将 MS-TDS 与 Azure Active Directory 配合使用MS-TDS with Azure Active Directory

AAD 用户身份验证AAD User Authentication

支持 AAD 用户身份验证的 SQL 客户端可以与 Kusto 一起使用。SQL clients that support AAD user authentication can be used with Kusto.

.NET SQL 客户端(用户).NET SQL Client (user)

例如,对于集成 AAD:For example, for integrated AAD:

    var csb = new SqlConnectionStringBuilder()
    {
        InitialCatalog = "mydatabase",
        Authentication = SqlAuthenticationMethod.ActiveDirectoryIntegrated,
        DataSource = "mykusto.kusto.chinacloudapi.cn"
    };

Kusto 支持使用已获取的访问令牌进行身份验证:Kusto supports authentication with already obtained access token:

    var csb = new SqlConnectionStringBuilder()
    {
        InitialCatalog = "mydatabase",
        DataSource = "mykusto.kusto.chinacloudapi.cn"
    };
    using (var connection = new SqlConnection(csb.ToString()))
    {
        connection.AccessToken = accessToken;
        await connection.OpenAsync();
    }

JDBC(用户)JDBC (user)

import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.ResultSetMetaData;
import java.sql.Statement;
import com.microsoft.sqlserver.jdbc.SQLServerDataSource;
import com.microsoft.aad.adal4j.*;

public class Sample {
  public static void main(String[] args) throws Exception {
    AuthenticationResult authenticationResult = futureAuthenticationResult.get();
    SQLServerDataSource ds = new SQLServerDataSource();
    ds.setServerName("<your cluster DNS name>");
    ds.setDatabaseName("<your database name>");
    ds.setHostNameInCertificate("*.kusto.chinacloudapi.cn"); // Or appropriate regional domain.
    ds.setAuthentication("ActiveDirectoryIntegrated");
    try (Connection connection = ds.getConnection();
         Statement stmt = connection.createStatement();) {
      ResultSet rs = stmt.executeQuery("<your T-SQL query>");
      /*
      Read query result.
      */
    } catch (Exception e) {
      System.out.println();
      e.printStackTrace();
    }
  }
}

AAD 应用程序身份验证AAD Application Authentication

为 Kusto 预配的 AAD 应用程序可使用支持 AAD 的 SQL 客户端库连接到 Kusto。AAD application provisioned for Kusto can use SQL client libraries that support AAD for connecting to Kusto. 有关 AAD 应用程序的详细信息,请参阅创建 AAD 应用程序See Creating an AAD Application for more information about AAD applications.

.NET SQL 客户端(应用程序).NET SQL Client (application)

在假设你已为 AAD 应用程序预配了 ApplicationClientId 和 ApplicationKey,并授予其访问群集 ClusterDnsName 上的数据库 DatabaseName 的权限的情况下,以下示例演示如何使用 .NET SQL 客户端从此 AAD 应用程序进行查询。Assuming you have provisioned AAD application with ApplicationClientId and ApplicationKey and granted it permissions to access database DatabaseName on cluster ClusterDnsName, the following sample demonstrates how to use .NET SQL Client for queries from this AAD application.

using Microsoft.IdentityModel.Clients.ActiveDirectory;
using System;
using System.Data;
using System.Data.SqlClient;

namespace Sample
{
  class Program
  {
    private static async Task<string> ObtainToken()
    {
      var authContext = new AuthenticationContext(
        // Can also use tenant ID.
        "https://login.partner.microsoftonline.cn/<your AAD tenant name>");
      var applicationCredentials = new ClientCredential(
        "<your application client ID>",
        "<your application key>");
      var result = await authContext.AcquireTokenAsync(
        "https://<your cluster DNS name>",
        applicationCredentials);
      return result.AccessToken;
    }

    private static async Task QuerySample()
    {
      var csb = new SqlConnectionStringBuilder()
      {
        InitialCatalog = "<your database name>",
        DataSource = "<your cluster DNS name>"
      };
      using (var connection = new SqlConnection(csb.ToString()))
      {
        connection.AccessToken = await ObtainToken();
        await connection.OpenAsync();
        using (var command = new SqlCommand(
          "<your T-SQL query>",
          connection))
        {
          var reader = await command.ExecuteReaderAsync();
          /*
          Read query result.
          */
        }
      }
    }
  }
}

JDBC(应用程序)JDBC (application)

import java.sql.*;
import com.microsoft.sqlserver.jdbc.*;
import com.microsoft.aad.adal4j.*;

public class Sample {
  public static void main(String[] args) throws Throwable {
    ExecutorService service = Executors.newFixedThreadPool(1);
    // Can also use tenant name.
    String url = "https://login.partner.microsoftonline.cn/<your AAD tenant ID>";
    AuthenticationContext authenticationContext =
      new AuthenticationContext(url, false, service);
    ClientCredential  clientCredential = new ClientCredential(
      "<your application client ID>",
      "<your application key>");
    Future<AuthenticationResult> futureAuthenticationResult =
      authenticationContext.acquireToken(
        "https://<your cluster DNS name>",
        clientCredential,
        null);
    AuthenticationResult authenticationResult = futureAuthenticationResult.get();
    SQLServerDataSource ds = new SQLServerDataSource();
    ds.setServerName("<your cluster DNS name>");
    ds.setDatabaseName("<your database name>");
    ds.setAccessToken(authenticationResult.getAccessToken());
    connection = ds.getConnection();
    statement = connection.createStatement();
    ResultSet rs = statement.executeQuery("<your T-SQL query>");
    /*
    Read query result.
    */
  }
}