Skip to main content

Azure SQL: Dependency Injection with EFCore 3.x for AAD Authentication


While we're trying to connect our client application (console, windows, or web application) using Azure SQL database its preferred to use access token-based AAD authentication. 

Per preferred practice to avoid NEW keyword to create objects we generally use dependency injection to create objects. 

To inject the DbContext using Entity Framework Core (3.x) we have an overridden method OnConfigure() which can be used to set up the UserSQLServer() configuration to create the SQL connection. But to use UseSqlServer extension of DbContextOptionBuilder we've to create the DbConnection (or SQLConnection) after opening the SQL-connection (conn.Open()). 

The problem with this approach is there is no option to dispose or close the SQL connection which we opened while creating the DbContext through DI. The below code demonstrates the general approach to achieve this.

 
protected override void OnConfiguring(DbContextOptionsBuilder optionsBuilder)
{
	// if it's AAD authentication, then get the SQLConnection and set AccessToken every time
	//  in all other cases (WindowsAuth, other SQL auth...), we will go with regular EFCore userSqlServer configuration
	if (_sqlConfigValues.IsAADAuthEnabled)
	{
		var sqlConnection = _sqlConnectionHelper.GetSqlConnection(_sqlConfigValues);
		optionsBuilder.UseSqlServer(sqlConnection, option =>
		{
			option.CommandTimeout(_sqlConfigValues.CommandTimeoutInSeconds);
		}
		);
	}
	else
	{
		if (!optionsBuilder.IsConfigured)
		{
			var connectionString = _sqlConnectionHelper.GetSqlConnectionString(_sqlConfigValues);
			optionsBuilder.UseSqlServer(connectionString, option =>
			{
				option.CommandTimeout(_sqlConfigValues.CommandTimeoutInSeconds);
			}
		);
		}
	}
}

Your GetSqlConnection method will be something like this

  public SqlConnection GetSqlConnection(SqlConfigValues sqlConfigValues)
{
	var sqlConnectionString = GetSqlConnectionString(sqlConfigValues);	
	var sqlConnection = new SqlConnection(sqlConnectionString);

	// AAD auth then set the token
	if (sqlConfigValues.IsAADAuthEnabled)
	{
		var accessToken =_tokenFactory.GetDBAccessToken();
		sqlConnection.AccessToken = accessToken;
	}

	// let's open the connection
	sqlConnection.Open();

	return sqlConnection;
}

Your SQL ConfigValues class definition is something like this

  namespace YourNamespace.ConfigValues
{
    public class SqlConfigValues
    {
        public string DatabaseServer { get; private set; }

        public string DatabaseName { get; private set; }
        public int ConnectionRetryCount { get; private set; }
        public int CommandTimeoutInSeconds { get; private set; }
        public int ConnectionTimeoutInSeconds { get; private set; }

        public bool IsAADAuthEnabled { get; private set; }
        public bool IsWindowsAuthEnabled { get; private set; }

        //
        public string SqlUserName { get; private set; }
        public string SqlPassword { get; private set; }
    }
}

To resolve this issue, Opening the SQL-connection every time while creating the DB context object through DI, we can take the help of DbConnectionINterceptor like this. 

   public class AzureAuthInterceptor : DbConnectionInterceptor
    {
        private readonly ITokenFactory _tokenFactory;
        public AzureAuthInterceptor(ITokenFactory tokenFactory)
        {
            _tokenFactory = tokenFactory;
        }

        public override async Task ConnectionOpeningAsync(DbConnection connection, ConnectionEventData eventData, InterceptionResult result, CancellationToken cancellationToken = default)
        {
            if (!(connection is SqlConnection conn))
            {
                return result;
            }

            conn.AccessToken =  await _tokenFactory.GetDBAccessTokenAsync();
            
            return result;
        }
    }


And in your TokenFactory class and respective ITokenFactory

  

 public async Task GetDBAccessTokenAsync()
        {
            // it will use MSI 
            AzureServiceTokenProvider provider = new AzureServiceTokenProvider();
            var accessToken = await provider.GetAccessTokenAsync("https://database.windows.net/")
                .ConfigureAwait(false);

            return accessToken;
        }

Now in your Startup.cs, you can use something like this  

  services.AddDbContext((serviceProvider, options) =>
            {
                var sqlConnHelper = serviceProvider.GetService();
                var tokenFactory = serviceProvider.GetService();
                options.UseSqlServer(sqlConnHelper.GetSqlConnectionString(sqlConfigValues))   // here we're just passing the connection string not the SqlConnection object
                    .AddInterceptors(new AzureAuthInterceptor(tokenFactory));  // this code will take care of getting the accessToken when required.
            });


This code is tested with EFCore 3.1.8/7/6 versions. 


Labels:

Comments

Post a Comment

Popular posts from this blog

EFCore - Collate function

Search in SQL server query is generally case insensitive (by default or based on database level collation). Suppose we have an employees table with a row having first-name column value as "My-First-Name", so if we want to do the case-sensitive search we have to explicitly use the related collate: In EF 5 (currently in Release Candidate version [RC.2.20475.6]) Collate function got introduced which helps us to use our specific collation based search.  C# with EF5 code sample: var employeeCaseSensitiveSearch = _dbContext.Employees .Where(x => EF.Functions.Collate(x.FirstName, "Latin1_General_CS_AS") == "my-first-name") .FirstOrDefault(); A related database query will be something like this: T-SQL: Case sensitive search (use specific collation e.g.: Latin1_General_CS_AS) SELECT * FROM dbo.Employees AS e WHERE e.FirstName Collate Latin1_General_CS_AS = 'my-first-name' Some of the useful CSharp function which g...
Post a Comment
Read more

EFCore - Parallel db call on same dbContext

Practically there are multiple instances when we want to do parallel DB call which will save us some time. Like if we want to get a few employees details as well as users detail and if both entities are independent of each other better to go with a parallel call to fetch the details.  With the growing ORM usage and enhanced & optimized framework of like EFCore, in most of the application (related to C# development), we generally prefer to use EFCore. With EFCore if we try to use the same DB context to do parallel db call we are getting an error (... different thread using the same DbContext....). Because dbContext call is not thread-safe Parallel DB call on the same dbContext:  Code snipped: which will throw an error private void DbCallWithParallelCallOnSameDbContext() { try { var employeesTask = _dbContext.Employees.ToListAsync(); var usersTask = _dbContext.Users.ToListAsync(); ...
Post a Comment
Read more

How to install Zen-coding plugin

As a web-developer, irrespective of the technologies (java, c-sharp, python, php e.t.c.…), we used to write CSS code to make our web-pages looks good if not at least we’re involved in write html codes. What if there is some tool to whom you give some instruction and that tool generates a good, well formatted html tags for you. These kind of coding is possible and known as “ Zen coding ” and there are lots of plug-in available from different vendors. We’re going to  discuss the steps to install this “zen-coding” plugin for “visual studio, eclipse, sublime-text & notepad++ in next few lines. Follow the below steps to install "zen-coding" plugin based on your editor.  Steps to install zen-coding plugin for (visual studio, eclipse, sublime-text,notepad++) -- -- For Visual Studio 1. Go to "Tools" -> "Extensions and Updates" 2. It'll open the "Extensions and Updates windows"    Select online form Left hand menu items ent...
Post a Comment
Read more