向 Azure Synapse Analytics 中的专用 SQL 池(之前称为 SQL DW)进行身份验证Authenticate to dedicated SQL pool (formerly SQL DW) in Azure Synapse Analytics

了解如何使用 Azure Active Directory (Azure AD) 或 SQL Server 身份验证向 Azure Synapse 中的专用 SQL 池(之前称为 SQL DW)进行身份验证。Learn how to authenticate to dedicated SQL pool (formerly SQL DW) in Azure Synapse by using Azure Active Directory (Azure AD) or SQL Server authentication.

若要连接到专用 SQL 池(之前称为 SQL DW),必须传入安全凭据进行身份验证。To connect to a dedicated SQL pool (formerly SQL DW), you must pass in security credentials for authentication purposes. 建立连接时,特定的连接设置已配置为建立查询会话的一部分。Upon establishing a connection, certain connection settings are configured as part of establishing your query session.

若要详细了解安全性以及如何启用与专用 SQL 池(之前称为 SQL DW)的连接,请参阅保护数据库文档For more information on security and how to enable connections to your dedicated SQL pool (formerly SQL DW), see securing a database documentation.

SQL 身份验证SQL authentication

若要连接到专用 SQL 池(之前称为 SQL DW),必须提供以下信息:To connect to dedicated SQL pool (formerly SQL DW), you must provide the following information:

  • 完全限定的服务器名称Fully qualified servername
  • 指定 SQL 身份验证Specify SQL authentication
  • 用户名Username
  • 密码Password
  • 默认数据库(可选)Default database (optional)

默认情况下,你的连接连接到 master 数据库而不是用户数据库。By default, your connection connects to the master database and not your user database. 若要连接到用户数据库,可以选择执行以下两项操作之一:To connect to your user database, you can choose to do one of two things:

  • 在 SSDT、SSMS 或应用程序连接字符串中将您的服务器注册到 SQL Server 对象资源管理器时指定默认数据库。Specify the default database when registering your server with the SQL Server Object Explorer in SSDT, SSMS, or in your application connection string. 例如,包含 ODBC 连接的 InitialCatalog 参数。For example, include the InitialCatalog parameter for an ODBC connection.
  • 在 SSDT 中创建会话之前先突出显示用户数据库。Highlight the user database before creating a session in SSDT.

备注

不支持使用 Transact-SQL 语句 USE MyDatabase; 更改连接的数据库。The Transact-SQL statement USE MyDatabase; is not supported for changing the database for a connection. 有关使用 SSDT 连接到 SQL 池的指南,请参阅使用 Visual Studio 进行查询一文。For guidance connecting to a SQL pool with SSDT, refer to the Query with Visual Studio article.

Azure Active Directory 身份验证Azure Active Directory authentication

Azure Active Directory 身份验证是一种使用 Azure Active Directory (Azure AD) 中的标识连接到 SQL 池的机制。Azure Active Directory authentication is a mechanism of connecting to SQL pool by using identities in Azure Active Directory (Azure AD). 通过 Azure Active Directory 身份验证,可以在一个中心位置中集中管理数据库用户和其他 Microsoft 服务的标识。With Azure Active Directory authentication, you can centrally manage the identities of database users and other Microsoft services in one central location. 集中 ID 管理提供单一位置用于管理专用 SQL 池(之前称为 SQL DW)用户,并简化权限管理。Central ID management provides a single place to manage dedicated SQL pool (formerly SQL DW) users and simplifies permission management.

优点Benefits

Azure Active Directory 的优点包括:Azure Active Directory benefits include:

  • 提供一个 SQL Server 身份验证的替代方法。Provides an alternative to SQL Server authentication.
  • 帮助阻止用户标识在服务器之间激增。Helps stop the proliferation of user identities across servers.
  • 允许在单一位置中轮换密码Allows password rotation in a single place
  • 使用外部 (Azure AD) 组管理数据库权限。Manage database permissions using external (Azure AD) groups.
  • 通过启用集成的 Windows 身份验证和 Azure Active Directory 支持的其他形式的身份验证来消除存储密码。Eliminates storing passwords by enabling integrated Windows authentication and other forms of authentication supported by Azure Active Directory.
  • 使用包含的数据库用户在数据库级别对标识进行身份验证。Uses contained database users to authenticate identities at the database level.
  • 支持对连接到 SQL 池的应用程序进行基于令牌的身份验证。Supports token-based authentication for applications connecting to SQL pool.
  • 通过对各种工具(包括 SQL Server Management StudioSQL Server Data Tools)的 Active Directory 通用身份验证支持多重身份验证。Supports Multi-Factor authentication through Active Directory Universal Authentication for various tools including SQL Server Management Studio and SQL Server Data Tools.

备注

Azure Active Directory 仍然相对较新,具有某些限制。Azure Active Directory is still relatively new and has some limitations. 若要确保 Azure Active Directory 适用于环境,请参阅 Azure AD features and limitations(Azure AD 功能和限制),尤其是那些需要额外考虑的内容。To ensure that Azure Active Directory is a good fit for your environment, see Azure AD features and limitations, specifically the Additional considerations.

配置步骤Configuration steps

按照这些步骤配置 Azure Active Directory 身份验证。Follow these steps to configure Azure Active Directory authentication.

  1. 创建并填充 Azure Active DirectoryCreate and populate an Azure Active Directory
  2. 可选:关联或更改当前与 Azure 订阅关联的 Active DirectoryOptional: Associate or change the active directory that is currently associated with your Azure Subscription
  3. 为 Azure Synapse 创建 Azure Active Directory 管理员Create an Azure Active Directory administrator for Azure Synapse
  4. 配置客户端计算机Configure your client computers
  5. 在映射到 Azure AD 标识的数据库中创建包含的数据库用户Create contained database users in your database mapped to Azure AD identities
  6. 使用 Azure AD 标识连接到 SQL 池Connect to your SQL pool by using Azure AD identities

目前,Azure Active Directory 用户不会显示在 SSDT 对象资源管理器中。Currently Azure Active Directory users are not shown in SSDT Object Explorer. 解决方法是在 sys.database_principals 中查看这些用户。As a workaround, view the users in sys.database_principals.

查看详细信息Find the details

后续步骤Next steps

若要开始使用 Visual Studio 和其他应用程序进行查询,请参阅使用 Visual Studio 进行查询To start querying with Visual Studio and other applications, see Query with Visual Studio.