Using Azure Identity with Azure SQL, Graph, and Entity Framework

Using Azure Identity with Azure SQL, Graph, and Entity Framework

The main strength of Azure Identity is that it’s integrated with all the new Azure SDK client libraries that support Azure Active Directory authentication, and provides a consistent authentication API. See the Azure SDK Releases page for a full list of the client libraries that support Azure Identity.

Hi there  👋

My name is Mickaël Derriey and I work at Telstra Purple, the largest IT consultancy in Australia. I’m part of an internal team where my main focus is to support .NET applications we developed in-house, most of which are hosted in Azure and integrate with a variety of workloads like Azure SQL, Blob Storage, or the Microsoft Graph API.

We’re always on the lookout to improve our security posture. One aspect of this is making sure we properly secure sensitive information, like connection strings, API keys, and the secrets associated with our Azure Active Directory apps. Azure Managed Identities is a feature that provides the application host, like an App Service or Azure Functions instance, an identity of its own which can be used to authenticate to services that support Azure Active Directory without any credentials stored in the code or the application configuration.

We found that Azure Identity helps us leverage that capability as it abstracts away the specifics of the token acquisition process when working with Managed Identities. It also implements support for a variety of credentials sources while exposing a consistent and easy-to-use API.

We wanted to share our experience leveraging Azure Identity, how it allows us to free our applications from credentials when deployed on Azure while providing a nice development time experience.

What is Azure Identity

The Azure Identity library is a token acquisition solution for Azure Active Directory.

The main strength of Azure Identity is that it’s integrated with all the new Azure SDK client libraries that support Azure Active Directory authentication, and provides a consistent authentication API. See the Azure SDK Releases page for a full list of the client libraries that support Azure Identity.

Another benefit of Azure Identity is the fact it sources credentials from a variety of places, while abstracting away the specificities of each credential. For example, at the time of writing, the often used DefaultAzureCredential class will try to use the following credentials to acquire a token:

  • Application credentials coming from environment variables;
  • The Azure Managed Identity associated with the Azure host the application is running on;
  • The account that a developer is signed in to in Visual Studio;
  • The account the developer has logged in to in the “Azure Account” Visual Studio Code extension; and finally
  • The account the developer has logged in to the Azure CLI.

This means that the same code can handle AAD authentication at development time, as well as when the solution is deployed to Azure, while accounting for the differences in the token acquisition process. For example, the application credentials coming from environment variables will be used to perform a standard OAuth 2.0 client credentials flow. However, if the Managed Identity credentials are used, it will issue a request to the identity endpoint instead, all transparently to the consumer of the library.

Let’s now see which credentials we use in our internal applications.

azure sdk azure-sdk dotnet entity framework graph identity nodejs sql typescript

Bootstrap 5 Complete Course with Examples

Bootstrap 5 Tutorial - Bootstrap 5 Crash Course for Beginners

Nest.JS Tutorial for Beginners

Hello Vue 3: A First Look at Vue 3 and the Composition API

Building a simple Applications with Vue 3

Deno Crash Course: Explore Deno and Create a full REST API with Deno

How to Build a Real-time Chat App with Deno and WebSockets

Convert HTML to Markdown Online

HTML entity encoder decoder Online

Introduction to Structured Query Language SQL pdf

SQL stands for Structured Query Language. SQL is a scripting language expected to store, control, and inquiry information put away in social databases. The main manifestation of SQL showed up in 1974, when a gathering in IBM built up the principal model of a social database. The primary business social database was discharged by Relational Software later turning out to be Oracle.

Azure SDK: What's new in the Azure Identity August 2020 General Availability Release

Since we shipped the first Azure Identity library preview in June 2019, it has been a vital part of building Azure cloud solutions. We have received great feedback from our development community and have added new features and have fixed many bugs.

Demo: Configure Azure SQL with Azure CLI | Azure SQL for beginners (Ep. 17)

In this video, see how to configure your Azure SQL connectivity leveraging the Azure CLI and PowerShell notebooks in Azure Data Studio. For the full Azure SQ...

What is Azure SQL? | Azure SQL for beginners (Ep. 3)

Azure SQL is composed of Azure SQL Database, Azure SQL Managed Instance, and SQL Server in Azure VM. Learn about the key differentiators between them. For th...

Migrating SQL workloads to Microsoft Azure: Services Selection

In this article, we will go through the different database services that are provided by Microsoft Azure to help you in selecting the proper service that can serve your SQL workload when migrating it to Microsoft Azure