Merge pull request #237756 from xfz11/xf/passwordless

Add a passwordless tutorial in service connector

Author: Jill Grant

articles/service-connector/includes/code-mysql-aad.md

@@ -0,0 +1,91 @@
+---
+author: xiaofanzhou
+ms.service: service-connector
+ms.topic: include
+ms.date: 07/17/2023
+ms.author: xiaofanzhou
+---
+
+
+### [Java](#tab/java)
+
+1. Add the following dependencies in your *pom.xml* file:
+
+    ```xml
+    <dependency>
+        <groupId>mysql</groupId>
+        <artifactId>mysql-connector-java</artifactId>
+        <version>8.0.30</version>
+    </dependency>
+    <dependency>
+        <groupId>com.azure</groupId>
+        <artifactId>azure-identity-extensions</artifactId>
+        <version>1.1.5</version>
+    </dependency>
+    ```
+
+
+1. Get the connection string from the environment variable, and add the plugin name to connect to the database:
+
+    ```java
+    String url = System.getenv("AZURE_MYSQL_CONNECTIONSTRING");  
+    String pluginName = "com.azure.identity.extensions.jdbc.mysql.AzureMysqlAuthenticationPlugin";
+    Connection connection = DriverManager.getConnection(url + "&defaultAuthenticationPlugin=" +
+        pluginName + "&authenticationPlugins=" + pluginName);
+    ```
+
+For more information, see [Use Java and JDBC with Azure Database for MySQL - Flexible Server](../../mysql/flexible-server/connect-java.md?tabs=passwordless).
+
+### [Spring](#tab/spring)
+
+For a Spring application, if you create a connection with option `--client-type springboot`, Service Connector will set the properties `spring.datasource.azure.passwordless-enabled`, `spring.datasource.url`, and `spring.datasource.username` to Azure Spring Apps. 
+
+Update your application following the tutorial [Connect an Azure Database for MySQL instance to your application in Azure Spring Apps](../../spring-apps/how-to-bind-mysql.md#prepare-your-java-project). Remember to remove the `spring.datasource.password` configuration property if it was set before and add the correct dependencies to your Spring application.
+
+For more tutorials, see [Use Spring Data JDBC with Azure Database for MySQL](/azure/developer/java/spring-framework/configure-spring-data-jdbc-with-azure-mysql?tabs=passwordless%2Cservice-connector&pivots=mysql-passwordless-flexible-server#store-data-from-azure-database-for-mysql)
+
+### [.NET](#tab/dotnet)
+
+For .NET, there's not a plugin or library to support passwordless connections. You can get an access token for the managed identity or service principal and use it as the password to connect to the database. For example, you can use [Azure.Identity](https://www.nuget.org/packages/Azure.Identity/) to get an access token for the managed identity or service principal:
+
+```csharp
+using Azure.Core;
+using Azure.Identity;
+using MySqlConnector;
+
+// user-assigned managed identity
+var credential = new DefaultAzureCredential(
+    new DefaultAzureCredentialOptions
+    {
+        ManagedIdentityClientId = userAssignedClientId
+    });
+
+// system-assigned managed identity
+//var credential = new DefaultAzureCredential();
+
+// service principal 
+//var credential = new ClientSecretCredential(tenantId, clientId, clientSecret);
+
+var tokenRequestContext = new TokenRequestContext(
+    new[] { "https://ossrdbms-aad.database.windows.net/.default" });
+AccessToken accessToken = await credential.GetTokenAsync(tokenRequestContext);
+// Open a connection to the MySQL server using the access token.
+string connectionString =
+    $"{Environment.GetEnvironmentVariable("AZURE_MYSQL_CONNECTIONSTRING")};Password={accessToken.Token}";
+
+using var connection = new MySqlConnection(connectionString);
+Console.WriteLine("Opening connection using access token...");
+await connection.OpenAsync();
+
+// do something
+```
+
+
+### [Others](#tab/others)
+
+For other languages, you can use the connection string and username that Service Connector set to the environment variables to connect the database. For environment variable details, see [Integrate Azure Database for MySQL with Service Connector](../how-to-integrate-mysql.md).
+
+For more code samples, see [Connect to Azure databases from App Service without secrets using a managed identity](/azure/app-service/tutorial-connect-msi-azure-database?tabs=mysql#3-modify-your-code).
+
+---
+

articles/service-connector/includes/code-postgres-aad.md

@@ -0,0 +1,102 @@
+---
+author: xiaofanzhou
+ms.service: service-connector
+ms.topic: include
+ms.date: 07/17/2023
+ms.author: xiaofanzhou
+---
+
+
+
+### [Java](#tab/java)
+
+1. Add the following dependencies in your *pom.xml* file:
+
+    ```xml
+    <dependency>
+      <groupId>org.postgresql</groupId>
+      <artifactId>postgresql</artifactId>
+      <version>42.3.6</version>
+    </dependency>
+    <dependency>
+      <groupId>com.azure</groupId>
+      <artifactId>azure-identity-extensions</artifactId>
+      <version>1.1.5</version>
+    </dependency>
+    ```
+
+
+1. Get the connection string from environment variables and add the plugin name to connect to the database:
+
+    ```java
+    import java.sql.*;
+
+    String url = System.getenv("AZURE_POSTGRESQL_CONNECTIONSTRING");
+    String pluginName = "com.Azure.identity.extensions.jdbc.postgresql.AzurePostgresqlAuthenticationPlugin";  
+    Connection connection = DriverManager.getConnection(url + "&authenticationPluginClassName=" + pluginName);
+    ```
+
+For more information, see the following resources:
+
+* [Tutorial: Connect to PostgreSQL Database from a Java Quarkus Container App without secrets using a managed identity](../../container-apps/tutorial-java-quarkus-connect-managed-identity-postgresql-database.md)
+* [Tutorial: Connect to a PostgreSQL Database from Java Tomcat App Service without secrets using a managed identity](../../app-service/tutorial-java-tomcat-connect-managed-identity-postgresql-database.md)
+* [Quickstart: Use Java and JDBC with Azure Database for PostgreSQL Flexible Server](../../postgresql/flexible-server/connect-java.md?tabs=passwordless#connect-to-the-database)
+
+### [Spring](#tab/spring)
+
+For a Spring application, if you create a connection with option `--client-type springboot`, Service Connector will set the properties `spring.datasource.azure.passwordless-enabled`, `spring.datasource.url`, and `spring.datasource.username` to Azure Spring Apps. 
+
+Update your application following the tutorial [Bind an Azure Database for PostgreSQL to your application in Azure Spring Apps](../../spring-apps/how-to-bind-postgres.md#prepare-your-java-project). Remember to remove the `spring.datasource.password` configuration property if it was set before and add the correct dependencies,
+
+For more tutorials, see [Use Spring Data JDBC with Azure Database for PostgreSQL](/azure/developer/java/spring-framework/configure-spring-data-jdbc-with-azure-postgresql?tabs=passwordless%2Cservice-connector&pivots=postgresql-passwordless-flexible-server#store-data-from-azure-database-for-postgresql)
+
+### [.NET](#tab/dotnet)
+
+For .NET, there's not a plugin or library for passwordless connections. You can get an access token for the managed identity or service principal and use it as the password to connect to the database. For example, you can use [Azure.Identity](https://www.nuget.org/packages/Azure.Identity/) to get an access token for the managed identity or service principal:
+
+```csharp
+using Npgsql;
+using Azure.Identity;
+using Azure.Core;
+
+// user-assigned managed identity
+var sqlServerTokenProvider = new DefaultAzureCredential(
+    new DefaultAzureCredentialOptions
+    {
+        ManagedIdentityClientId = userAssignedClientId
+    });
+
+// system-assigned managed identity
+//var sqlServerTokenProvider = new DefaultAzureCredential();
+
+// service principal: tenantId, clientId, clientSecret can be retrieved from environment variables
+//var sqlServerTokenProvider = new ClientSecretCredential(tenantId, clientId, clientSecret);
+
+AccessToken accessToken = await sqlServerTokenProvider.GetTokenAsync(
+    new TokenRequestContext(scopes: new string[]
+    {
+        "https://ossrdbms-aad.database.windows.net/.default"
+    }));
+string connectionString =
+    $"{Environment.GetEnvironmentVariable("AZURE_POSTGRESQL_CONNECTIONSTRING")};Password={accessToken.Token}";
+
+using (var connection = new NpgsqlConnection(connectionString))
+{
+    Console.WriteLine("Opening connection using access token...");
+    connection.Open();
+    using var command = new NpgsqlCommand("SELECT version()", connection);
+    using NpgsqlDataReader reader = await command.ExecuteReaderAsync();
+
+    while (reader.Read())
+    {
+        Console.WriteLine("\nConnected!\n\nPostgreSQL version: {0}", reader.GetString(0));
+    }
+}
+```
+
+### [Others](#tab/others)
+
+For other languages, you can use the connection string and username that Service Connector set to the environment variables to connect the database. For environment variable details, see [Integrate Azure Database for PostgreSQL with Service Connector](../how-to-integrate-postgres.md).
+
+For more code samples, see [Connect to Azure databases from App Service without secrets using a managed identity](/azure/app-service/tutorial-connect-msi-azure-database?tabs=postgresql#3-modify-your-code).
+

articles/service-connector/includes/code-sql-aad.md

@@ -0,0 +1,69 @@
+---
+author: xiaofanzhou
+ms.service: service-connector
+ms.topic: include
+ms.date: 07/17/2023
+ms.author: xiaofanzhou
+---
+
+
+### [Java](#tab/java)
+
+For managed identity authentication, see [Connect using Azure Active Directory authentication](/sql/connect/jdbc/connecting-using-azure-active-directory-authentication).
+
+```java
+import java.sql.Connection;
+import java.sql.ResultSet;
+import java.sql.Statement;
+
+import com.microsoft.sqlserver.jdbc.SQLServerDataSource;
+
+public class Main {
+    public static void main(String[] args) {
+        // AZURE_SQL_CONNECTIONSTRING should be one of the following:
+        // For system-assigned managed identity: "jdbc:sqlserver://{SQLName}.database.windows.net:1433;databaseName={SQLDbName};authentication=ActiveDirectoryMSI;"
+        // For user-assigned managed identity: "jdbc:sqlserver://{SQLName}.database.windows.net:1433;databaseName={SQLDbName};msiClientId={UserAssignedMiClientId};authentication=ActiveDirectoryMSI;"
+        // For service principal: "jdbc:sqlserver://{SQLName}.database.windows.net:1433;databaseName={SQLDbName};user={ServicePrincipalClientId};password={spSecret};authentication=ActiveDirectoryServicePrincipal;"
+        String connectionString = System.getenv("AZURE_SQL_CONNECTIONSTRING");
+        SQLServerDataSource ds = new SQLServerDataSource();
+        ds.setURL(connectionString);
+        try (Connection connection = ds.getConnection()) {
+            System.out.println("Connected successfully.");
+        } catch (SQLException e) {
+            e.printStackTrace();
+        }
+    }
+}
+```
+
+### [Spring](#tab/spring)
+
+For a Spring application, if you create a connection with option `--client-type springboot`, Service Connector will set the properties `spring.datasource.url` with value format `jdbc:sqlserver://<sql-server>.database.windows.net:1433;databaseName=<sql-db>;authentication=ActiveDirectoryMSI;` to Azure Spring Apps.
+
+Update your application following the tutorial [Migrate a Java application to use passwordless connections with Azure SQL Database](/azure/developer/java/spring-framework/migrate-sql-database-to-passwordless-connection?tabs=spring%2Capp-service%2Cassign-role-service-connector#2-migrate-the-app-code-to-use-passwordless-connections). Remember to remove the `spring.datasource.password` configuration property if it was set before and add the correct dependencies.
+
+
+### [.NET](#tab/dotnet)
+
+For managed identity authentication, see [Using Active Directory Managed Identity authentication](/sql/connect/ado-net/sql/azure-active-directory-authentication#using-active-directory-managed-identity-authentication).
+
+```csharp
+using Microsoft.Data.SqlClient;
+
+// The connection string should've been set in environment variable AZURE_SQL_CONNECTIONSTRING by Service Connector.
+string connectionString = 
+    Environment.GetEnvironmentVariable("AZURE_SQL_CONNECTIONSTRING")!;
+
+using var connection = new SqlConnection(connectionString);
+connection.Open();
+```
+
+### [Others](#tab/others)
+
+For other languages, you can use the connection string and username that Service Connector set to the environment variables to connect to the database. For environment variable details, see [Integrate Azure SQL Database with Service Connector](../how-to-integrate-sql-database.md).
+
+For more code samples, see [Connect to Azure databases from App Service without secrets using a managed identity](/azure/app-service/tutorial-connect-msi-azure-database?tabs=sqldatabase#3-modify-your-code).
+
+---
+
+For more information, see [Homepage for client programming to Microsoft SQL Server](/sql/connect/homepage-sql-connection-programming).

articles/service-connector/includes/install-passwordless-extension.md

@@ -0,0 +1,13 @@
+---
+author: xiaofanzhou
+ms.service: service-connector
+ms.topic: include
+ms.date: 05/21/2023
+ms.author: xiaofanzhou
+---
+
+Install the Service Connector passwordless extension for the Azure CLI:
+
+```azurecli
+az extension add --name serviceconnector-passwordless --upgrade
+```

articles/service-connector/index.yml

@@ -70,6 +70,8 @@ landingContent:
             url: tutorial-portal-key-vault.md
           - text: Web app with App Configuration
             url: tutorial-connect-web-app-app-configuration.md
+          - text: Passwordless connection to database
+            url: tutorial-passwordless.md
 
       - linkListType: how-to-guide
         links:

articles/service-connector/toc.yml

@@ -81,6 +81,8 @@ items:
       href: tutorial-portal-key-vault.md
     - name: Connect a container app to Blob Storage
       href: ../container-apps/service-connector.md?bc=%2fazure%2fservice-connector%2fbreadcrumb%2ftoc.json&toc=%2fazure%2fservice-connector%2fTOC.json
+    - name: Create passwordless connection to database
+      href: tutorial-passwordless.md
     - name: Get connection configurations
       href: how-to-get-configurations.md
     - name: Troubleshoot