Runtime: SqlConnection should support Azure AD token-based authentication

Related to dotnet/SqlClient#10

It's a bit strange that Azure is such a huge and important part of Microsoft, but .NET Standard and .NET Core aren't given the necessary resources to support it.

I don't mean to blame anyone here, it's just that I'd love to use .NET Core but still cannot do so more than 3 years after it was announced.

The PR referred to by @keeratsingh is https://github.com/dotnet/corefx/pull/30342

@nathandavidson @stijnherreman Closing this is issue since it is addressed by pr #30342.

@AfsanehR: great! So this will be released in .NET Core 2.2?

Security should be number 1. This should have been released already.

The PR was merged into master, which will ship in 3.0.
I let @AfsanehR @David-Engel @keeratsingh to comment on option porting it to 2.2.

I think everyone waiting for this would like to see it in 2.2.

How this implementation will impact the pool connection key ? If there is two differents AccessToken with the same connection string, does it mean that they can share the same connection pool or not ?

A new connection pool is created for every access token.

+1 for getting this into .NET Core 2.2. By the time 2.2 comes out this issue will be 2 years old.

@AfsanehR @David-Engel @keeratsingh any decision on whether this update will be ported to 2.2?

@wienleung @Liero @paulirwin @stijnherreman We are currently in the process of porting this fix over to .NET Core 2.2, will updated here once the process is complete.

Reopening the issue to track port to 2.2 (PR dotnet/corefx#31039).

The AccessToken property is now added to .NET Core 2.2. 🎉

EDIT: While the PR was merged into the branch prior to 2.2 Preview1 release, it missed packaging changes and the package didn't ship at all, so it will be part of 2.2 Preview2 release (released on 2018/9/12).

Thanks @AfsanehR for addressing this popular issue. For those who will ask: we have not AFAIK announced a date for 2.2 yet. It will definitely be before 3.0 😀 Meantime, if anyone has a chance to try this out of the repo (either master or release/2.2) it would be great if you could indicate here to confirm you were successful.

2.2. is currently planned for Q4 2018: https://github.com/dotnet/core/blob/master/roadmap.md#upcoming-ship-dates

Can you give us an update on when we should be able to test this feature/start using it in development. Would that be 2.2.100-preview2?

Why can't this be distributed as a nuget package as opposed to with the full core sdk?

@jnevins-gcm shipping standalone packages leads to test matrix explosion + things don't work properly together when they should, etc. It caused lots of troubles for both the customers and the team and with .NET Core we started shipping platform as single NuGet package.
You can check the feature in daily builds of release/2.2 build, or wait for next preview which will contain the fix (based on times and the schedule I am aware of, it should be Preview2).

Can we consume 2.2 as a nuget package instead of having to use the windows installer for the core sdk?

@jnevins-gcm I think you will need the SDK, but I let area owners to have final word on the topic.

Ok, is this the right forum to get that answer? Who should I be asking?

@jnevins-gcm @karelz is correct. You need to update the SDK and SqlClient version both.
I was able to test it with SDK version 2.2.0-preview-26820-02 and SqlClient version 4.6.0-preview2-26905-02

The sqlclient is included in the sdk’s net ore reference assemblies though?

If the sqlclient update is separate, where do I get it?

@jnevins-gcm SlqClient update is NOT separate. We do not ship or support separate packages which are part of .NET Core platform -- see my previous reply https://github.com/dotnet/corefx/issues/13660#issuecomment-420337898 explaining why.

It is included but you need to include the version you want in your csproj file.
For example:

<ItemGroup>
    <PackageReference Include="System.Data.SqlClient" Version="4.6.0-preview2-26905-02" />
</ItemGroup>

You can check the latest version of SqlClient from here:
https://dotnet.myget.org/feed/dotnet-core/package/nuget/System.Data.SqlClient

I guess I don’t understand your release model.

netstandard2.0 started down the road of “no individual nuget packages for libraries that are part of the netstandard surface area”. You reference netstandard (implicitly) and the platform specific netstandard implementation forwards to the correct platform specific (or platform agnostic) implementation assembly that is distributed as part of that platform’s clr redistributable.

SqlClient isn’t part of netstandard.

Okay, so that being the case, how is it tied to a specific version of the netcore sdk? I’m looking at your nuget package on myget. It has both platform neutral (netstandard) implementations and a netcoreapp specific implementation. But no netcoreapp2.2 specific tfm.

Can you please help me understand how SqlClient is coupled to the netcore sdk and where that dependency is expressed and why I can’t or shouldn’t be able to just add a PackageReference to the one you linked to on myget without installing netcore sdk 2.2?

according to the readme, this should be included in preview1 but after i installed the SDK and added the new Sql package to version 4.6.0-preview2-26905-02 but still don't see the AccessToken on SqlConnection

@swettstein while the PR was merged for 2.2 Preview1, it omitted packaging changes leading to not shipping the bits at all. They will be available in 2.2 Preview2 (also clarified above - https://github.com/dotnet/corefx/issues/13660#issuecomment-413921458).
I checked with experts and this particular package is shipping also standalone, so it should be applicable to older version (although we do not test the combination).

So is that to say my understanding as I described above is actually correct?

@jnevins-gcm (had to check with experts again)
All APIs which are part of netstandard has to be implemented in each platform (.NET Core, Mono, .NET Framework, UWP) that supports that version of .NET Standard inbox (without external packages).
There are APIs which are in the platform, but do not ship as individual packages.
SqlClient already shipped as individual package before and we kept it shipping that way, that's why it ships standalone.

In nutshell, whatever is part of netstandard, has to be in each platform inbox. Some APIs (outside of netstandard) may ship as well as standalone packages. Decision what ships as standalone package is based on business need, and not on "can it be done".

Hope it clarifies things. Let's keep the general platform/targeting discussion separate. It is not specific to SqlClient.

@bloodybeet did you use 2.2 Preview2?
If you found a limitation in functionality, I would recommend to file a new issue to avoid mixing up multiple problems and discussions here.

@bloodybeet Would you be able to file a new issue as Karel recommended? It would be easier to continue discussion there. In the meantime, I would recommend to check if you have created a contained database user and grant the necessary permissions. Please refer to this link for more information
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-aad-authentication-configure

Even better: the access token wasn't coming from database.windows.net, but management.core.windows.net - fixed and working as expected. I have deleted all messages to keep this thread clean ;)