Today we're shipping the general availability release of Microsoft.Data.SqlClient 7.0, a major milestone for the .NET data provider for SQL Server. This release tackles the single most requested change in the repository's history, introduces powerful new extensibility points for authentication, and adds protocol-level features for Azure SQL Hyperscale, all while laying the groundwork for a more modular driver architecture.
If you take away one thing from this post: the core SqlClient package is dramatically lighter now. Azure dependencies have been extracted into a separate package, and you only pull them in if you need them.
dotnet add package Microsoft.Data.SqlClient --version 7.0.0
The #1 Request: A Lighter Package
For years, the most upvoted issue in the SqlClient repository asked the same question: "Why does my console app that just talks to SQL Server pull in Azure.Identity, MSAL, and WebView2?"
With 7.0, it doesn't anymore.
We've extracted all Azure / Microsoft Entra authentication functionality into a new Microsoft.Data.SqlClient.Extensions.Azure package. The core driver no longer carries Azure.Core, Azure.Identity, Microsoft.Identity.Client, or any of their transitive dependencies. If you connect with SQL authentication or Windows integrated auth, your bin folder just got dramatically smaller.
For teams that do use Entra authentication, the migration is straightforward. Add one package reference and you're done:
dotnet add package Microsoft.Data.SqlClient.Extensions.AzureNo code changes. No configuration changes. You can also now update Azure dependency versions on your own schedule, independent of driver releases. This is something library authors and enterprise teams have been asking for.
Pluggable Authentication with SspiContextProvider
Integrated authentication in containers and cross-domain environments has always been a pain point. Kerberos ticket management, sidecar processes, domain trust configuration: the workarounds were never simple.
Version 7.0 introduces a new public SspiContextProvider API on SqlConnection that lets you take control of the authentication handshake. You provide the token exchange logic; the driver handles everything else.
var connection = new SqlConnection(connectionString);
connection.SspiContextProvider = new MyKerberosProvider();
connection.Open();This opens the door to scenarios the driver never natively supported: authenticating across untrusted domains, using NTLM with explicit credentials, or implementing custom Kerberos negotiation in Kubernetes pods. A sample implementation is available in the repository.
Async Read Performance: Packet Multiplexing (Preview)
One of the most community-driven features in 7.0 is packet multiplexing, a change to how the driver processes TDS packets during asynchronous reads. Originally contributed by community member Wraith2, this work delivers a significant leap in async read performance for large result sets.
Packet multiplexing was first introduced in 6.1 and has been refined across the 7.0 preview cycle with additional bug fixes and stability improvements. In 7.0, it ships behind two opt-in feature switches so we can gather broader real-world feedback before making it the default:
AppContext.SetSwitch("Switch.Microsoft.Data.SqlClient.UseCompatibilityAsyncBehaviour", false);
AppContext.SetSwitch("Switch.Microsoft.Data.SqlClient.UseCompatibilityProcessSni", false);Setting both switches to false enables the new async processing path. By default, the driver uses the existing (compatible) behavior.
We need your help. If your application performs large async reads (ExecuteReaderAsync with big result sets, streaming scenarios, or bulk data retrieval), please try enabling these switches and let us know how it performs in your environment. File your results on GitHub Issues to help us move this toward on-by-default in a future release.
Enhanced Routing for Azure SQL
Azure SQL environments with named read replicas and gateway-based load balancing can now take advantage of enhanced routing, a TDS protocol feature that lets the server redirect connections to a specific server and database during login.
This is entirely transparent to your application. No connection string changes, no code changes. The driver negotiates the capability automatically when the server supports it.
.NET 10 Ready
SqlClient 7.0 compiles and tests against the .NET 10 SDK, so you're ready for the next major .NET release on day one. Combined with continued support for .NET 8, .NET 9, .NET Framework 4.6.2+, and .NET Standard 2.0 (restored in 6.1), the driver covers the full spectrum of active .NET runtimes.
ActiveDirectoryPassword Is Deprecated: Plan Your Migration
As Microsoft moves toward mandatory multifactor authentication across its services, we've deprecated SqlAuthenticationMethod.ActiveDirectoryPassword (the ROPC flow). The method still works in 7.0, but it's marked [Obsolete] and will generate compiler warnings.
Now is the time to move to a stronger alternative:
| Scenario | Recommended Authentication |
|---|---|
| Interactive / desktop apps | Active Directory Interactive |
| Service-to-service | Active Directory Service Principal |
| Azure-hosted workloads | Active Directory Managed Identity |
| Developer / CI environments | Active Directory Default |
Quality of Life Improvements
Beyond the headline features, 7.0 includes a collection of improvements that make the driver more reliable and easier to work with in production.
Better retry logic. The new SqlConfigurableRetryFactory.BaselineTransientErrors property exposes the built-in transient error codes, so you can extend the default list with your own application-specific codes instead of copy-pasting error numbers from source.
More app context switches. You can now set MultiSubnetFailover=true globally, ignore server-provided failover partners in Basic Availability Groups, and control async multi-packet behavior, all without modifying connection strings.
Better diagnostics on .NET Framework. SqlClientDiagnosticListener is now enabled for SqlCommand on .NET Framework, closing a long-standing observability gap.
Connection performance fix. A regression where SPN generation was unnecessarily triggered for SQL authentication connections on the native SNI path has been resolved.
Performance improvements. Allocation reductions across Always Encrypted scenarios, SqlStatistics timing, and key store providers.
Upgrading from 6.x
For most applications, upgrading is a package version bump:
dotnet add package Microsoft.Data.SqlClient --version 7.0.0If you use Microsoft Entra authentication, also add:
dotnet add package Microsoft.Data.SqlClient.Extensions.AzureIf you use ActiveDirectoryPassword, you'll see a compiler warning. Start planning your migration to a supported auth method.
Review the full release notes in release-notes/7.0 for the complete list of changes across all preview releases.
Thank You to Our Contributors
Open-source contributions are central to SqlClient's development. We'd like to recognize the community members who contributed to the 7.0 release:
edwardneal · ErikEJ · MatthiasHuygelen · ShreyaLaxminarayan · tetolv · twsouthwick · Wraith2
What's Next
We're continuing to invest in performance, modularity, and modern .NET alignment. Stay tuned for updates on the roadmap, and keep the feedback coming. Your issues and discussions directly shape what we build.
- NuGet: Microsoft.Data.SqlClient 7.0.0
- GitHub: dotnet/SqlClient
- Issues & Feedback: github.com/dotnet/SqlClient/issues
- Docs: Microsoft.Data.SqlClient on Microsoft Learn
Microsoft