in via the Azure CLI 'az login' command.
credential = AzureCliCredential()
databaseToken = credential.get_token('https://database.windows.net/')
# get bytes from token obtained
tokenb = bytes(databaseToken[0], "UTF-8")
exptoken = b'';
for i in tokenb:
exptoken += bytes({i});
exptoken += bytes(1);
tokenstruct = struct.pack("=i", len(exptoken)) + exptoken;
# build connection string using acquired token
connString = "Driver={ODBC Driver 17 for SQL Server};SERVER="+server+";DATABASE="+database+""
SQL_COPT_SS_ACCESS_TOKEN = 1256
conn = pyodbc.connect(connString, attrs_before = {SQL_COPT_SS_ACCESS_TOKEN:tokenstruct});
# sample query
cursor = conn.cursor()
cursor.execute(query)
row = cursor.fetchone()
while row:
print (str(row[0]) + " " + str(row[1]))
row = cursor.fetchone()
Some people might experience different behavior using the code above depending on the version of the ODBC driver and MacOS.
TrustServerCertificate=Yes; to the connection string can help.References
https://pypi.org/project/azure-identity/
https://github.com/AzureAD/azure-activedirectory-library-for-python/wiki/Connect-to-Azure-SQL-Database
148
ODBC driver support the MFA authentication, but windows only:
I tested in Python pyodbc and it also works.
Here is my pyodbc code which connect to my Azure SQL database with AAD MFA authentication:
import pyodbc
server = '***.database.windows.net'
database = 'Mydatabase'
username ='****@****.com'
Authentication='ActiveDirectoryInteractive'
driver= '{ODBC Driver 17 for SQL Server}'
conn = pyodbc.connect('DRIVER='+driver+
';SERVER='+server+
';PORT=1433;DATABASE='+database+
';UID='+username+
';AUTHENTICATION='+Authentication
)
print(conn)
It works well in my windows environment.
Hope this helps.
27
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
