This article will help you to understand how certificate-based authentication works for Azure SQL databases.
The following steps are performed to test certificate-based Authentication.
2. Create Azure DB user in Azure SQL Database.
3) Generate a self-signed certificate.
c:/"Program Files (x86)\Windows Kits\10\bin\10.0.22000.0\x64"/makecert -r -pe -n "CN=mytokentestCert1" -ss My -len 2048 mytokentestCert1.cer
4) Add a certificate to the App created in step-1. or can be done via Azure portal.
Connect-AzAccount -Tenant $TenantId
$cer = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 #create a new certificate object
$cer.Import("Certificatelocation") # use the local directory that contains the cert created in @3.
$bin = $cer.GetRawCertData()
$base64Value = [System.Convert]::ToBase64String($bin)
$bin = $cer.GetCertHash()
$base64Thumbprint = [System.Convert]::ToBase64String($bin)
$keyid = [System.Guid]::NewGuid().ToString()
# Ensure to use the right ObjectID for the application.
Connect-AzureAD -Tenant $TenantId
New-AzureADApplicationKeyCredential -ObjectId 96f2002a-887a-4fb1-a513-59d34c92cc04 -CustomKeyIdentifier $base64Thumbprint -Type AsymmetricX509Cert -Usage Verify -Value $base64Value
5) Create Console Application with .Net framework to authenticate via certificate.
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
</startup>
<appSettings>
<add key="ida:AADInstance" value="https://login.windows.net/{0}"/>
<add key="ida:Tenant" value="tenantID" /> <!--* update tenantID here */-->
<add key="ida:ClientId" value="AppClientID"/> <!--* update ClientID here */-->
<add key="ida:CertName" value="CN=mytokentestCert"/> <!--* update CertificateName */-->
<add key="sqldb:ResourceId" value="https://database.windows.net/"/>
</appSettings>
</configuration>
static void Main()
{
SqlConnectionStringBuilder builder = new SqlConnectionStringBuilder();
builder["Data Source"] = "AzureSQL.database.windows.net";//your Azure SQL server
builder["Initial Catalog"] = "DatabaseName"; // Update Database
builder["Connect Timeout"] = 120;
6) Run Console Application to verify the connection.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.