@mattchenderson Can you help here?

I think there is a library (ADALSQL) that can be used with .NET 4.6: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-aad-authentication-configure

Would something like that work?

I don't believe that will work since it's written for .NET. The scenario I'm interested in is a secure database connection from an app service using ASP.NET core and EF core. In the document linked above an example of using MSI (managed service identity) is explained. This is secure because no secrets or keys are stored in app settings or in code. However, as I mentioned, the note in the article says that the access token property is not available in .NET Core. So my question is, what is the recommended approach for a secure connection from an Azure App Service (Web App) and an Azure SQL Database for a .NET Core Web App. Is there some other way to use MSI or another approach entirely.

Ah, apologies - I thought this article was .NET Core based and confused myself. This probably ends up being a question for the SQL Client folks - I'm not aware of a solution here, myself. It might be worth raising an issue against the ADALSQL article I linked.

Request for AAD auth in .NET Core is opened here for more than two years already: https://github.com/dotnet/corefx/issues/8807
They said it does not have enough upvotes, so please, vote!

@mattchenderson I don't know if you've followed the discussion at https://github.com/dotnet/corefx/issues/8807 about this, but I want to be sure they understand the need/priority...some of the conversation has been around "how many upvotes" the missing property gets...my sense is that proper support of MSI's and the pivot effect that has on secret management in Azure goes beyond "collecting votes". If you can, would you check out the discussion and see fi the right people are involved and the right information is available?

It seems to be coming soon to .NET core:

In dotnet/corefx#8807, David-Engel says "There is a separate issue specifically for AccessToken: #13660, It is the next thing we will be working on as soon as currently active work items are wrapped up" https://github.com/dotnet/corefx/issues/13660

Still not available. We'd like to use this with Microsoft.Azure.Services.AppAuthentication to be able to use managed services identities in .NET Core .

@jurjen74 if you follow one of the links above , it appears that this will be coming in the .NET Core 2.2 release, scheduled for Q4 2018.

Guys, I'm frustrated.

Just wasted 2-3h following the tutorial which pointed me nowhere.

Please write a big disclaimer on top - "Does not work with .NET CORE yet".
Please don't pretend that something works when it does not.

Guys, I'm frustrated.

Just wasted 2-3h following the tutorial which pointed me nowhere.

Please write a big disclaimer on top - "Does not work with .NET CORE yet".
Please don't pretend that something works when it does not.

That's exactly what I was thinking. This note is somewhere in the middle, but it should be on top. I'm not interested in following all the previous steps, only to find out that I cannot use it afterwards.

@wmekal @ffloimair Thank you guys for the feedback. I've added a note at the top to clarify it now. It will be published sometime today. Sorry for the frustrations.

please-close as the issue is solved by the new note.

We will now proceed to close this thread. If there are further questions regarding this matter, please comment and we will gladly continue the discussion.

@cephalin @Mike-Ubezzi-MSFT Thank you guys for listening the feedback and updating the docs :).