SQL Azure Database. Login with non-secure connection string

Question

I have an SQL Azure database and have the auditing enabled on it. According to the portal , Auditing requires use of Security Enabled Connection Strings and consequently have set the Security Enabled Access parameter on the DB portal to “Required” so that no apps with non-secure connection strings get to my DB.

When I try to get connected from SSMS using non secure connection string server name like MyAzureServer.database.windows.net I get an error message saying only connections with secure connection string are allowed which is what I expected

However my .NET application using the non-secure connection string like below works fine and no errors. I could also see that there is a record in audit logs that login was success

Server=tcp:MyDBServer.database.windows.net,1433;
Database=DemoDB;
User ID=Srisail@MyDBServer;
Password=password123%;
Encrypt=True;
TrustServerCertificate=False;
Connection Timeout=30;

My question is how my .NET app using the non-secure connection string able to login to my Azure SQL Server although I had forced my server to accept only connections with secure connection string.

Also I’m not sure if I fully understand secure and non-secure connection strings, except you include the text secure in your server name like MyDBServer.secure.database.windows.net. I would like to understand more on this.

Like always any help is greatly appreciated.

Answer 1

Just change

Server=tcp:MyDBServer.database.windows.net,1433;Database=DemoDB;User ID=Srisail@MyDBServer;Password=password123%;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;

To

Server=tcp:MyDBServer.database.secure.windows.net,1433;Database=DemoDB;User ID=Srisail@MyDBServer;Password=password123%;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;

Answer 2

I am glad to inform you that last week we have improved the behavior of DB “Required” mode, which eliminates the need to use the secure connection string to use auditing or data masking.

This means that SSMS or .NET app attempts to connect the database using the standard connection string will works fine with no errors, after you set the Security Enabled Access parameter on the DB portal to “Required”,

Could you please try get connected from SSMS using the standard connection string after setting the Security Enabled Access parameter on the DB portal to “Required?