获取对应用程序进行身份验证所需的值以便从代码访问 SQL 数据库Get the required values for authenticating an application to access SQL Database from code

若要在代码中创建并管理 SQL 数据库,必须在创建 Azure 资源的订阅中的 Azure Active Directory (AAD) 域内注册你的应用。To create and manage SQL Database from code you must register your app in the Azure Active Directory (AAD) domain in the subscription where your Azure resources have been created.

创建服务主体以便从应用程序访问资源Create a service principal to access resources from an application

以下示例将创建对 C# 应用进行身份验证所需的 Active Directory (AD) 应用程序和服务主体。The following examples create the Active Directory (AD) application and the service principal that we need to authenticate our C# app. 该脚本输出我们需要用于前面 C# 示例的值。The script outputs values we need for the preceding C# sample. 有关详细信息,请参阅使用 Azure PowerShell 创建服务主体以访问资源For detailed information, see Use Azure PowerShell to create a service principal to access resources.

重要

PowerShell Azure 资源管理器 (RM) 模块仍受 Azure SQL 数据库支持,但所有未来的开发都是针对 Az.Sql 模块的。The PowerShell Azure Resource Manager (RM) module is still supported by Azure SQL Database, but all future development is for the Az.Sql module. AzureRM 模块至少在 2020 年 12 月之前将继续接收 bug 修补程序。The AzureRM module will continue to receive bug fixes until at least December 2020. Az 模块和 AzureRm 模块中的命令参数大体上是相同的。The arguments for the commands in the Az module and in the AzureRm modules are substantially identical. 若要详细了解其兼容性,请参阅新 Azure PowerShell Az 模块简介For more about their compatibility, see Introducing the new Azure PowerShell Az module.

# sign in to Azure
Connect-AzAccount -Environment AzureChinaCloud

# for multiple subscriptions, uncomment and set to the subscription you want to work with
#$subscriptionId = "{xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}"
#Set-AzContext -SubscriptionId $subscriptionId

$appName = "{app-name}" # display name for your app, must be unique in your directory
$uri = "http://{app-name}" # does not need to be a real uri
$secret = "{app-password}"

# create an AAD app
$azureAdApplication = New-AzADApplication -DisplayName $appName -HomePage $Uri -IdentifierUris $Uri -Password $secret

# create a Service Principal for the app
$svcprincipal = New-AzADServicePrincipal -ApplicationId $azureAdApplication.ApplicationId

Start-Sleep -s 15 # to avoid a PrincipalNotFound error, pause here for 15 seconds

# if you still get a PrincipalNotFound error, then rerun the following until successful.
$roleassignment = New-AzRoleAssignment -RoleDefinitionName Contributor -ServicePrincipalName $azureAdApplication.ApplicationId.Guid

# output the values we need for our C# application to successfully authenticate
Write-Output "Copy these values into the C# sample app"

Write-Output "_subscriptionId:" (Get-AzContext).Subscription.SubscriptionId
Write-Output "_tenantId:" (Get-AzContext).Tenant.TenantId
Write-Output "_applicationId:" $azureAdApplication.ApplicationId.Guid
Write-Output "_applicationSecret:" $secret

另请参阅See also

使用 C# 创建 SQL 数据库Create a SQL database with C#
使用 Azure Active Directory 身份验证连接到 SQL 数据库Connecting to SQL Database By Using Azure Active Directory Authentication