README.md

Connect to Azure SQL with authentication "ActiveDirectoryPassword"

This sample shows you how to develop Java application that authenciates to the Azure SQL database with Azure Active Directory, using ActiveDirectoryPassword authentication mode.

Prerequisites

To successfully complete the sample, you need to have an Azure AD instance, and an Azure SQL database with an Azure AD administrator.

1. Reference to Create and populate an Azure AD instance to create an Azure AD instance and populate it with users if you don't have an Azure AD instance yet. Write down passwords for Azure AD users.
2. If you don't have an Azure SQL instance, follow steps below to create one:
   1. Sign into Azure portal > Type "Azure SQL" in the search bar and click "Azure SQL" displayed in the "Services" list.
   2. Click "Create" > Click "Create" for "SQL databases" with resource type as "Single database".
   3. In the "Basics" tab
      1. Specify resource group name to create a new resource group.
      2. Specify and write down the value for "Database name".
      3. Click "Create new" for "Server"
         1. Specify the value for "Server name" and write down the fully qualified name in the format of <server-name>.database.windows.net.
         2. Select "Use only Azure Active Directory (Azure AD) authentication" as "Authentication method".
         3. Click "Set admin" to set Azure AD admin
            1. Select one AD user. Wrrite down the Azure AD user name.
            2. Click "Select".
         4. Click "OK".
      4. Click "Next : Networking >"
   4. In the "Networking" tab
      1. Select "Public endpoint" for "Network connectivity".
      2. Toggle "Yes" for "Allow Azure services and resources to access this server".
      3. Toggle "Yes" for "Add current client IP address".
      4. Check "Default" is selected for "Connection policy".
      5. Check "TLS 1.2" is selected for "Minimum TLS version".
   5. Click "Next : Security >"
      1. Select "Not now" for "Enable Microsoft Defender for SQL".
   6. Click "Review + create".
   7. Click "Create"
   8. Wait until the deployment completes.
3. If you already have an Azure SQL instance but it hasn't been configured with required settings:
   1. Refernece to Provision Azure AD admin (SQL Database) to provision an Azure Active Directory administrator for your existing Azure SQL instance.
   2. Sign into Azure portal > Type "Resource groups" in the search bar and click "Resource groups" displayed in the "Services" list. > Find your resource groups where the Azure SQL server and database were deployed. > Click to open.
      1. Click the SQL server instance > Click "Firewalls and virtual networks" under "Security" > Verify and make changes accordingly to make sure "Deny public network access" is not checked, "Minimum TLS Version" is "1.2", "Connection policy" is "Default", "Allow Azure services and resources to access this server" is "Yes", and IP address of your client is added to firewall rules.

Run the sample application locally

Now you're ready to checkout and run the sample application of this repo to verify if the connection initiated by your application to the Azure SQL database can be successfully authenticated using ActiveDirectoryPassword authentication mode.

1. Check out this repo to a target directory.

2. Locate to that directory and then change to its sub-directory sql-auth-aad-password.

3. Set environment variables for database connection with the values you wrote down before:

   export DB_SERVER_NAME=<server-name>.database.windows.net
   export DB_NAME=<database-name>
   export DB_USER=<azure-ad-admin-username>
   export DB_PASSWORD=<azure-ad-admin-pwd>

4. Compile and exeuctue the application

   mvn compile exec:java -Dexec.mainClass="com.example.sql.AADUserPassword"

   You should see the similar message output in the console: "You have successfully logged on as: <azure-ad-admin-username>".

Run the containerized sample application

To run the application in a clean enviroment, you can containerze the app and run it as a container if you have Docker installed locally.

1. Compile and package the app into an executable jar with all dependencies

   mvn clean compile assembly:single

2. Verify if the executable jar works

   cd target && java -jar sql-auth-aad-password-1.0-SNAPSHOT-jar-with-dependencies.jar && cd ..

   You should see the similar message output in the console: "You have successfully logged on as: <azure-ad-admin-username>".

3. Build the image.

   docker build -t sql-auth-aad-password:1.0 .

4. Run the image as a container. You should replace placeholders for database connection with the values you wrote down before.

   docker run --rm -e DB_SERVER_NAME=<server-name>.database.windows.net -e DB_NAME=<database-name>-e DB_USER=<azure-ad-admin-username> -e DB_PASSWORD=<azure-ad-admin-pwd> sql-auth-aad-password:1.0

   You should see the similar message output in the console: "You have successfully logged on as: <azure-ad-admin-username>".

References

The sample refers to the following documentations:

• Connect using ActiveDirectoryPassword authentication mode
• Configure and manage Azure AD authentication with Azure SQL

More related references:

• Use Azure Active Directory authentication
• Azure SQL Database and Azure Synapse Analytics connectivity architecture
• PKIX path building failed - unable to find valid certification path to requested target
  • Download and import certificates from PKI Repository (TLS) - Microsoft DSRE
• Configuring the client for encryption