将 MS-TDS 与 Azure Active Directory 配合使用MS-TDS with Azure Active Directory

Azure AD 用户身份验证Azure AD User Authentication

支持 Azure AD 用户身份验证的 SQL 客户端可以与 Azure 数据资源管理器配合使用。SQL clients that support Azure AD user authentication can be used with Azure Data Explorer.

.NET SQL 客户端(用户).NET SQL Client (user)

例如,对于集成 Azure AD:For example, for integrated Azure AD:

    var csb = new SqlConnectionStringBuilder()
    {
        InitialCatalog = "mydatabase",
        Authentication = SqlAuthenticationMethod.ActiveDirectoryIntegrated,
        DataSource = "mykusto.kusto.chinacloudapi.cn"
    };

Kusto 支持使用已获取的访问令牌进行身份验证:Kusto supports authentication with already obtained access token:

    var csb = new SqlConnectionStringBuilder()
    {
        InitialCatalog = "mydatabase",
        DataSource = "mykusto.kusto.chinacloudapi.cn"
    };
    using (var connection = new SqlConnection(csb.ToString()))
    {
        connection.AccessToken = accessToken;
        await connection.OpenAsync();
    }

JDBC(用户)JDBC (user)

import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.ResultSetMetaData;
import java.sql.Statement;
import com.microsoft.sqlserver.jdbc.SQLServerDataSource;
import com.microsoft.aad.adal4j.*;

public class Sample {
  public static void main(String[] args) throws Exception {
    AuthenticationResult authenticationResult = futureAuthenticationResult.get();
    SQLServerDataSource ds = new SQLServerDataSource();
    ds.setServerName("<your cluster DNS name>");
    ds.setDatabaseName("<your database name>");
    ds.setHostNameInCertificate("*.kusto.chinacloudapi.cn"); // Or appropriate regional domain.
    ds.setAuthentication("ActiveDirectoryIntegrated");
    try (Connection connection = ds.getConnection();
         Statement stmt = connection.createStatement();) {
      ResultSet rs = stmt.executeQuery("<your T-SQL query>");
      /*
      Read query result.
      */
    } catch (Exception e) {
      System.out.println();
      e.printStackTrace();
    }
  }
}

Azure AD 应用程序身份验证Azure AD Application Authentication

为 Kusto 预配的 Azure AD 应用程序可使用支持 Azure AD 的 SQL 客户端库连接到 Kusto。Azure AD application provisioned for Kusto can use SQL client libraries that support Azure AD for connecting to Kusto.

.NET SQL 客户端(应用程序).NET SQL Client (application)

在假设你已为 Azure AD 应用程序预配了 ApplicationClientId 和 ApplicationKey,并授予其访问群集 ClusterDnsName 上的数据库 DatabaseName 的权限的情况下,以下示例演示如何使用 .NET SQL 客户端从此 Azure AD 应用程序进行查询。Assuming you have provisioned Azure AD application with ApplicationClientId and ApplicationKey and granted it permissions to access database DatabaseName on cluster ClusterDnsName , the following sample demonstrates how to use .NET SQL Client for queries from this Azure AD application.

using Microsoft.IdentityModel.Clients.ActiveDirectory;
using System;
using System.Data;
using System.Data.SqlClient;

namespace Sample
{
  class Program
  {
    private static async Task<string> ObtainToken()
    {
      var authContext = new AuthenticationContext(
        // Can also use tenant ID.
        "https://login.partner.microsoftonline.cn/<your AAD tenant name>");
      var applicationCredentials = new ClientCredential(
        "<your application client ID>",
        "<your application key>");
      var result = await authContext.AcquireTokenAsync(
        "https://<your cluster DNS name>",
        applicationCredentials);
      return result.AccessToken;
    }

    private static async Task QuerySample()
    {
      var csb = new SqlConnectionStringBuilder()
      {
        InitialCatalog = "<your database name>",
        DataSource = "<your cluster DNS name>"
      };
      using (var connection = new SqlConnection(csb.ToString()))
      {
        connection.AccessToken = await ObtainToken();
        await connection.OpenAsync();
        using (var command = new SqlCommand(
          "<your T-SQL query>",
          connection))
        {
          var reader = await command.ExecuteReaderAsync();
          /*
          Read query result.
          */
        }
      }
    }
  }
}

JDBC(应用程序)JDBC (application)

import java.sql.*;
import com.microsoft.sqlserver.jdbc.*;
import com.microsoft.aad.adal4j.*;

public class Sample {
  public static void main(String[] args) throws Throwable {
    ExecutorService service = Executors.newFixedThreadPool(1);
    // Can also use tenant name.
    String url = "https://login.partner.microsoftonline.cn/<your AAD tenant ID>";
    AuthenticationContext authenticationContext =
      new AuthenticationContext(url, false, service);
    ClientCredential  clientCredential = new ClientCredential(
      "<your application client ID>",
      "<your application key>");
    Future<AuthenticationResult> futureAuthenticationResult =
      authenticationContext.acquireToken(
        "https://<your cluster DNS name>",
        clientCredential,
        null);
    AuthenticationResult authenticationResult = futureAuthenticationResult.get();
    SQLServerDataSource ds = new SQLServerDataSource();
    ds.setServerName("<your cluster DNS name>");
    ds.setDatabaseName("<your database name>");
    ds.setAccessToken(authenticationResult.getAccessToken());
    connection = ds.getConnection();
    statement = connection.createStatement();
    ResultSet rs = statement.executeQuery("<your T-SQL query>");
    /*
    Read query result.
    */
  }
}