Get the required values for authenticating an application to access Azure SQL Database from code

Applies to: Azure SQL Database

To create and manage an Azure SQL Database from code, you must register your app with Microsoft Entra ID (formerly Azure Active Directory). The app must be registered in the same Microsoft Entra tenant as your Azure SQL Database resource.

Create a service principal to access resources from an application

The following examples create the Microsoft Entra application and the service principal that we need to authenticate our C# app. The script outputs values we need for the preceding C# sample. For detailed information, see Use Azure PowerShell to create a service principal to access resources.

Important

The PowerShell Azure Resource Manager (RM) module is still supported by SQL Database, but all future development is for the Az.Sql module. The AzureRM module will continue to receive bug fixes until at least December 2020. The arguments for the commands in the Az module and in the AzureRm modules are substantially identical. For more about their compatibility, see Introducing the new Azure PowerShell Az module.

# sign in to Azure
Connect-AzAccount -Environment AzureChinaCloud

# for multiple subscriptions, uncomment and set to the subscription you want to work with
#$subscriptionId = "{xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}"
#Set-AzContext -SubscriptionId $subscriptionId

$appName = "{app-name}" # display name for your app, must be unique in your directory
$uri = "http://{app-name}" # does not need to be a real uri
$secret = "{app-password}"

# create an AAD app
$azureAdApplication = New-AzADApplication -DisplayName $appName -HomePage $Uri -IdentifierUris $Uri -Password $secret

# create a Service Principal for the app
$svcprincipal = New-AzADServicePrincipal -ApplicationId $azureAdApplication.ApplicationId

Start-Sleep -s 15 # to avoid a PrincipalNotFound error, pause here for 15 seconds

# if you still get a PrincipalNotFound error, then rerun the following until successful.
$roleassignment = New-AzRoleAssignment -RoleDefinitionName Contributor -ServicePrincipalName $azureAdApplication.ApplicationId.Guid

# output the values we need for our C# application to successfully authenticate
Write-Output "Copy these values into the C# sample app"

Write-Output "_subscriptionId:" (Get-AzContext).Subscription.SubscriptionId
Write-Output "_tenantId:" (Get-AzContext).Tenant.TenantId
Write-Output "_applicationId:" $azureAdApplication.ApplicationId.Guid
Write-Output "_applicationSecret:" $secret

See also

Create a database in Azure SQL Database with C#
Connect to Azure SQL Database by using Microsoft Entra authentication