You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/connect/ado-net/sql/azure-active-directory-authentication.md
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -28,7 +28,7 @@ Microsoft Entra authentication uses identities in Microsoft Entra ID to access d
28
28
29
29
When you set the `Authentication` connection property in the connection string, the client can choose a preferred Microsoft Entra authentication mode according to the value provided:
30
30
31
-
- The earliest **Microsoft.Data.SqlClient** version supports `Active Directory Password`**[DEPRECATED]** for .NET Framework, .NET Core, and .NET Standard. It also supports `Active Directory Integrated` authentication and `Active Directory Interactive` authentication for .NET Framework.
31
+
- The earliest **Microsoft.Data.SqlClient** version supports `Active Directory Password`[DEPRECATED] for .NET Framework, .NET Core, and .NET Standard. It also supports `Active Directory Integrated` authentication and `Active Directory Interactive` authentication for .NET Framework.
32
32
- Starting with **Microsoft.Data.SqlClient** 2.0.0, support for `Active Directory Integrated` authentication and `Active Directory Interactive` authentication is extended across .NET Framework, .NET Core, and .NET Standard.
33
33
34
34
A new `Active Directory Service Principal` authentication mode is also added in SqlClient 2.0.0. It makes use of the client ID and secret of a service principal identity to accomplish authentication.
@@ -44,14 +44,14 @@ When the application is connecting to Azure SQL data sources by using Microsoft
44
44
45
45
| Value | Description | Microsoft.Data.SqlClient version |
46
46
|:--|:--|:--:|
47
-
| Active Directory Password **[DEPRECATED]**| Authenticate with a Microsoft Entra identity's username and password.<br/><br/>**Active Directory Password is deprecated**. Migrate to multifactor authentication (Active Directory Interactive) for user principals. For more information, see [Planning for mandatory multifactor authentication for Azure](/entra/identity/authentication/concept-mandatory-multifactor-authentication). | 1.0+ |
48
47
| Active Directory Integrated | Authenticate with a Microsoft Entra identity by using Integrated Windows Authentication (IWA) | 2.0.0+<sup>1</sup> |
49
48
| Active Directory Interactive | Authenticate with a Microsoft Entra identity by using interactive authentication | 2.0.0+<sup>1</sup> |
50
49
| Active Directory Service Principal | Authenticate with a Microsoft Entra service principal, using its client ID and secret | 2.0.0+ |
51
50
| Active Directory Device Code Flow | Authenticate with a Microsoft Entra identity by using Device Code Flow mode | 2.1.0+ |
52
51
| Active Directory Managed Identity, <br>Active Directory MSI | Authenticate using a Microsoft Entra system-assigned or user-assigned managed identity | 2.1.0+ |
53
52
| Active Directory Default | Authenticate with a Microsoft Entra identity by using password-less and non-interactive mechanisms including managed identities, Visual Studio Code, Visual Studio, Azure CLI, etc. | 3.0.0+ |
54
53
| Active Directory Workload Identity | Authenticate with a Microsoft Entra identity by using a federated User Assigned Managed Identity to connect to SQL Database from Azure client environments that are enabled for Workload Identity. | 5.2.0+ |
54
+
| Active Directory Password [DEPRECATED]| Authenticate with a Microsoft Entra identity's username and password.<br/><br/>Active Directory Password is deprecated. Migrate to multifactor authentication (Active Directory Interactive) for user principals. For more information, see [Planning for mandatory multifactor authentication for Azure](/entra/identity/authentication/concept-mandatory-multifactor-authentication). | 1.0+ |
55
55
56
56
<sup>1</sup> Before **Microsoft.Data.SqlClient** 2.0.0, `Active Directory Integrated`, and `Active Directory Interactive` authentication modes are supported only on .NET Framework.
57
57
@@ -335,7 +335,7 @@ The following example displays how to use a custom callback when `Active Directo
With a customized `ActiveDirectoryAuthenticationProvider` class, a user-defined application client ID can be passed to SqlClient when a supported Microsoft Entra authentication mode is in use. Supported Microsoft Entra authentication modes include `Active Directory Password`**[DEPRECATED]**, `Active Directory Integrated`, `Active Directory Interactive`, `Active Directory Service Principal`, and `Active Directory Device Code Flow`.
338
+
With a customized `ActiveDirectoryAuthenticationProvider` class, a user-defined application client ID can be passed to SqlClient when a supported Microsoft Entra authentication mode is in use. Supported Microsoft Entra authentication modes include `Active Directory Integrated`, `Active Directory Interactive`, `Active Directory Service Principal`, `Active Directory Device Code Flow`, and `Active Directory Password`[DEPRECATED].
339
339
340
340
The application client ID is also configurable via `SqlAuthenticationProviderConfigurationSection` or `SqlClientAuthenticationProviderConfigurationSection`. The configuration property `applicationClientId` applies to .NET Framework 4.6+ and .NET Core 2.1+.
Copy file name to clipboardExpand all lines: docs/connect/jdbc/connecting-using-azure-active-directory-authentication.md
+7-7Lines changed: 7 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -29,10 +29,6 @@ Connection properties to support Microsoft Entra authentication in the Microsoft
29
29
-**ActiveDirectoryIntegrated**
30
30
- Since driver version 6.0, `authentication=ActiveDirectoryIntegrated` can be used to connect to Azure SQL/Synapse Analytics via integrated authentication. To use this authentication mode, you must [federate](/azure/active-directory/hybrid/connect/whatis-fed) the on-premises Active Directory Federation Services (ADFS) with Microsoft Entra ID in the cloud. Once you set it up, you can connect by either adding the native library `mssql-jdbc_auth-<version>-<arch>.dll` to the application class path on Windows, or by setting up a Kerberos ticket for cross-platform authentication support. You're able to access Azure SQL/Azure Synapse Analytics without being prompted for credentials when you're logged in to a domain-joined machine. For more information, see [Connect using ActiveDirectoryIntegrated authentication mode](#connect-using-activedirectoryintegrated-authentication-mode).
31
31
32
-
-**ActiveDirectoryPassword [DEPRECATED]**
33
-
- ActiveDirectoryPassword is deprecated. Migrate to multifactor authentication (ActiveDirectoryInteractive) for user principals. For more information, see [Planning for mandatory multifactor authentication for Azure](/entra/identity/authentication/concept-mandatory-multifactor-authentication).
34
-
- Since driver version 6.0, `authentication=ActiveDirectoryPassword` can be used to connect to Azure SQL/Synapse Analytics with Microsoft Entra username and password. For more information, see [Connect using ActiveDirectoryPassword authentication mode](#connect-using-activedirectorypassword-authentication-mode).
35
-
36
32
-**ActiveDirectoryInteractive**
37
33
- Since driver version 9.2, `authentication=ActiveDirectoryInteractive` can be used to connect to an Azure SQL/Synapse Analytics via interactive authentication flow (multifactor authentication). For more information, see [Connect using ActiveDirectoryInteractive authentication mode](#connect-using-activedirectoryinteractive-authentication-mode).
38
34
@@ -41,10 +37,14 @@ Connection properties to support Microsoft Entra authentication in the Microsoft
41
37
42
38
-**ActiveDirectoryServicePrincipalCertificate**
43
39
- Since driver version 12.4, `authentication=ActiveDirectoryServicePrincipalCertificate` can be used to connect to an Azure SQL Database/Synapse Analytics by specifying the application/client ID in the userName property and the location of the Service Principal certificate in the `clientCertificate` property. For more information, see [Connect using ActiveDirectoryServicePrincipalCertificate authentication mode](#connect-using-activedirectoryserviceprincipalcertificate-authentication-mode).
40
+
-**ActiveDirectoryPassword [DEPRECATED]**
41
+
- ActiveDirectoryPassword is deprecated. Migrate to multifactor authentication (ActiveDirectoryInteractive) for user principals. For more information, see [Planning for mandatory multifactor authentication for Azure](/entra/identity/authentication/concept-mandatory-multifactor-authentication).
42
+
- Since driver version 6.0, `authentication=ActiveDirectoryPassword` can be used to connect to Azure SQL/Synapse Analytics with Microsoft Entra username and password. For more information, see [Connect using ActiveDirectoryPassword authentication mode](#connect-using-activedirectorypassword-authentication-mode).
43
+
44
44
-**SqlPassword**
45
45
- Use `authentication=SqlPassword` to connect to a SQL Server using userName/user and password properties.
46
46
-**NotSpecified**
47
-
-Use `authentication=NotSpecified` or leave it as the default when none of these authentication methods are needed.
47
+
-The default value when none of these authentication methods are specified.
48
48
-**accessToken**: Use this connection property to connect to a SQL Database with access token. `accessToken` can only be set using the Properties parameter of the `getConnection()` method in the DriverManager class. It can't be used in the connection URL.
49
49
50
50
For more information, see the authentication property on the [Setting the Connection Properties](setting-the-connection-properties.md) page.
@@ -289,7 +289,7 @@ You have successfully logged on as: <your domain user name>
289
289
290
290
### Set Kerberos ticket on Windows, Linux And macOS
291
291
292
-
You must up a Kerberos ticket to link your current user to a Windows domain account. Following is a summary of the key steps.
292
+
You must set up a Kerberos ticket to link your current user to a Windows domain account. Following is a summary of the key steps.
293
293
294
294
#### Windows
295
295
@@ -360,7 +360,7 @@ Access to a Windows domain-joined machine to query your Kerberos Domain Controll
360
360
## Connect using ActiveDirectoryPassword authentication mode
361
361
362
362
> [!NOTE]
363
-
> ActiveDirectoryPassword is **deprecated**. Migrate to multifactor authentication (ActiveDirectoryInteractive) for user principals. For more information, see [Planning for mandatory multifactor authentication for Azure](/entra/identity/authentication/concept-mandatory-multifactor-authentication).
363
+
> ActiveDirectoryPassword is deprecated. Migrate to multifactor authentication (ActiveDirectoryInteractive) for user principals. For more information, see [Planning for mandatory multifactor authentication for Azure](/entra/identity/authentication/concept-mandatory-multifactor-authentication).
364
364
365
365
The following example shows how to use `authentication=ActiveDirectoryPassword` mode.
0 commit comments