🔐Authentication in Azure SQL using Managed Identity

🔐Authentication in Azure SQL using Managed Identity

Wagner Hernandes Wagner Hernandes

Wagner Hernandes

Published Aug 27, 2025
+ Follow

When building secure applications in Azure, one of the best practices is to avoid storing secrets such as connection strings or passwords. Instead, we can leverage Managed Identity 🚀 — a feature that allows our application to authenticate to Azure services without credentials.

In this article, I’ll show you how to use Managed Identity to connect to Azure SQL Database.

🧐 What is Managed Identity?

Managed Identity is an Azure feature that provides your application with an automatically managed identity in Microsoft Entra ID (formerly Azure Active Directory – Azure AD). This identity can then be used to authenticate against Azure resources like Key Vault, Storage, and SQL Database.

👉 No passwords. 👉 No secrets. 👉 Just secure and seamless authentication.

⚙️ Step 1: Enable Managed Identity on your App

If you are using an Azure App Service, simply go to:

  1. Azure Portal → Your App Service
  2. Identity → Turn System assigned to On
  3. Save ✅

Now, your app has its own identity in Microsoft Entra ID.

🛡️ Step 2: Grant Permissions in Azure SQL

Next, you need to allow this identity to connect to your Azure SQL Database:

  1. Open Azure SQL Database in the portal
  2. Open Query editor or connect with SSMS using an admin account
  3. Run the following SQL commands:

Recommended by LinkedIn

Security Features in Microsoft SQL Server You Must Know
Security Features in Microsoft SQL Server You Must Know
Naresh i Technologies 2 months ago
Microsoft SQL Server 2012
Microsoft SQL Server 2012
May Turnbull 4 years ago
Compensate TDE Performance Overheads by Using Compression
Compensate TDE Performance Overheads by Using…
Chandrachurh Ghosh 1 year ago 
sql

-- Create a user for the Managed Identity
CREATE USER [my-app-name] FROM EXTERNAL PROVIDER;

-- Grant permissions
ALTER ROLE db_datareader ADD MEMBER [my-app-name];
ALTER ROLE db_datawriter ADD MEMBER [my-app-name];

Now your application’s identity has read and write access.

💻 Step 3: Connect from C# Code

With Managed Identity, you don’t need a username or password anymore. Just use DefaultAzureCredential from the Azure SDK: 

csharp

using Azure.Identity;
using Microsoft.Data.SqlClient;

var connectionString = "Server=tcp:myserver.database.windows.net,1433;Database=mydb;";

var credential = new DefaultAzureCredential();
var conn = new SqlConnection(connectionString)
{
    AccessToken = (await credential.GetTokenAsync(
        new Azure.Core.TokenRequestContext(new[] { "https://database.windows.net/.default" })
    )).Token
};

await conn.OpenAsync();
Console.WriteLine("Connected successfully with Managed Identity!");

That’s it! No secrets, no risks.

🎯 Benefits

  • 🔒 Enhanced Security – no secret leaks
  • Simplified Management – no need to rotate passwords
  • 🛠️ Integration with Microsoft Entra ID – role-based access

🚀 Final Thoughts

Using Managed Identity to connect to Azure SQL is a game-changer in terms of security and simplicity. Behind the scenes, Microsoft Entra ID (the new name for Azure AD) is the one issuing and validating the tokens that make this possible.

If you are still using connection strings with embedded credentials, now is the time to upgrade.

Have you already tried Managed Identity in your projects? 💬 Drop your experience in the comments — I’d love to hear your thoughts!

Bruno Santos 8mo

Thanks for sharing, very good

Like
Reply
1 Reaction
Thiago Ferrari 8mo

Nice post! 👍 Thanks for sharing!

Like
Reply
MARLON FERREIRA 8mo

Thanks for sharing!

Like
Reply
1 Reaction
See more comments

To view or add a comment, sign in

More articles by this author

See all

Others also viewed

Similar topics

Explore content categories