0

我读过 mssql 模块在内部使用 Tedious 连接到 azure sql db。因此,我正在尝试使用 azure-active-directory-access-token 建立连接。但是,我收到错误 ConnectionError: Login failed for user token-identified principal

示例代码:-

const mssql = require('mssql');
const msrestAzure = require("ms-rest-azure");

const clientSecret = "XXXXXXXXXXXXXXXXXXXXXXXXXXX";
const serverName = "XXXXXXXXXXXXXXXXXXXXXXXXXXX";
const databaseName = "XXXXXXXXXXXXXXXXXXXXXXXXXXX";
const clientId = "XXXXXXXXXXXXXXXXXXXXXXXXXXX";
const tenantId = "XXXXXXXXXXXXXXXXXXXXXXXXXXX";
let token = 0;

msrestAzure.loginWithServicePrincipalSecret(clientId,
    clientSecret,
    tenantId,
    {
        tokenAudience: "https://database.windows.net/",
    },
).then((databaseCredentials) => {
    return new Promise((resolve, reject) => {
        databaseCredentials.getToken((err, results) => {
            if (err) return reject(err);
            resolve(results.accessToken);
        });
    });
}).then((token) => {
    // console.log(token);
    var config = {
        server: serverName,
        authentication: {
            type: "azure-active-directory-access-token",
            options: {
                token: token,
            }
        },
        options: {
            database: databaseName,
            encrypt: true,
        }
    };
    return new mssql.connect(config);
}).then(pool => {
    console.log('Connected to MSSQL')
    return pool;
}).catch((error) => {
    console.log(error);
});
4

1 回答 1

0

您可以通过 azure-active-directory-access-token 在 NodeJS(NPM) 身份验证中使用服务主体连接 Azure SQL Server。

1.创建服务主体

az login
az ad sp create-for-rbac -n 'MyApp' --skip-assignment

2.配置SQL数据库

一个。使用 Azure Sql AD 管理员连接 Azure SQL vai SSMS

湾。将服务主体添加到您需要使用的数据库中

create user [<Azure_AD_principal_name>] from external provider
ALTER ROLE db_owner ADD MEMBER [<Azure_AD_principal_name>]

3.代码

 var msrestAzure = require("ms-rest-azure");
    var { Connection, Request } = require("tedious");
    
    let clientSecret = "xxx";
    let serverName = "xxx.database.windows.net";
    let databaseName = "xxx";
    let clientId = "xxx";
    let tenantId = "xxx";
    
    async function getConnect() {
      // way for Azure Service Principal
      let databaseCredentials = await msrestAzure.loginWithServicePrincipalSecret(
        clientId,
        clientSecret,
        tenantId,
        {
          tokenAudience: "https://database.windows.net/",
        },
      );
    
      // getting access token
      let databaseAccessToken = await new Promise((resolve, reject) => {
        databaseCredentials.getToken((err, results) => {
          if (err) return reject(err);
          resolve(results.accessToken);
        });
      });
      var config = {
        server: serverName,
        authentication: {
          type: "azure-active-directory-access-token",
          options: {
            token: databaseAccessToken,
          },
        },
        options: {
          debug: {
            packet: true,
            data: true,
            payload: true,
            token: false,
            log: true,
          },
          database: databaseName,
          encrypt: true,
        },
      };
    
      var connection = new Connection(config);
      connection.connect();
      connection.on("connect", function (err) {
        if (err) {
          console.log(err);
        }
        executeStatement(connection);
      });
    
      connection.on("debug", function (text) {
        console.log(text);
      });
    }
    function executeStatement(connection) {
      request = new Request("select * from CSVTest", function (err, rowCount) {
        if (err) {
          console.log(err);
        } else {
          console.log(rowCount + " rows");
        }
    
        connection.close();
      });
    
      request.on("row", function (columns) {
        columns.forEach(function (column) {
          if (column.value === null) {
            console.log("NULL");
          } else {
            console.log(column.value);
          }
        });
      });
    
      request.on("done", function (rowCount, more) {
        console.log(rowCount + " rows returned");
      });
    
      connection.execSql(request);
    }
    
    getConnect()
      .then(() => {
        console.log("run successfully");
      })
      .catch((err) => {
        console.log(err);
      });

参考:使用 NodeJS 中的服务主体连接到 Azure SQL,但令牌被拒绝

于 2021-08-26T12:45:19.737 回答