SQL Azure数据库。使用非安全连接字符串登录

I have an SQL Azure database and have the auditing enabled on it. According to the portal , Auditing requires use of Security Enabled Connection Strings and consequently have set the Security Enabled Access parameter on the DB portal to “Required” so that no apps with non-secure connection strings get to my DB.

我有一个SQL Azure数据库,并启用了审计。根据门户网站,审计需要使用安全性启用的连接字符串,因此已将数据库门户上的Security Enabled Access参数设置为“Required”,以便没有具有非安全连接字符串的应用程序进入我的数据库。

When I try to get connected from SSMS using non secure connection string server name like MyAzureServer.database.windows.net I get an error message saying only connections with secure connection string are allowed which is what I expected

当我尝试使用非安全连接字符串服务器名称(如MyAzureServer.database.windows.net)从SSMS连接时,我收到一条错误消息,指出只允许与安全连接字符串的连接,这是我的预期

However my .NET application using the non-secure connection string like below works fine and no errors. I could also see that there is a record in audit logs that login was success

但是我的.NET应用程序使用如下的非安全连接字符串工作正常,没有错误。我还可以看到审计日志中有一条记录表明登录成功

Server=tcp:MyDBServer.database.windows.net,1433;
Database=DemoDB;
User ID=Srisail@MyDBServer;
Password=password123%;
Encrypt=True;
TrustServerCertificate=False;
Connection Timeout=30;

My question is how my .NET app using the non-secure connection string able to login to my Azure SQL Server although I had forced my server to accept only connections with secure connection string.

我的问题是我的.NET应用程序如何使用非安全连接字符串能够登录到我的Azure SQL Server,尽管我强迫我的服务器只接受带有安全连接字符串的连接。

Also I’m not sure if I fully understand secure and non-secure connection strings, except you include the text secure in your server name like MyDBServer.secure.database.windows.net. I would like to understand more on this.

此外,我不确定我是否完全理解安全和非安全连接字符串,除非您在服务器名称中包含文本secure,如MyDBServer.secure.database.windows.net。我想更多地了解这一点。

Like always any help is greatly appreciated.

总是任何帮助都非常感谢。

3 个解决方案

#1

I am glad to inform you that last week we have improved the behavior of DB “Required” mode, which eliminates the need to use the secure connection string to use auditing or data masking.

我很高兴地通知您,上周我们改进了DB“必需”模式的行为,这消除了使用安全连接字符串来使用审计或数据屏蔽的需要。

This means that SSMS or .NET app attempts to connect the database using the standard connection string will works fine with no errors, after you set the Security Enabled Access parameter on the DB portal to “Required”,

这意味着在将数据库门户上的Security Enabled Access参数设置为“Required”后,SSMS或.NET应用程序尝试使用标准连接字符串连接数据库将正常工作,没有错误,

Could you please try get connected from SSMS using the standard connection string after setting the Security Enabled Access parameter on the DB portal to “Required?

在将数据库门户上的Security Enabled Access参数设置为“Required?”之后,您可以尝试使用标准连接字符串从SSMS连接吗?

#2

Just change

Server=tcp:MyDBServer.database.windows.net,1433;Database=DemoDB;User ID=Srisail@MyDBServer;Password=password123%;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;

Server=tcp:MyDBServer.database.secure.windows.net,1433;Database=DemoDB;User ID=Srisail@MyDBServer;Password=password123%;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;

#3

Your connection string includes Encrypt=True;TrustServerCertificate=False so qualifies as a secure connection. The connection between client and server will be SSL encrypted and the certificate will be validated.

您的连接字符串包括Encrypt = True; TrustServerCertificate = False,因此有资格作为安全连接。客户端和服务器之间的连接将进行SSL加密,证书将被验证。

https://msdn.microsoft.com/en-us/library/azure/ff394108.aspx#encryption

#1