SQL Server Data Tools (SSDT) 中的 Azure Active Directory 支持Azure Active Directory support in SQL Server Data Tools (SSDT)

适用于: 否SQL Server 是Azure SQL 数据库 是Azure Synapse Analytics (SQL DW) 否并行数据仓库 APPLIES TO: NoSQL Server YesAzure SQL Database YesAzure Synapse Analytics (SQL DW) NoParallel Data Warehouse

SQL Server Data Tools (SSDT) 提供了多种 Azure Active Directory (Azure AD) 身份验证方法。SQL Server Data Tools (SSDT) provides several Azure Active Directory (Azure AD) authentication methods.

在 Visual Studio 中,打开“SQL Server 对象资源管理器”(在“视图”菜单中),然后选择“添加 SQL Server” :In Visual Studio, open the SQL Server Object Explorer (in the View menu), and select Add SQL Server:

SSDT 连接对话框

哪些 Azure SQL 产品?Which Azure SQL products?

本文介绍 Azure 云中以下 Azure SQL 产品列表的 Azure AD:This article discusses Azure AD for the following list of Azure SQL products in the Azure cloud:

  • Azure SQL 数据库Azure SQL Database
  • Azure Synapse AnalyticsAzure Synapse Analytics

Active Directory 密码身份验证Active Directory Password Authentication

Active Directory 密码验证是一种连接到之前列出的 Azure SQL 产品的机制。Active Directory Password Authentication is a mechanism of connecting to the Azure SQL products that were listed earlier. 该机制使用 Azure Active Directory (Azure AD) 中的标识。The mechanism uses identities in Azure Active Directory (Azure AD). 以下情况下使用此方法进行连接:Use this method for connecting when:

  • 使用来自未与 Azure 联合的域的凭据登录到 Windows,或者You are logged in to Windows with credentials from a domain that is not federated with Azure, or
  • 通过 Azure AD 使用 Azure AD 身份验证,并且它基于初始域或客户端域。You are using Azure AD authentication with Azure AD, and it is based on the initial or client domain.

有关详细信息,请参阅使用 Azure Active Directory 身份验证连接到 SQL 数据库For more information, see Connecting to SQL Database By Using Azure Active Directory Authentication.

Active Directory 集成身份验证Active Directory Integrated Authentication

Active Directory 集成身份验证是一种使用 Azure Active Directory (Azure AD) 中的标识连接到列出的 Azure SQL 产品的机制**。Active Directory Integrated Authentication is a mechanism of connecting to the listed Azure SQL products by using identities in Azure Active Directory (Azure AD). 如果使用 Azure Active Directory 凭据从联盟域登录 Windows,请使用这种方法进行连接。Use this method for connecting if you are logged in to Windows using your Azure Active Directory credentials from a federated domain. 有关详细信息,请参阅使用 Azure Active Directory 身份验证连接到 SQL 数据库For more information, see Connecting to SQL Database By Using Azure Active Directory Authentication.

Active Directory 交互式身份验证Active Directory Interactive Authentication

使用 SSDT 连接到列出的 Azure SQL 产品时,Active Directory 交互式身份验证可用,但仅用于 .NET Framework 4.7.2 或更高版本**。Active Directory Interactive Authentication is available when connecting to the listed Azure SQL products with SSDT, but only with .NET Framework 4.7.2 or a later version.

多重身份验证 (MFA)Multi-Factor Authentication (MFA)

Active Directory 交互式身份验证支持交互式身份验证,以便能够使用 Azure Active Directory (AD) 多重身份验证 (MFA) 向列出的 Azure SQL 产品进行身份验证。Active Directory Interactive Authentication supports an interactive authentication allowing you to use Azure Active Directory (AD) Multi-Factor Authentication (MFA) to authenticate with the listed Azure SQL products. 此方法支持本机和联合的 Azure AD 用户,以及来自其他帐户的来宾用户。This method supports native and federated Azure AD users, and guest users from other accounts. 其他类型的帐户包括:The other types of account include:

  • 企业对企业 (Azure AD B2B) 用户。Business-to-Business (Azure AD B2B) users.
  • Microsoft 帐户,如 @outlook.com、@hotmail.com、@live.com。Microsoft accounts, such as @outlook.com, @hotmail.com, @live.com.
  • 非 Microsoft 帐户,如 @gmail.com。Non-Microsoft accounts, such as @gmail.com.

如果指定 MFA 方法,必须指定“用户名”,“密码”字段已禁用 。If the MFA method is specified, the User Name must be specified, and the Password field is disabled.

密码输入Password Entry

使用 Active Directory 交互式身份验证进行验证时,将看到打开的身份验证窗口,其中提示用户手动输入密码。When authenticating with Active Directory Interactive Authentication, an authentication window opens that requires users to enter a password manually.


Azure AD 通过此附加 MFA 弹出窗口强制执行 MFA。The MFA enforcement is provided by Azure AD through this additional MFA pop-up window.


使用 Active Directory 交互式身份验证将阻止自动化工作流。Automated workflows would be blocked by the use of Active Directory Interactive Authentication. 必须存在以手动输入密码的形式与身份验证过程进行交互的人员。There must be a person available to interact with the authentication process, in the form of manually entering a password.

已知问题和限制Known issues and limitations

  • 仅当连接到本文开头列出的 Azure SQL 产品时,才支持Active Directory 交互式身份验证。Active Directory Interactive Authentication is only supported when connecting to the Azure SQL products that were listed at the start of this article. SQL Server(本地或 VM 上)不支持它。It is not supported for SQL Server (on-prem or on a VM).
  • 服务器资源管理器中的连接对话框不支持 Active Directory 交互式身份验证 。Active Directory Interactive Authentication is not supported in the connection dialog in Server Explorer. 必须结合使用 SSDT 和 SQL Server 对象资源管理器进行连接。You must connect by using SSDT with SQL Server Object Explorer.
  • SSDT 不支持将单一登录与当前登录 Visual Studio 的帐户集成。Single sign-on integration with the currently logged in Visual Studio account is not supported for SSDT.
  • 在 Visual Studio 安装期间安装到扩展目录的 SQLPackage.exe 并不是指从此位置进行使用。The SQLPackage.exe that is installed into the Extensions directory during Visual Studio installation is not meant to be used from that location. 若要配合使用 SQLPackage.exe 和 Azure AD,请转到 https://www.microsoft.com/download/details.aspx?id=55088To use SQLPackage.exe with Azure AD, go to https://www.microsoft.com/download/details.aspx?id=55088
  • Azure AD 身份验证不支持 SSDT 数据比较。SSDT Data Compare is not supported for Azure AD authentication.

另请参阅See Also

多重身份验证Multi-factor authentication
向 SQL 数据库进行Azure Active Directory 身份验证Azure Active Directory authentication with SQL Database
SSDT 团队博客SSDT Team Blog
DACFx API 参考DACFx API Reference
下载 SQL Server Management Studio (SSMS)Download SQL Server Management Studio (SSMS)