* Added AzureManagedServiceAuthenticator real implementation which is used on supported target platforms (net472, netcoreapp2.2) to perform Azure managed identities token gathering.

* Added AzureManagedServiceAuthenticator stub implementation which does nothing for target frameworks not supporting this
* Added unit tests
* Use AzureManagedServiceAuthenticator in SqlConnectionFactory to set token on connection
* Initialization in the sink and audit siink classes still set the azure msi auth to disabled. It will be activated according to passed  parameters in the next commits.

Author: ckadluba

src/Serilog.Sinks.MSSqlServer/Configuration/Implementations/Microsoft.Extensions.Configuration/MicrosoftExtensionsConnectionStringProvider.cs

@@ -1,4 +1,5 @@
-using Microsoft.Extensions.Configuration;
+using System;
+using Microsoft.Extensions.Configuration;
 using Serilog.Debugging;
 
 namespace Serilog.Sinks.MSSqlServer.Configuration
@@ -9,8 +10,8 @@ public string GetConnectionString(string nameOrConnectionString, IConfiguration
         {
             // If there is an `=`, we assume this is a raw connection string not a named value
             // If there are no `=`, attempt to pull the named value from config
-            if (nameOrConnectionString.IndexOf('=') > -1) return nameOrConnectionString;
-            string cs = appConfiguration?.GetConnectionString(nameOrConnectionString);
+            if (nameOrConnectionString.IndexOf("=", StringComparison.InvariantCultureIgnoreCase) > -1) return nameOrConnectionString;
+            var cs = appConfiguration?.GetConnectionString(nameOrConnectionString);
             if (string.IsNullOrEmpty(cs))
             {
                 SelfLog.WriteLine("MSSqlServer sink configured value {0} is not found in ConnectionStrings settings and does not appear to be a raw connection string.",

src/Serilog.Sinks.MSSqlServer/Configuration/Implementations/System.Configuration/SystemConfigurationConnectionStringProvider.cs

@@ -1,4 +1,5 @@
-using System.Configuration;
+using System;
+using System.Configuration;
 using Serilog.Debugging;
 
 namespace Serilog.Sinks.MSSqlServer.Configuration
@@ -9,7 +10,7 @@ public string GetConnectionString(string nameOrConnectionString)
         {
             // If there is an `=`, we assume this is a raw connection string not a named value
             // If there are no `=`, attempt to pull the named value from config
-            if (nameOrConnectionString.IndexOf('=') < 0)
+            if (nameOrConnectionString.IndexOf("=", StringComparison.InvariantCultureIgnoreCase) < 0)
             {
                 var cs = ConfigurationManager.ConnectionStrings[nameOrConnectionString];
                 if (cs != null)

src/Serilog.Sinks.MSSqlServer/Serilog.Sinks.MSSqlServer.csproj

@@ -4,7 +4,7 @@
     <Description>A Serilog sink that writes events to Microsoft SQL Server</Description>
     <VersionPrefix>5.3.0</VersionPrefix>
     <Authors>Michiel van Oudheusden;Serilog Contributors</Authors>
-    <TargetFrameworks>netstandard2.0;net452;netcoreapp2.0;net461</TargetFrameworks>
+    <TargetFrameworks>netstandard2.0;net452;net461;net472;netcoreapp2.0;netcoreapp2.2</TargetFrameworks>
     <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <AssemblyName>Serilog.Sinks.MSSqlServer</AssemblyName>
@@ -41,12 +41,16 @@
     <Compile Remove="Configuration\Extensions\System.Configuration\**\*.*" />
     <Compile Remove="Configuration\Implementations\Microsoft.Extensions.Configuration\**\*.*" />
     <Compile Remove="Configuration\Implementations\System.Configuration\**\*.*" />
+    <Compile Remove="Sinks\MSSqlServer\Platform\AzureManagedServiceAuthenticator.cs" />
+    <Compile Remove="Sinks\MSSqlServer\Platform\AzureManagedServiceAuthenticator.Stub.cs" />
     <!-- Show in VStudio, but MSBuild ignores these (indicates files are not code, non-published-content, etc.) -->
     <None Include="Configuration\Extensions\Hybrid\**\*.*" />
     <None Include="Configuration\Extensions\Microsoft.Extensions.Configuration\**\*.*" />
     <None Include="Configuration\Extensions\System.Configuration\**\*.*" />
     <None Include="Configuration\Implementations\Microsoft.Extensions.Configuration\**\*.*" />
     <None Include="Configuration\Implementations\System.Configuration\**\*.*" />
+    <None Include="Sinks\MSSqlServer\Platform\AzureManagedServiceAuthenticator.cs" />
+    <None Include="Sinks\MSSqlServer\Platform\AzureManagedServiceAuthenticator.Stub.cs" />
     <!-- ItemGroups below with TFM conditions will re-include the compile targets -->
   </ItemGroup>
 
@@ -56,6 +60,7 @@
     <PackageReference Include="Microsoft.Extensions.Options.ConfigurationExtensions" Version="2.0.0" />
     <Compile Include="Configuration\Extensions\Microsoft.Extensions.Configuration\**\*.cs" />
     <Compile Include="Configuration\Implementations\Microsoft.Extensions.Configuration\**\*.cs" />
+    <Compile Include="Sinks\MSSqlServer\Platform\AzureManagedServiceAuthenticator.Stub.cs" />
   </ItemGroup>
 
   <ItemGroup Condition=" '$(TargetFramework)' == 'netcoreapp2.0' Or '$(TargetFramework)' == 'net461' ">
@@ -66,6 +71,19 @@
     <Compile Include="Configuration\Extensions\Hybrid\**\*.cs" />
     <Compile Include="Configuration\Implementations\Microsoft.Extensions.Configuration\**\*.cs" />
     <Compile Include="Configuration\Implementations\System.Configuration\**\*.cs" />
+    <Compile Include="Sinks\MSSqlServer\Platform\AzureManagedServiceAuthenticator.Stub.cs" />
+  </ItemGroup>
+
+  <ItemGroup Condition=" '$(TargetFramework)' == 'netcoreapp2.2' Or '$(TargetFramework)' == 'net472' ">
+    <PackageReference Include="System.Configuration.ConfigurationManager" Version="4.5.0" />
+    <PackageReference Include="System.Data.SqlClient" Version="4.6.0" />
+    <PackageReference Include="Microsoft.Azure.Services.AppAuthentication" Version="1.4.0" />
+    <PackageReference Include="Microsoft.Extensions.Configuration" Version="2.0.0" />
+    <PackageReference Include="Microsoft.Extensions.Options.ConfigurationExtensions" Version="2.0.0" />
+    <Compile Include="Configuration\Extensions\Hybrid\**\*.cs" />
+    <Compile Include="Configuration\Implementations\Microsoft.Extensions.Configuration\**\*.cs" />
+    <Compile Include="Configuration\Implementations\System.Configuration\**\*.cs" />
+    <Compile Include="Sinks\MSSqlServer\Platform\AzureManagedServiceAuthenticator.cs" />
   </ItemGroup>
 
   <ItemGroup Condition=" '$(TargetFramework)' == 'net452' ">
@@ -77,6 +95,7 @@
     <Reference Include="Microsoft.CSharp" />
     <Compile Include="Configuration\Extensions\System.Configuration\**\*.cs" />
     <Compile Include="Configuration\Implementations\System.Configuration\**\*.cs" />
+    <Compile Include="Sinks\MSSqlServer\Platform\AzureManagedServiceAuthenticator.Stub.cs" />
   </ItemGroup>
 
   <ItemGroup>

src/Serilog.Sinks.MSSqlServer/Sinks/MSSqlServer/MSSqlServerAuditSink.cs

@@ -60,7 +60,10 @@ public MSSqlServerAuditSink(
                     throw new NotSupportedException($"The {nameof(ColumnOptions.DisableTriggers)} option is not supported for auditing.");
             }
 
-            _sqlConnectionFactory = new SqlConnectionFactory(connectionString);
+            // TODO initialize authenticator from parameters
+            var azureManagedServiceAuthenticator = new AzureManagedServiceAuthenticator(false, null);
+
+            _sqlConnectionFactory = new SqlConnectionFactory(connectionString, azureManagedServiceAuthenticator);
             _traits = new MSSqlServerSinkTraits(_sqlConnectionFactory, tableName, schemaName, columnOptions, formatProvider, autoCreateSqlTable, logEventFormatter);
         }
 

src/Serilog.Sinks.MSSqlServer/Sinks/MSSqlServer/MSSqlServerSink.cs

@@ -72,7 +72,10 @@ public MSSqlServerSink(
         {
             columnOptions?.FinalizeConfigurationForSinkConstructor();
 
-            _sqlConnectionFactory = new SqlConnectionFactory(connectionString);
+            // TODO initialize authenticator from parameters
+            var azureManagedServiceAuthenticator = new AzureManagedServiceAuthenticator(false, null);
+
+            _sqlConnectionFactory = new SqlConnectionFactory(connectionString, azureManagedServiceAuthenticator);
             _traits = new MSSqlServerSinkTraits(_sqlConnectionFactory, tableName, schemaName, columnOptions, formatProvider, autoCreateSqlTable, logEventFormatter);
         }
 

src/Serilog.Sinks.MSSqlServer/Sinks/MSSqlServer/Platform/AzureManagedServiceAuthenticator.Stub.cs

@@ -0,0 +1,22 @@
+using System.Data.SqlClient;
+
+// This is an empty implementaion of IAzureManagedServiceAuthenticator for the target
+// frameworks that don't support azure managed identities (net452, net461, netstandard2.0, netcoreapp2.0).
+namespace Serilog.Sinks.MSSqlServer.Sinks.MSSqlServer.Platform
+{
+    internal class AzureManagedServiceAuthenticator : IAzureManagedServiceAuthenticator
+    {
+        private readonly bool _useAzureManagedIdentity;
+        private readonly string _azureServiceTokenProviderResource;
+
+        public AzureManagedServiceAuthenticator(bool useAzureManagedIdentity, string azureServiceTokenProviderResource)
+        {
+            _useAzureManagedIdentity = useAzureManagedIdentity;
+            _azureServiceTokenProviderResource = azureServiceTokenProviderResource;
+        }
+
+        public void SetAuthenticationToken(SqlConnection sqlConnection)
+        {
+        }
+    }
+}

src/Serilog.Sinks.MSSqlServer/Sinks/MSSqlServer/Platform/AzureManagedServiceAuthenticator.cs

@@ -0,0 +1,37 @@
+using System;
+using System.Data.SqlClient;
+using Microsoft.Azure.Services.AppAuthentication;
+
+namespace Serilog.Sinks.MSSqlServer.Sinks.MSSqlServer.Platform
+{
+    internal class AzureManagedServiceAuthenticator : IAzureManagedServiceAuthenticator
+    {
+        private readonly bool _useAzureManagedIdentity;
+        private readonly string _azureServiceTokenProviderResource;
+        private readonly AzureServiceTokenProvider _azureServiceTokenProvider;
+
+        public AzureManagedServiceAuthenticator(bool useAzureManagedIdentity, string azureServiceTokenProviderResource)
+        {
+            if (useAzureManagedIdentity && string.IsNullOrWhiteSpace(azureServiceTokenProviderResource))
+            {
+                throw new ArgumentNullException(nameof(azureServiceTokenProviderResource));
+            }
+
+            _useAzureManagedIdentity = useAzureManagedIdentity;
+            _azureServiceTokenProviderResource = azureServiceTokenProviderResource;
+            _azureServiceTokenProvider = new AzureServiceTokenProvider();
+        }
+
+        public void SetAuthenticationToken(SqlConnection sqlConnection)
+        {
+            if (!_useAzureManagedIdentity)
+            {
+                return;
+            }
+
+            // TODO make the whole call hierarchy async
+            sqlConnection.AccessToken = _azureServiceTokenProvider.GetAccessTokenAsync(
+                _azureServiceTokenProviderResource).GetAwaiter().GetResult();
+        }
+    }
+}

src/Serilog.Sinks.MSSqlServer/Sinks/MSSqlServer/Platform/IAzureManagedServiceAuthenticator.cs

@@ -0,0 +1,9 @@
+using System.Data.SqlClient;
+
+namespace Serilog.Sinks.MSSqlServer.Sinks.MSSqlServer.Platform
+{
+    internal interface IAzureManagedServiceAuthenticator
+    {
+        void SetAuthenticationToken(SqlConnection sqlConnection);
+    }
+}

src/Serilog.Sinks.MSSqlServer/Sinks/MSSqlServer/Platform/SqlConnectionFactory.cs

@@ -6,17 +6,31 @@ namespace Serilog.Sinks.MSSqlServer.Sinks.MSSqlServer.Platform
     internal class SqlConnectionFactory : ISqlConnectionFactory
     {
         private readonly string _connectionString;
+        private readonly IAzureManagedServiceAuthenticator _azureManagedServiceAuthenticator;
 
-        public SqlConnectionFactory(string connectionString)
+        public SqlConnectionFactory(string connectionString, IAzureManagedServiceAuthenticator azureManagedServiceAuthenticator)
         {
             if (string.IsNullOrWhiteSpace(connectionString))
             {
                 throw new ArgumentNullException(nameof(connectionString));
             }
 
+            if (azureManagedServiceAuthenticator == null)
+            {
+                throw new ArgumentNullException(nameof(azureManagedServiceAuthenticator));
+            }
+
             _connectionString = connectionString;
+            _azureManagedServiceAuthenticator = azureManagedServiceAuthenticator;
         }
 
-        public SqlConnection Create() => new SqlConnection(_connectionString);
+        public SqlConnection Create()
+        {
+            var sqlConnection = new SqlConnection(_connectionString);
+
+            _azureManagedServiceAuthenticator.SetAuthenticationToken(sqlConnection);
+
+            return sqlConnection;
+        }
     }
 }

test/Serilog.Sinks.MSSqlServer.Tests/Serilog.Sinks.MSSqlServer.Tests.csproj

@@ -13,7 +13,7 @@
   -->
 
   <PropertyGroup>
-    <TargetFrameworks>netcoreapp2.0;net452</TargetFrameworks>
+    <TargetFrameworks>net452;netcoreapp2.0;netcoreapp2.2</TargetFrameworks>
     <TargetFrameworks Condition=" '$(OS)' != 'Windows_NT' ">netstandard2.0</TargetFrameworks>
     <AssemblyName>Serilog.Sinks.MSSqlServer.Tests</AssemblyName>
     <AssemblyOriginatorKeyFile>../../assets/Serilog.snk</AssemblyOriginatorKeyFile>
@@ -41,8 +41,10 @@
   <ItemGroup>
     <!-- Ensure MSBuild ignores all build-target-specific files by default -->
     <Compile Remove="Configuration\**\*.*" />
+    <Compile Remove="Sinks\MSSqlServer\Platform\AzureManagedServiceAuthenticatorTests.cs" />
     <!-- Show in VStudio, but MSBuild ignores these (indicates files are not code, non-published-content, etc.) -->
     <None Include="Configuration\**\*.*" />
+    <None Include="Sinks\MSSqlServer\Platform\AzureManagedServiceAuthenticatorTests.cs" />
     <!-- ItemGroups below with TFM conditions will re-include the compile targets -->
   </ItemGroup>
 
@@ -55,6 +57,17 @@
     <Compile Include="Configuration\Implementations\System.Configuration\**\*.cs" />
   </ItemGroup>
 
+  <!--<ItemGroup Condition=" '$(TargetFramework)' == 'net472' ">
+    <Reference Include="System" />
+    <Reference Include="Microsoft.CSharp" />
+    <PackageReference Include="xunit" Version="2.4.1" />
+    <PackageReference Include="xunit.runner.visualstudio" Version="2.4.1" />
+    <Compile Remove="**\*.*" />
+    <Compile Include="GlobalSuppressions.cs" />
+    <Compile Include="TestUtils\**\*.cs" />
+    <Compile Include="Sinks\MSSqlServer\Platform\AzureManagedServiceAuthenticatorTests.cs" />
+  </ItemGroup>-->
+
   <ItemGroup Condition=" '$(TargetFramework)' == 'netcoreapp2.0' ">
     <PackageReference Include="System.Collections" Version="4.3.0" />
     <PackageReference Include="System.Runtime.InteropServices" Version="4.3.0" />
@@ -73,6 +86,25 @@
     <Compile Include="Configuration\Implementations\System.Configuration\**\*.cs" />
   </ItemGroup>
 
+  <ItemGroup Condition=" '$(TargetFramework)' == 'netcoreapp2.2' ">
+    <PackageReference Include="System.Collections" Version="4.3.0" />
+    <PackageReference Include="System.Runtime.InteropServices" Version="4.3.0" />
+    <PackageReference Include="System.Runtime.Extensions" Version="4.3.1" />
+    <PackageReference Include="System.IO.FileSystem.Primitives" Version="4.3.0" />
+    <PackageReference Include="System.Resources.ResourceManager" Version="4.3.0" />
+    <PackageReference Include="System.Text.Encoding.Extensions" Version="4.3.0" />
+    <PackageReference Include="xunit" Version="2.4.1" />
+    <PackageReference Include="xunit.core" Version="2.4.1" />
+    <PackageReference Include="xunit.runner.visualstudio" Version="2.4.1">
+      <PrivateAssets>all</PrivateAssets>
+      <IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
+    </PackageReference>
+    <Compile Remove="**\*.*" />
+    <Compile Include="GlobalSuppressions.cs" />
+    <Compile Include="TestUtils\**\*.cs" />
+    <Compile Include="Sinks\MSSqlServer\Platform\AzureManagedServiceAuthenticatorTests.cs" />
+  </ItemGroup>
+
   <ItemGroup>
     <None Update="App.config">
       <CopyToOutputDirectory>Always</CopyToOutputDirectory>