【发布时间】:2016-07-08 07:04:15
【问题描述】:
我在通过 Azure Active Directory 对 Azure SQL 数据库进行身份验证时遇到问题。
我几乎按照我在这里找到的说明进行操作: [https://azure.microsoft.com/en-us/documentation/articles/sql-database-aad-authentication/][使用 Azure Active Directory 身份验证连接 SQL 数据库]
我能够使用 localhost 和 OpenID 对 Azure Active Directory 进行身份验证。我可以注册、登录和注销。我使用“fake@genericcompany.com”(实际电子邮件已更改)作为用户,我可以通过登录获得授权码和 id_token。我还添加了“fake@genericcompany.com”作为我的 SQL 数据库的 Active Directory 管理员,并将我计算机的 IP 地址添加到防火墙设置中。
我尝试使用 Microsoft SQL Server Management Studio 通过“fake@genericcompany.com”进行身份验证,但收到以下错误消息:
===================================
Cannot connect to abc.database.windows.net.
===================================
Failed to authenticate the user fake@genericcompany.com in Active Directory (Authentication=ActiveDirectoryPassword).
Error code 0xCAA90018; state 10
Could not discover a user realm. (.Net SqlClient Data Provider)
------------------------------
For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft%20SQL%20Server&EvtSrc=MSSQLServer&EvtID=0&LinkId=20476
------------------------------
Server Name: abc.database.windows.net
Error Number: 0
Severity: 11
State: 0
Procedure: ADALGetAccessToken
------------------------------
Program Location:
at System.Data.SqlClient.SqlInternalConnectionTds..ctor(DbConnectionPoolIdentity identity, SqlConnectionString connectionOptions, SqlCredential credential, Object providerInfo, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance, SqlConnectionString userConnectionOptions, SessionData reconnectSessionData, DbConnectionPool pool, String accessToken, Boolean applyTransientFaultHandling)
at System.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions options, DbConnectionPoolKey poolKey, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningConnection, DbConnectionOptions userOptions)
at System.Data.ProviderBase.DbConnectionFactory.CreateNonPooledConnection(DbConnection owningConnection, DbConnectionPoolGroup poolGroup, DbConnectionOptions userOptions)
at System.Data.ProviderBase.DbConnectionFactory.TryGetConnection(DbConnection owningConnection, TaskCompletionSource`1 retry, DbConnectionOptions userOptions, DbConnectionInternal oldConnection, DbConnectionInternal& connection)
at System.Data.ProviderBase.DbConnectionInternal.TryOpenConnectionInternal(DbConnection outerConnection, DbConnectionFactory connectionFactory, TaskCompletionSource`1 retry, DbConnectionOptions userOptions)
at System.Data.ProviderBase.DbConnectionClosed.TryOpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory, TaskCompletionSource`1 retry, DbConnectionOptions userOptions)
at System.Data.SqlClient.SqlConnection.TryOpenInner(TaskCompletionSource`1 retry)
at System.Data.SqlClient.SqlConnection.TryOpen(TaskCompletionSource`1 retry)
at System.Data.SqlClient.SqlConnection.Open()
at Microsoft.SqlServer.Management.SqlStudio.Explorer.ObjectExplorerService.ValidateConnection(UIConnectionInfo ci, IServerType server)
at Microsoft.SqlServer.Management.UI.ConnectionDlg.Connector.ConnectionThreadUser()
这是我的假 Azure 设置:
Azure Active Directory B2C
Directory domain: xyz.onmicrosoft.com
Azure SQL Server
Name: abc.database.windows.net
Server version: V12
Number of databases: 1
Database name: def
Dababase pricing tier: S0 Standard
我还将包含 SQL 数据库和服务器的订阅设置在上述同一个 Active Directory 中。
我读过一些关于“包含的数据库”和“包含的数据库用户”的东西,我可能需要 2 个数据库:一个“主数据库”和一个“用户数据库”,但我不明白这一切,尤其是在Azure SQL 数据库的上下文。这是我阅读的链接之一,但不完全理解:
[ https://msdn.microsoft.com/library/ff929188.aspx ][包含的数据库用户 - 使您的数据库可移植]
我将在下面发布其他链接,因为 SO 不允许我发布超过 2 个链接。
【问题讨论】:
-
这里是其他链接:[technet.microsoft.com/library/ff929071.aspx][包含的数据库][azure.microsoft.com/en-us/documentation/articles/…][Azure SQL 数据库安全指南和限制]
-
更新 我有图片:[登录尝试 1][i.stack.imgur.com/qiqUg.png][登录尝试 2][i.stack.imgur.com/8u9oZ.png][错误消息][i.stack.imgur.com/MqwJS.png]使用我的虚假、不存在的信息的错误消息与我使用实际的“服务器名称”和“用户名”时相同,所以这可能意味着什么?
标签: azure-sql-database azure-active-directory