Skip to content

Move AAD/Entra Authentication into new Azure package #3680

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 16 commits into
base: feat/azure-split
Choose a base branch
from
Open

Move AAD/Entra Authentication into new Azure package #3680

wants to merge 16 commits into from

Conversation

@paulmedynski
Copy link
Contributor

@paulmedynski paulmedynski commented Oct 10, 2025
edited
Loading

Overview

This PR contains changes to move the ActiveDirectoryAuthenticationProvider out of the MDS package and into the new Azure package. Please refer to the design here:

MDS Azure Extension Design

This PR is only concerned with moving the provider code out of MDS and creating the necessary base classes and types in the Abstractions package, which includes:

  • Creation of base classes/types in Abstractions related to the SQL authentication provider APIs.
  • Move of the ActiveDirectoryAuthenticationProvider.cs file into the Azure package.
  • Creation of the Azure package and related PR/CI pipelines.
  • Targeted updates/improvements due to blast radius/fallout of the above.

Future PRs will address:

  • Proper documentation (API, samples, reference).
  • Dependency updates.
  • Terminology modernization.
  • String localization.
  • Code refactoring/improvements.
  • Addition of a synchronous AcquireToken() method.
  • Separation of existing tests out of the MDS project and into the Azure project.
  • Addition of unit tests and improved integration tests.
  • New tests in the MDS project to confirm the authentication provider management logic.
  • Any additional issues we come up with that aren't directly related to the move.

This builds on the previous 2 PRs:

Testing

All existing tests in the MDS project are passing. This confirms that the move didn't break anything that is currently being tested.

paulmedynski
paulmedynski commented Oct 10, 2025
View reviewed changes
Copy link
Contributor Author

@paulmedynski paulmedynski left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Commentary for reviewers and some TODOs for me.

paulmedynski
paulmedynski commented Oct 11, 2025
View reviewed changes
Copy link
Contributor Author

@paulmedynski paulmedynski left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Commentary for reviewers.

Base automatically changed from dev/paul/azure-split/abstractions-pipelines to feat/azure-split October 16, 2025 16:23
@paulmedynski paulmedynski force-pushed the dev/paul/azure-split/authentication branch from ddc22a7 to 71fd319 Compare October 16, 2025 19:57
@paulmedynski paulmedynski force-pushed the dev/paul/azure-split/authentication branch from 71fd319 to 283f241 Compare October 16, 2025 20:04
@codecov
Copy link

codecov bot commented Oct 20, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 77.77778% with 54 lines in your changes missing coverage. Please review.
⚠️ Please upload report for BASE (feat/azure-split@287309f). Learn more about missing BASE report.

Files with missing lines Patch % Lines
...Data/SqlClient/SqlAuthenticationProviderManager.cs 78.72% 20 Missing ⚠️
...crosoft/Data/SqlClient/SqlInternalConnectionTds.cs 61.76% 13 Missing ⚠️
...crosoft/Data/SqlClient/SqlInternalConnectionTds.cs 61.76% 13 Missing ⚠️
...ta/SqlClient/SqlAuthenticationParametersBuilder.cs 79.41% 7 Missing ⚠️
...Microsoft/Data/SqlClient/TdsParserHelperClasses.cs 95.45% 1 Missing ⚠️
Additional details and impacted files 
@@                 Coverage Diff                 @@
##             feat/azure-split    #3680   +/-   ##
===================================================
  Coverage                    ?   76.77%           
===================================================
  Files                       ?      269           
  Lines                       ?    45029           
  Branches                    ?        0           
===================================================
  Hits                        ?    34573           
  Misses                      ?    10456           
  Partials                    ?        0
Flag Coverage Δ
addons 90.82% <ø> (?)
netcore 76.67% <75.11%> (?)
netfx 76.15% <80.38%> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@paulmedynski
- Fixed expansion of split expression in version numbers.
224a316 
- Removed addition of PDBs from <AllowedOutputExtensionsInPackageBuildOutputFolder>.
- Removed MDS package ref dependency on Abstractions until pipelines are ready.
- Renamed AbstractionsPackage to Abstractions in targets.
- Updated BUILDGUIDE based on project ref behaviour.
- Added feature branches to CI pipeline triggers.
- Added missing/incomplete paths to the trigger.
- Added dev/* branches to the CI triggers so PRs that target other dev/ branches can run CI.
- Added missing MdsPackageVersion property to signed build pipeline job.
- Commented-out failing NuGet tool installer task.
- Re-ordered Guardian analysis step _before_ build step to avoid clobbering versioned DLLs.
- Added MDS package version to AKV build/package steps.
- Restored AKV nuspec ReferenceType property for AKV Official builds.
- Explicitly building tooling before analysis.
- Fixing validation steps to match XML props files.
- Added PR automation triggers, and documented other pipeline sections.
- Added ReferenceType throughout the MDS/AKV CI build steps.
- Added NuGet.config update to main CI build step for Package reference mode.
- Swapped Abstractions download and NuGet.config update to ensure packages/ exists before attempting to re-configure NuGet.
- Clean target no longer removes packages/
- Uncommented package refs to Abstractions.
- Added separate MDS and AKV project builds to support Package mode.
- Added $ReferenceType$ property to MDS .nuspec like it is for AKV.
- Removed obsolete version variables from merge conflict.
- Adding $ReferenceType$ back to AKV nuspec.
- Moved SqlAuthenticationProvider and friends into Abstractions.
- Moved ActiveDirectoryAuthenticationProvider into a new Azure package.
- Moved a bunch of docs into Abstractions and Azure projects.
- Updated Abstractions classes to be abstract with minimal implementation.
- Added back the implementations to MDS.
- Re-worked some of the docs.
- SqlAuthentication* classes separated out into Base classes in Abstractions.
- Updated docs accordingly.
- MDS compiles.
- Some Azure package code moved, but not compiling.
- Added an exception class for authentication errors.
- Enabled XML doc compilation and validation.
- Updated MDS to handle SqlAuthenticationProviderException instead of MSAL exceptions.
- Removed Azure.Identity from MDS.
- Got existing tests compiling using the new Azure package.
- Added Azure package build targets.
- Updated docs related to ReferenceType
- Got all projects properly adhering to Package reference type.
- Removed TestMicrosoftDataSqlClientVersion in favour of MdsPackageVersion.
- Fixed tools restore from build.proj.
- Fixed missing using for dummy auth provider.
- Fixed obsolete warnings for password auth.
- Moved SqlAuthenticationParameters entirely into Abstractions, avoiding an empty base class.
- Moved SqlAuthenticationToken entirely into Abstractions.
- Moved SqlAuthenticationProvider entirely into Abstractions.
- Removed SqlAuthenticationProviderBase.
- Exposed SqlAuthenticationProviderManager as a public API in MDS.
- Moved SetProvider() and GetProvider() to the Manager where they should have been all along (Breaking Change).
- Added catch-all exception handlers in prep for proper analysis and specific exception handling.
- Some improvements to avoid meaningless nulls.
- Added PR/CI pipeline support for the Azure package.
- Fixed Abstractions download path.
- Updated SqlAuthenticationProviderException to use Method instead of Action.
- Fixed NRE in SqlException.
- Fixed SqlAuthenticationProviderException use in MDS.
- Added chaining Add() to SqlErrorCollection.
- Added a useful message when _fedAuthToken is null after attempting to acquire a token.
- Fixed auth provider error handling to mimic the old code.
- Removing unnecessary database checks that are hanging forever.
- Fixed timestamp truncation from long to uint causing cached tokens to be erroneously expired.
@paulmedynski paulmedynski force-pushed the dev/paul/azure-split/authentication branch from 87be738 to 224a316 Compare October 20, 2025 15:00
paulmedynski
paulmedynski commented Oct 20, 2025
View reviewed changes
Copy link
Contributor Author

@paulmedynski paulmedynski left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Commentary for reviewers, and a few things for me to fix.

@paulmedynski paulmedynski marked this pull request as ready for review October 20, 2025 15:58
@paulmedynski paulmedynski requested a review from a team as a code owner October 20, 2025 15:58
mdaigle
mdaigle reviewed Oct 20, 2025
View reviewed changes
David-Engel
David-Engel reviewed Oct 20, 2025
View reviewed changes
Copy link
Contributor

@David-Engel David-Engel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Partial 45/89 review

@paulmedynski
- Added obsolete Get/Set Provider methods on SqlAuthenticationProvide…
bdd1c13 
…r to maintain API for now.

- Addressed review comments.
@paulmedynski
- Fixed dummy auth provider tests on .NET Framework.
522e5a4 
- Added some config improvements to xUnit runners.
@paulmedynski paulmedynski added this to the 7.0.0-preview3 milestone Oct 21, 2025
@paulmedynski
Merge branch 'feat/azure-split' into dev/paul/azure-split/authentication
eebd756
@paulmedynski
- Addressed review comments.
5d5fa84 
- Reverted SqlAuthenticationParameters authenticationTimeout constructor argument to its original name connectionTimeout and added docs explaining why.
@paulmedynski
- Fixed build error related to SqlAuthenticationParameters.
65091f4
cheenamalhotra
cheenamalhotra requested changes Oct 24, 2025
View reviewed changes
@paulmedynski
- Reverted all public API changes from previous commits.
323cdda 
- Moved some tests around to get access to internals and to compile everywhere.
paulmedynski
paulmedynski commented Oct 28, 2025
View reviewed changes
Copy link
Contributor Author

@paulmedynski paulmedynski left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I reverted all of the previous public API changes and left notes about what we may want to bring back in the future.

@cheenamalhotra cheenamalhotra mentioned this pull request Oct 28, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mdaigle mdaigle mdaigle approved these changes

@saurabh500 saurabh500 Awaiting requested review from saurabh500

@David-Engel David-Engel Awaiting requested review from David-Engel

@cheenamalhotra cheenamalhotra Awaiting requested review from cheenamalhotra

+2 more reviewers

@ErikEJ ErikEJ ErikEJ left review comments

@edwardneal edwardneal edwardneal left review comments

Reviewers whose approvals may not affect merge requirements

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

7.0.0-preview3

Development

Successfully merging this pull request may close these issues.

7 participants

@paulmedynski @ErikEJ @mdaigle @cheenamalhotra @David-Engel @edwardneal