-
Notifications
You must be signed in to change notification settings - Fork 119
Azure AD Authentication
Sicong edited this page Sep 27, 2021
·
5 revisions
How to setup:
- Add an App Registration in Azure Active Directory, eg. AuthAPP
- From App Registration copy Application (client) ID.
- In Certificates & secrets Add a new client secret (password).
- In Azure SQL make sure your app has the right permission
CREATE USER [AuthAPP] FROM EXTERNAL PROVIDER
EXEC sp_addrolemember 'dbmanager', 'AuthAPP'
- In project settings.py, add
Authentication=ActiveDirectoryServicePrincipal
toextra_params
DATABASES = {
"default": {
"ENGINE": "mssql",
"NAME": "default",
"USER": "Application (client) ID",
"PASSWORD": "Client secret",
"HOST": "example.database.windows.net",
"PORT": "1433",
"OPTIONS": {
"driver": "ODBC Driver 17 for SQL Server",
"extra_params": "Authentication=ActiveDirectoryServicePrincipal",
},
},
}
How to setup:
(Interactive authentication only work on Windows, recommend using the latest version of ODBC 17 driver, some older versions may not be supported)
- In project settings.py, add
Authentication=ActiveDirectoryInteractive
toextra_params
- After running the Django project, a window will pop up asking the user to enter a password
DATABASES = {
"default": {
"ENGINE": "mssql",
"NAME": "default",
"USER": "[email protected]",
"HOST": "example.database.windows.net",
"PORT": "1433",
"OPTIONS": {
"driver": "ODBC Driver 17 for SQL Server",
"extra_params": "Authentication=ActiveDirectoryInteractive",
},
},
}
To use managed identity, add Authentication=ActiveDirectoryMsi
to extra_params
.
DATABASES = {
"default": {
"ENGINE": "mssql",
"NAME": "your_db",
"HOST": "database.windows.net",
"PORT": "1433",
"OPTIONS": {
"driver": "ODBC Driver 17 for SQL Server",
"extra_params": "Authentication=ActiveDirectoryMsi",
},
},
}