You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Updated the documentation to reflect the deprecation of ActiveDirectoryPassword authentication and recommended migration to ActiveDirectoryInteractive.
Copy file name to clipboardExpand all lines: docs/connect/ado-net/sql/azure-active-directory-authentication.md
+5-3Lines changed: 5 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -28,7 +28,7 @@ Microsoft Entra authentication uses identities in Microsoft Entra ID to access d
28
28
29
29
When you set the `Authentication` connection property in the connection string, the client can choose a preferred Microsoft Entra authentication mode according to the value provided:
30
30
31
-
- The earliest **Microsoft.Data.SqlClient** version supports `Active Directory Password` for .NET Framework, .NET Core, and .NET Standard. It also supports `Active Directory Integrated` authentication and `Active Directory Interactive` authentication for .NET Framework.
31
+
- The earliest **Microsoft.Data.SqlClient** version supports `Active Directory Password`**[DEPRECATED]**for .NET Framework, .NET Core, and .NET Standard. It also supports `Active Directory Integrated` authentication and `Active Directory Interactive` authentication for .NET Framework.
32
32
- Starting with **Microsoft.Data.SqlClient** 2.0.0, support for `Active Directory Integrated` authentication and `Active Directory Interactive` authentication is extended across .NET Framework, .NET Core, and .NET Standard.
33
33
34
34
A new `Active Directory Service Principal` authentication mode is also added in SqlClient 2.0.0. It makes use of the client ID and secret of a service principal identity to accomplish authentication.
@@ -44,7 +44,7 @@ When the application is connecting to Azure SQL data sources by using Microsoft
44
44
45
45
| Value | Description | Microsoft.Data.SqlClient version |
46
46
|:--|:--|:--:|
47
-
| Active Directory Password | Authenticate with a Microsoft Entra identity's username and password | 1.0+ |
47
+
| Active Directory Password **[DEPRECATED]**| Authenticate with a Microsoft Entra identity's username and password.<br/><br/>**Active Directory Password is deprecated**. Migrate to multifactor authentication (Active Directory Interactive) for user principals. For more information, see [Planning for mandatory multifactor authentication for Azure](/entra/identity/authentication/concept-mandatory-multifactor-authentication).| 1.0+ |
48
48
| Active Directory Integrated | Authenticate with a Microsoft Entra identity by using Integrated Windows Authentication (IWA) | 2.0.0+<sup>1</sup> |
49
49
| Active Directory Interactive | Authenticate with a Microsoft Entra identity by using interactive authentication | 2.0.0+<sup>1</sup> |
50
50
| Active Directory Service Principal | Authenticate with a Microsoft Entra service principal, using its client ID and secret | 2.0.0+ |
@@ -57,6 +57,8 @@ When the application is connecting to Azure SQL data sources by using Microsoft
57
57
58
58
## Using password authentication
59
59
60
+
**ActiveDirectoryPassword is deprecated.** Migrate to multifactor authentication (ActiveDirectoryInteractive) for user principals. For more information, see [Planning for mandatory multifactor authentication for Azure](/entra/identity/authentication/concept-mandatory-multifactor-authentication).
61
+
60
62
`Active Directory Password` authentication mode supports authentication to Azure data sources with Microsoft Entra ID for native or federated Microsoft Entra users. When you're using this mode, user credentials must be provided in the connection string. The following example shows how to use `Active Directory Password` authentication.
61
63
62
64
```csharp
@@ -332,7 +334,7 @@ The following example displays how to use a custom callback when `Active Directo
With a customized `ActiveDirectoryAuthenticationProvider` class, a user-defined application client ID can be passed to SqlClient when a supported Microsoft Entra authentication mode is in use. Supported Microsoft Entra authentication modes include `Active Directory Password`, `Active Directory Integrated`, `Active Directory Interactive`, `Active Directory Service Principal`, and `Active Directory Device Code Flow`.
337
+
With a customized `ActiveDirectoryAuthenticationProvider` class, a user-defined application client ID can be passed to SqlClient when a supported Microsoft Entra authentication mode is in use. Supported Microsoft Entra authentication modes include `Active Directory Password`**[DEPRECATED]**, `Active Directory Integrated`, `Active Directory Interactive`, `Active Directory Service Principal`, and `Active Directory Device Code Flow`.
336
338
337
339
The application client ID is also configurable via `SqlAuthenticationProviderConfigurationSection` or `SqlClientAuthenticationProviderConfigurationSection`. The configuration property `applicationClientId` applies to .NET Framework 4.6+ and .NET Core 2.1+.
0 commit comments