Step By Step: How to use SQLPackage with Access Token

This post has been republished via RSS; it originally appeared at: Azure Database Support Blog articles.

Purpose

SQLPackage allows you to authenticate with Access Token instead of providing Login name and password.

This article will show you how to do that end to end. 

 

General steps:

      1. Create App Registration in your Azure Active Directory (AAD)
      2. Create user for the Application to access Azure SQL DB and grant the needed permissions. 
      3. Generate Access token for your Application. 
      4. Use the Access token to import or export your database.

 

Detailed steps: 

      1. Create App Registration in your Azure Active Directory (AAD)
        1. Open Azure portal and access you Azure Active Directory management blade
        2. Click on App Registrations
        3. Click on New Registration
        4. Give your application a name so it can be identified afterwards
        5. Click on “Register”
        6. Once the App is created you will be redirected to the App blade
        7. Note your application (client) ID – you will use that later
        8. Click on “Endpoints” at the top and note the “OAuth 2.0 token endpoint (v2)” url – we will use this later as well.
        9. Click on “Certificate & Secrets”
        10. Click on “New Client Secret”
        11. Set the expiry time and click “Add”
        12. Note the value of the key – we will use it later.
      2. Create user for the Application to access Azure SQL DB and grant the needed permissions. 
        1. CREATE USER [SQLAccess] FROM EXTERNAL PROVIDER
        1. alter role dbmanager add member [SQLAccess]
        1. Make sure your server has AAD Admin account configured.
        2. Connect to you SQL DB with your AAD account
        3. Create the user for the application access
        4. Grant the needed permissions.
      3. Generate Access token for your Application. 
        1. Using PowerShell

 

$key= ConvertTo-SecureString `          -String "{Key Secret}" `          -AsPlainText `          -Force         Get-AdalToken `     -Resource "https://database.windows.net/" `     -ClientId "{Application ID}" `     -ClientSecret $key `     -TenantId "{Tenant ID}"

 

 

      1. Using C#

 

using System; using System.Collections.Generic; using System.Linq; using System.Text; using System.Threading.Tasks; using Microsoft.IdentityModel.Clients.ActiveDirectory; namespace ConsoleApp1 { class Program { static void Main(string[] args) { string clientId = "{Client ID}"; string aadTenantId = "{Tenant ID}"; string clientSecretKey = "{Key Secret}"; string AadInstance = "https://login.windows.net/{0}"; string ResourceId = "https://database.windows.net/"; AuthenticationContext authenticationContext = new AuthenticationContext(string.Format(AadInstance, aadTenantId)); ClientCredential clientCredential = new ClientCredential(clientId, clientSecretKey); DateTime startTime = DateTime.Now; Console.WriteLine("Time " + String.Format("{0:mm:ss.fff}", startTime)); AuthenticationResult authenticationResult = authenticationContext.AcquireTokenAsync(ResourceId, clientCredential).Result; DateTime endTime = DateTime.Now; Console.WriteLine("Got token at " + String.Format("{0:mm:ss.fff}", endTime)); Console.WriteLine("Total time to get token in milliseconds " + (endTime - startTime).TotalMilliseconds); Console.WriteLine(authenticationResult.AccessToken.ToString()); Console.ReadKey(); } } }

 

4. Use the Access token to import or export your database.

      1. Use your SQLPackage command and instead of using Login / User and password use the /AccessToken:{AccessTokenHere} (or /at)

REMEMBER: these articles are REPUBLISHED. Your best bet to get a reply is to follow the link at the top of the post to the ORIGINAL post! BUT you're more than welcome to start discussions here:

This site uses Akismet to reduce spam. Learn how your comment data is processed.