I am attempting to connect to a Azure SQL DB with an AAD account as part of my Azure pipeline. Roughly I have the following:
An Azure pipeline with an associated service connection. An Azure SQL DB with the AAD admin set to the service principal (of the connection). An Azure CLI task which gets the bearer token of the service principal.
I then have a Azure Powershell script that uses the bearer token to connect to the DB:
$conn = new-object System.Data.SqlClient.SqlConnection
$conn.ConnectionString = "Server=tcp:$($sqlServer),1433;Initial Catalog=$($sqlDB);Persist Security Info=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;"
$conn.AccessToken = $env:ACCESSTOKEN
$conn.Open()
This results in the following error:
Login failed for user '<token-identified principal>
The Agent running the pipeline is allowed through the SQL Server firewall.
In the DB logs the error code is 18456 and the state is 132 (AAD failure).
I have tested this manually using Azure CLI logging in using the service connections service principal, requesting the bearer token and then connecting to the db (using the code above) and this works.
If I compare the bearer token of the Pipeline test and the Azure CLi manual test, they are identical (apart from exp, uti and aio)
Any ideas?