Adventures with Azure: Azure SQL and Access Tokens – Part 1

Azure SQL

In this series of articles we will access an Azure SQL database using an access token provided by Azure AD.

Why would we even want to do this?

Doing it this way means we DO NOT have to provide a User Id and Password in our connection string.

In Part 1 we will create the Azure resources to request an access token from Azure AD, using Postman.

In Part 2 we will create a C# .NET Core 3.0 library that can request an access token from Azure AD.

In Part 3 we will bring it all together and create an Azure Function that will insert a record into Azure SQL database using the access token provided from the C# .NET Core 3.0 library we created in Part 2.

Let’s get started.

Navigate to the Azure Portal.

In the Search Box, Type azure active and Click Azure Active Directory.

Click App Registrations.

Click New Registration.

Enter a Name and Click Register.

Once the App Registration has been created we will be redirected to the App Registration Overview.

Click Certificates & secrets.

Copy the Value of the secret, we will need that value in a future step.

You will also need to copy the TenantId and ClientId.

To get the TenantId and ClientId, from the App Registration Click Overview.

Copy the ClientId, labeled Application (client) ID, and the TenantId, labeled Directory (tenant) ID.

Now we have everything we need to get an access token!

Open Postman.

Create a new request.

Select POST for the Method.

Set the URL to https://login.microsoftonline.com/{TenantId}/oauth2/token.

Click the Body tab and Select x-www-form-urlencoded.

Add a Key grant_type and a Value of client_credentials.

Add a Key client_idand a Value of TenantId.

Add a Key client_secretand a Value of ClientId.

Add a Key resourceand a Value of https://database.windows.net/.

Click Send.

If everything was setup correctly, then a response with a Status Code of 200 OK, along with a body that includes an access_token, will be returned.

Now on to Part 2.

Leave a Reply

Your email address will not be published.