Comments (7)
sounds good to me! Thx for working it out. Now I need some other curious-and-motivated community members to add Always Encrypted support.
from go-mssqldb.
Update: After looking at the dotnet SqlClient code - it makes sense why it works - the implementation logic is different for prelogin response.
I am guessing the switch statement never hits case (int)PreLoginOptions.FEDAUTHREQUIRED
as that option is not returned. So technically Microsoft.Data.SqlClient is breaking the specification.
from go-mssqldb.
I think your scenario doesn't need to use the azuread
package. There's a fedauth connector you can leverage that doesn't take any dependency on MSAL SDK for Go. Have you tried using NewSecurityTokenConnector
directly?
from go-mssqldb.
sure - but I get the same problem - as I have to use the azuread
driver for federation - I do not see any other option?
As soon as it sees fedauth
in the connection string - it resets p.fedAuthLibrary
from the default of mssql.FedAuthLibraryReserved as per:
go-mssqldb/azuread/configuration.go
Line 81 in 1576f3e
I tried this:
connString := fmt.Sprintf("odbc:server=%s;port=%d;fedauth=FedAuthLibraryReserved;",
server, port)
//print(authToken)
//conn, err := sql.Open(azuread.DriverName, connString)
tokenProviderWithCtx := func(ctx context.Context) (string, error) {
return authToken, nil
}
connector, err := mssql.NewConnectorWithAccessTokenProvider(connString, tokenProviderWithCtx)
conn := sql.OpenDB(connector)
Maybe we need an extra fedauth
option for non AAD federation which keeps p.fedAuthLibrary
as default. But that would seem messy I guess as all the federation code is in the azuread
package.
Technically it doesn't matter who is the token provider, azuread
does the job except for this issue.
from go-mssqldb.
azuread
package is simply an AAD-specific federation implementation which implements the token fetch callback using MSAL SDK for Go. The federation implementation is part of the core mssql
code, split between fedauth.go
and tds.go
. I think having a new method in fedauth.go
to create a config that has both fedAuthRequired == true
and fedAuthLibrary == FedAuthLibraryReserved
for this scenario is probably ok.
Alternately - does it make sense for the prelogin response validation to check for both FedAuthLibrarySecurityToken
and FedAuthLibraryReserved
as possible inputs instead of just the one? After all, both values have the semantic that the server doesn't need to provide any information for the client to provide the token.
Pulling in azuread
is just going to bloat your binary for little benefit.
from go-mssqldb.
I get it now. Leave it with me and I will find some time to try it. Thanks for the pointer!
from go-mssqldb.
How about this.
else if fe.FedAuthLibrary != FedAuthLibraryReserved && fe.ADALWorkflow > 0 {
return 0, fmt.Errorf("federated authentication is not supported by the server")
}
NewSecurityTokenConnector
does not set the ADALWorkflow. I think you only care about the above error message if its actually going through the ADALWorkflow somehow and didn't get the preloginFEDAUTHREQUIRED
response?
For a generic access token provided by the user the above should be enough as they just want to auth and we don't want to check for the support.
from go-mssqldb.
Related Issues (20)
- Connection Error 17830 logged to extended events when connecting to servers with multiple IPs
- QueryContext blocks when the network is down HOT 4
- String output parameter value is cut off HOT 18
- can i use always encrypted with secure enclaves? HOT 1
- Use dockertest to instantiate the test database HOT 2
- Is There Support For The HierarchyID Data Type? HOT 3
- Unable to open tcp connection with host 'localhost:1443': dial tcp 127.0.0.1:1443 HOT 4
- tdsBuffer data race in transaction query with OUTPUT HOT 1
- connection not closed when database name is incorrect HOT 1
- Support prelogin response with packet type 4
- port number added to AKV urls breaks things HOT 1
- Out param with Dest type sql.NullString cut to 4000 chars HOT 4
- DATETIME rounding does not match SQL Server documentation HOT 1
- How can I send a list in the select query with IN? HOT 2
- UUID wrong binding problem HOT 1
- Fetched Row Count Not Match With Source Table Row Count HOT 4
- `sql_variant` invalid `scanType` value
- No support of bulkcopy an IMAGE column
- how to transfer data to tvp with special characters in the name
- cannot connect to MSSQLSERVER on localhost: "No connection could be made because the target machine actively refused it" HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from go-mssqldb.