| title | description | services | ms.service | ms.subservice | ms.custom | ms.devlang | ms.topic | author | ms.author | ms.reviewer | manager | ms.date |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
Get values for app authentication - Azure SQL Database | Microsoft Docs |
Create a service principal for accessing SQL Database from code. |
sql-database |
sql-database |
development |
conceptual |
stevestein |
sstein |
craigg |
04/01/2018 |
To create and manage SQL Database from code you must register your app in the Azure Active Directory (AAD) domain in the subscription where your Azure resources have been created.
You need to have the latest Azure PowerShell installed and running. For detailed information, see How to install and configure Azure PowerShell.
The following PowerShell script creates the Active Directory (AD) application and the service principal that we need to authenticate our C# app. The script outputs values we need for the preceding C# sample. For detailed information, see Use Azure PowerShell to create a service principal to access resources.
# Sign in to Azure.
Connect-AzureRmAccount
# If you have multiple subscriptions, uncomment and set to the subscription you want to work with.
#$subscriptionId = "{xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}"
#Set-AzureRmContext -SubscriptionId $subscriptionId
# Provide these values for your new AAD app.
# $appName is the display name for your app, must be unique in your directory.
# $uri does not need to be a real uri.
# $secret is a password you create.
$appName = "{app-name}"
$uri = "http://{app-name}"
$secret = "{app-password}"
# Create a AAD app
$azureAdApplication = New-AzureRmADApplication -DisplayName $appName -HomePage $Uri -IdentifierUris $Uri -Password $secret
# Create a Service Principal for the app
$svcprincipal = New-AzureRmADServicePrincipal -ApplicationId $azureAdApplication.ApplicationId
# To avoid a PrincipalNotFound error, I pause here for 15 seconds.
Start-Sleep -s 15
# If you still get a PrincipalNotFound error, then rerun the following until successful.
$roleassignment = New-AzureRmRoleAssignment -RoleDefinitionName Contributor -ServicePrincipalName $azureAdApplication.ApplicationId.Guid
# Output the values we need for our C# application to successfully authenticate
Write-Output "Copy these values into the C# sample app"
Write-Output "_subscriptionId:" (Get-AzureRmContext).Subscription.SubscriptionId
Write-Output "_tenantId:" (Get-AzureRmContext).Tenant.TenantId
Write-Output "_applicationId:" $azureAdApplication.ApplicationId.Guid
Write-Output "_applicationSecret:" $secret