Update .NET passwordless flow

alexwolfmsft · rwestMSFT · commit b263767367c0 · 2025-04-10T17:20:06.000-06:00
update tabs

simplify code
diff --git a/azure-sql/database/azure-sql-dotnet-entity-framework-core-quickstart.md b/azure-sql/database/azure-sql-dotnet-entity-framework-core-quickstart.md
@@ -23,12 +23,12 @@ This quickstart describes how to connect an application to a database in Azure S
 
 - An [Azure subscription](https://azure.microsoft.com/pricing/purchase-options/azure-account?icid=azurefreeaccountdotnet/).
 - A SQL database configured for authentication with Microsoft Entra ID ([formerly Azure Active Directory](/entra/fundamentals/new-name)). You can create one using the [Create database quickstart](./single-database-create-quickstart.md).
-- [.NET 7.0](https://dotnet.microsoft.com/download) or later.
+- [.NET 9.0](https://dotnet.microsoft.com/download) or later.
 - [Visual Studio](https://visualstudio.microsoft.com/vs/) or later with the **ASP.NET and web development** workload.
 - The latest version of the [Azure CLI](/cli/azure/get-started-with-azure-cli).
 - The latest version of the Entity Framework Core tools:
-  * Visual Studio users should install the [Package Manager Console tools for Entity Framework Core](/ef/core/cli/powershell).
-  * .NET CLI users should install the [.NET CLI tools for Entity Framework Core](/ef/core/cli/dotnet).
+  - Visual Studio users should install the [Package Manager Console tools for Entity Framework Core](/ef/core/cli/powershell).
+  - .NET CLI users should install the [.NET CLI tools for Entity Framework Core](/ef/core/cli/dotnet).
 
 ## Configure the database server
 
@@ -46,7 +46,7 @@ The steps in this section create a .NET Minimal Web API by using either the .NET
 
 1. For the **Project Name**, enter *DotNetSQL*. Leave the default values for the rest of the fields and select **Next**.
 
-1. For the **Framework**, select .NET 7.0 and uncheck **Use controllers (uncheck to use minimal APIs)**. This quickstart uses a Minimal API template to streamline endpoint creation and configuration.
+1. For the **Framework**, select .NET 9.0 and uncheck **Use controllers**. This quickstart uses a Minimal API template to streamline endpoint creation and configuration.
 
 1. Choose **Create**. The new project opens inside the Visual Studio environment.
 
@@ -76,15 +76,7 @@ To connect to Azure SQL Database by using .NET and Entity Framework Core, you ne
 - **Microsoft.EntityFrameworkCore.SqlServer**: Provides extra components to connect to the logical server
 - **Microsoft.EntityFrameworkCore.Design**: Provides support for running Entity Framework migrations
 - **Microsoft.EntityFrameworkCore.Tools**: Provides support for Visual Studio Package Manager Console tooling (PowerShell only)
-
-Alternatively, you can also run the `Install-Package` cmdlet in the **Package Manager Console** window:
-
-```powershell
-Install-Package Microsoft.EntityFrameworkCore
-Install-Package Microsoft.EntityFrameworkCore.SqlServer
-Install-Package Microsoft.EntityFrameworkCore.Design
-Install-Package Microsoft.EntityFrameworkCore.Tools
-```
+- **Swashbuckle.AspNetCore**: Optional - provides support for SwaggerUI interaction with the app endpoints
 
 ## [.NET CLI](#tab/dotnet-cli)
 
@@ -94,6 +86,7 @@ Use the `dotnet add package` command to install the following packages:
 dotnet add package Microsoft.EntityFrameworkCore
 dotnet add package Microsoft.EntityFrameworkCore.SqlServer
 dotnet add package Microsoft.EntityFrameworkCore.Design
+dotnet add package Swashbuckle.AspNetCore
 ```
 
 ---
@@ -106,12 +99,7 @@ The Entity Framework Core libraries rely on the `Microsoft.Data.SqlClient` and `
 
 Complete the following steps to connect to Azure SQL Database using Entity Framework Core and the underlying `DefaultAzureCredential` class:
 
-1. Add a `ConnectionStrings` section to the `appsettings.Development.json` file so that it matches the following code. Remember to update the `<your database-server-name>` and `<your-database-name>` placeholders.
-
-    The passwordless connection string includes a configuration value of `Authentication=Active Directory Default`, which enables Entity Framework Core to use `DefaultAzureCredential` to connect to Azure services. When the app runs locally, it authenticates with the user you're signed into Visual Studio with. Once the app deploys to Azure, the same code discovers and applies the managed identity that is associated with the hosted app, which you'll configure later.
-
-    > [!NOTE]  
-    > Passwordless connection strings are safe to commit to source control, since they do not contain any secrets such as usernames, passwords, or access keys.
+1. Add a `ConnectionStrings` section to the `appsettings.Development.json` file so that it matches the following code.
 
     ```json
     {
@@ -128,49 +116,61 @@ Complete the following steps to connect to Azure SQL Database using Entity Frame
     }
     ```
 
-1. Add the following code to the `Program.cs` file above the line of code that reads `var app = builder.Build();`. This code performs the following configurations:
-
-    * Retrieves the passwordless database connection string from the `appsettings.Development.json` file for local development, or from the environment variables for hosted production scenarios.
-    * Registers the Entity Framework Core `DbContext` class with the .NET dependency injection container.
-
-        ```csharp
-        var connection = String.Empty;
-        if (builder.Environment.IsDevelopment())
-        {
-            builder.Configuration.AddEnvironmentVariables().AddJsonFile("appsettings.Development.json");
-            connection = builder.Configuration.GetConnectionString("AZURE_SQL_CONNECTIONSTRING");
-        }
-        else
-        {
-            connection = Environment.GetEnvironmentVariable("AZURE_SQL_CONNECTIONSTRING");
-        }
+    > [!NOTE]
+    > Remember to update the `<your database-server-name>` and `<your-database-name>` placeholders in the database connection string. Passwordless connection strings are safe to commit to source control, since they do not contain any secrets such as usernames, passwords, or access keys.
 
-        builder.Services.AddDbContext<PersonDbContext>(options =>
-            options.UseSqlServer(connection));
-        ```
+    The passwordless connection string includes a configuration value of `Authentication=Active Directory Default`, which enables Entity Framework Core to use `DefaultAzureCredential` to connect to Azure services. When the app runs locally, it authenticates with the user you're signed into Visual Studio with. Once the app deploys to Azure, the same code discovers and applies the managed identity that is associated with the hosted app, which you'll configure later.
 
-1. Add the following endpoints to the bottom of the `Program.cs` file above `app.Run()` to retrieve and add entities in the database using the `PersonDbContext` class.
+1. Replace the contents of the `Program.cs` file with the following code:
 
     ```csharp
+    using Microsoft.AspNetCore.Mvc;
+    using Microsoft.EntityFrameworkCore;
+    
+    var builder = WebApplication.CreateBuilder();
+    
+    builder.Services.AddOpenApi();
+    
+    var connection = String.Empty;
+    if (builder.Environment.IsDevelopment())
+    {
+        builder.Configuration.AddEnvironmentVariables().AddJsonFile("appsettings.Development.json");
+        connection = builder.Configuration.GetConnectionString("AZURE_SQL_CONNECTIONSTRING");
+    }
+    else
+    {
+        connection = Environment.GetEnvironmentVariable("AZURE_SQL_CONNECTIONSTRING");
+    }
+    
+    builder.Services.AddDbContext<PersonDbContext>(options =>
+        options.UseSqlServer(connection));
+    
+    var app = builder.Build();
+    
+    if (app.Environment.IsDevelopment())
+    {
+        app.MapOpenApi();
+        app.UseSwaggerUI(options =>
+        {
+            options.SwaggerEndpoint("/openapi/v1.json", "v1");
+        });
+    }
+    
+    app.MapGet("/", () => "Hello world!");
+
     app.MapGet("/Person", (PersonDbContext context) =>
     {
         return context.Person.ToList();
-    })
-    .WithName("GetPersons")
-    .WithOpenApi();
+    });
 
     app.MapPost("/Person", (Person person, PersonDbContext context) =>
     {
         context.Add(person);
         context.SaveChanges();
-    })
-    .WithName("CreatePerson")
-    .WithOpenApi();
-    ```
+    });
 
-    Finally, add the `Person` and `PersonDbContext` classes to the bottom of the `Program.cs` file. The Person class represents a single record in the database's `Persons` table. The `PersonDbContext` class represents the Person database and allows you to perform operations on it through code. You can read more about `DbContext` in the [Getting Started](/ef/core/get-started/overview/first-app) documentation for Entity Framework Core.
+    app.Run();
 
-    ```csharp
     public class Person
     {
         public int Id { get; set; }
@@ -189,6 +189,14 @@ Complete the following steps to connect to Azure SQL Database using Entity Frame
     }
     ```
 
+    The preceding code handles the following:
+
+    - Retrieves the passwordless database connection string from the `appsettings.Development.json` file for local development, or from the environment variables for hosted production scenarios.
+    - Registers the Entity Framework Core `DbContext` class with the .NET dependency injection container. You can read more about `DbContext` in the [Getting Started](/ef/core/get-started/overview/first-app) documentation for Entity Framework Core.
+    - Configures .NET 9.0 OpenAPI support with SwaggerUI to provide a UI you can use to interact with the app endpoints and database.
+    - Adds endpoints to retrieve and add entities in the database.
+    - Defines a `Person` class to represent a single record in the `Persons` database table, and the `PersonDbContext` class that was registered with the .NET dependency injection container.
+
 ## Run the migrations to create the database
 
 To update the database schema to match your data model using Entity Framework Core, you must use a migration. Migrations can create and incrementally update a database schema to keep it in sync with your application's data model. You can learn more about this pattern in the [migrations overview](/ef/core/managing-schemas/migrations).
@@ -252,11 +260,11 @@ The app is ready to be deployed to Azure. Visual Studio can create an Azure App
 1. For the specific target, select **Azure App Service (Windows)**, and then select **Next**.
 1. Select the green **+** icon to create a new App Service to deploy to and enter the following values:
 
-    * **Name**: Leave the default value.
-    * **Subscription name**: Select the subscription to deploy to.
-    * **Resource group**: Select **New** and create a new resource group called *msdocs-dotnet-sql*.
-    * **Hosting Plan**: Select **New** to open the hosting plan dialog. Leave the default values and select **OK**.
-    * Select **Create** to close the original dialog. Visual Studio creates the App Service resource in Azure.
+    - **Name**: Leave the default value.
+    - **Subscription name**: Select the subscription to deploy to.
+    - **Resource group**: Select **New** and create a new resource group called *msdocs-dotnet-sql*.
+    - **Hosting Plan**: Select **New** to open the hosting plan dialog. Leave the default values and select **OK**.
+    - Select **Create** to close the original dialog. Visual Studio creates the App Service resource in Azure.
 
         :::image type="content" source="media/passwordless-connections/create-app-service-small.png" alt-text="Screenshot showing how to deploy with Visual Studio." lightbox="media/passwordless-connections/create-app-service.png":::
 
@@ -265,7 +273,7 @@ The app is ready to be deployed to Azure. Visual Studio can create an Azure App
 
 1. Select **Publish** in the upper right of the publishing profile summary to deploy the app to Azure.
 
-When the deployment finishes, Visual Studio launches the browser to display the hosted app, but at this point the app doesn't work correctly on Azure. You still need to configure the secure connection between the App Service and the SQL database to retrieve your data.
+When the deployment finishes, Visual Studio launches the browser to display the hosted app. You should see the `Hello world` message from the default endpoint. However, at this point the database endpoints will not work correctly on Azure. You still need to configure the secure connection between the App Service and the SQL database to retrieve your data.
 
 ## Connect the App Service to Azure SQL Database
 
@@ -279,17 +287,25 @@ There are multiple tools available to implement these steps:
 
 ## [Service Connector (Recommended)](#tab/service-connector)
 
-Service Connector is a tool that streamlines authenticated connections between different services in Azure. Service Connector currently supports connecting an App Service to a SQL database via the Azure CLI using the `az webapp connection create sql` command. This single command completes the three steps mentioned above for you.
+Service Connector is a tool that streamlines authenticated connections between different services in Azure. Service Connector currently supports connecting an App Service to a SQL database using the Azure CLI passwordless extension.
 
-```azurecli
-az webapp connection create sql
--g <your-resource-group>
--n <your-app-service-name>
---tg <your-database-server-resource-group>
---server <your-database-server-name>
---database <your-database-name>
---system-identity
-```
+1. Install or upgrade the Service Connector passwordless extension:
+
+    ```azcli
+    az extension add --name serviceconnector-passwordless --upgrade
+    ```
+
+1. Run the `az webapp connection create sql` command to connect your web app to the database using a system-assigned managed identity:
+
+    ```azurecli
+    az webapp connection create sql
+    -g <your-resource-group>
+    -n <your-app-service-name>
+    --tg <your-database-server-resource-group>
+    --server <your-database-server-name>
+    --database <your-database-name>
+    --system-identity
+    ```
 
 You can verify the changes made by Service Connector on the App Service settings.
 
@@ -346,6 +362,9 @@ The person you created locally should display in the browser. Congratulations! Y
 
 [!INCLUDE [passwordless-resource-cleanup](../includes/passwordless-resource-cleanup.md)]
 
+> [!NOTE]
+> If you deployed the sample app to Azure, make sure to also search for and delete the App Service resource to avoid unintended costs.
+
 ## Related content
 
 - [Tutorial: Secure a database in Azure SQL Database](./secure-database-tutorial.md)
