Open EugenZ opened 4 years ago
Currently, password authentication is the only supported login scheme.
We don't support Kerberos, NTLM or integrated authentication, mostly due to two reasons:
That being said additional authentication scheme support depends on whether someone more knowledgeable than us is able to contribute these.
Hello, does this include the possibility of using authentication=ActiveDirectoryPassword?
I'm not sure as I'm not familiar with AD authentication. right now, we don't support AD-based authentication.
sad to read that... currently many implementations for making connections to SQL servers require authentication using integrated security. I was trying to implement r2dbc with multiple databases with integrated security.
so, I will try through the sqljdbc_auth.dll, If I have success, then I will let you know
so, I will try through the sqljdbc_auth.dll, If I have success, then I will let you know
Hello... did you find a resolution or a workaround for this issue ? We are running into the same problem (ntlm security on MS SQL Server) within our enterprise. Thanks!
As it looks like now, integrated authentication requires a platform-specific binary. In the SQL Server JDBC driver, native code is available through com.microsoft.sqlserver.jdbc.AuthenticationJNI
which is package-private. You might want to file a ticket at https://github.com/microsoft/mssql-jdbc to make SSPI usable from outside the library.
Been discussing over on mssql-jdbc questions thread some. Would it be possible to do what is suggested?
https://github.com/microsoft/mssql-jdbc/issues/818#issuecomment-632322627
Thanks!
I haven’t looked yet into the DLL exports. If these are namespace-free, then we could add an integration. If they point into the SQL Server JDBC package, the we cannot add it as it would cause splitpackages.
@mp911de, awesome! Do we need a separate issue to look into that? Also, if I can help in any way, let me know.
If you like, feel free to come up with a pull request. I’m currently on vacation and I don’t have a windows testing environment.
Note that JDBC driver was migrated to MSAL in August. I assume the access is reactive as they use reactor types as is visible in changes.
@mp911de I have two questions:
Thanks for the heads-up. Using MSAL that is based on Reactor internally, we should have all pre-requisites in place. In general, you can leave a :+1:
on the ticket. Other than that, the ticket is labeled with ideal-for-contribution which means it is up for grabs for anyone that wants to contribute this functionality.
Since I'm not so deeply involved with AD, Kerberos etc. I don't have an answer to that question. I would expect that this feature can be only properly tested within an Azure or/and native Windows environment. We don't have access to either one from this project and I don't see how we could achieve that without anyone sponsoring the project.
Probably you want to reach out to Microsoft and make them aware of this situation.
I might be late to the party :). Is r2dbc-mssql supports Azure MSI (authentication=ActiveDirectoryMSI) based authentication?
I might be late to the party :). Is r2dbc-mssql supports Azure MSI (authentication=ActiveDirectoryMSI) based authentication?
Hey, did you find anything I am also trying same thing
Hello,
I am also having issues with this (values have been changed for privacy):
This is what I have for a ConnectionFactory:
`
@Bean
public ConnectionFactory connectionFactory() {
ConnectionFactoryOptions options = ConnectionFactoryOptions.builder()
.option(ConnectionFactoryOptions.DRIVER, "sqlserver")
.option(ConnectionFactoryOptions.HOST, "my-server.database.windows.net")
.option(ConnectionFactoryOptions.PORT, 1433)
.option(ConnectionFactoryOptions.USER, "username@my-app.cloud.com")
.option(ConnectionFactoryOptions.PASSWORD, "a_password123")
.option(ConnectionFactoryOptions.DATABASE, "my_db")
.option(Option.valueOf("sendStringParametersAsUnicode"), false)
.option(Option.valueOf("encrypt"), true)
.option(Option.valueOf("trustServerCertificate"), true)
.option(Option.valueOf("hostNameInCertificate"), "*.database.windows.net")
.option(Option.valueOf("authentication"), "ActiveDirectoryPassword")
.build();
log.trace("Connection Factory Details: " + options);
return ConnectionFactories.get(options);
} `
I'm getting the following error, only after I try to execute a sql query:
Caused by: io.r2dbc.mssql.ExceptionFactory$MssqlNonTransientResourceException: Cannot open server "my-app.cloud.com" requested by the login. The login failed.
This is an Azure Active Directory Acccount which i'm providing the service account username and password
Hello,
I am also having issues with this (values have been changed for privacy):
This is what I have for a ConnectionFactory:
` @bean public ConnectionFactory connectionFactory() { ConnectionFactoryOptions options = ConnectionFactoryOptions.builder() .option(ConnectionFactoryOptions.DRIVER, "sqlserver") .option(ConnectionFactoryOptions.HOST, "my-server.database.windows.net") .option(ConnectionFactoryOptions.PORT, 1433) .option(ConnectionFactoryOptions.USER, "username@my-app.cloud.com") .option(ConnectionFactoryOptions.PASSWORD, "a_password123") .option(ConnectionFactoryOptions.DATABASE, "my_db") .option(Option.valueOf("sendStringParametersAsUnicode"), false) .option(Option.valueOf("encrypt"), true) .option(Option.valueOf("trustServerCertificate"), true) .option(Option.valueOf("hostNameInCertificate"), "*.database.windows.net") .option(Option.valueOf("authentication"), "ActiveDirectoryPassword") .build();
log.trace("Connection Factory Details: " + options); return ConnectionFactories.get(options);
} `
I'm getting the following error, only after I try to execute a sql query:
Caused by: io.r2dbc.mssql.ExceptionFactory$MssqlNonTransientResourceException: Cannot open server "my-app.cloud.com" requested by the login. The login failed.
This is an Azure Active Directory Acccount which i'm providing the service account username and password
I am running into the same issue you are. Were you able to come up with a solution for Active Directory authentication?
Is it possible to connect to the MSSQL database not with user credentials, but with domain user account?