| title | Get Values for App Authentication | ||||
|---|---|---|---|---|---|
| description | Create a service principal for accessing Azure SQL Database from code. | ||||
| author | VanMSFT | ||||
| ms.author | vanto | ||||
| ms.reviewer | wiassaf, mathoma | ||||
| ms.date | 06/10/2025 | ||||
| ms.service | azure-sql-database | ||||
| ms.subservice | development | ||||
| ms.topic | how-to | ||||
| ms.custom |
|
||||
| monikerRange | =azuresql || =azuresql-db || =fabricsql |
[!INCLUDE appliesto-sqldb-fabricsqldb]
To create and manage an Azure SQL Database from code, you must register your app with Microsoft Entra ID (formerly Azure Active Directory). The app must be registered in the same Microsoft Entra tenant as your Azure SQL Database resource.
The following examples create the Microsoft Entra application and the service principal that we need to authenticate our C# app. The script outputs values we need for the preceding C# sample. For detailed information, see Use Azure PowerShell to create a service principal to access resources.
Important
The PowerShell Azure Resource Manager (AzureRM) module was deprecated on February 29, 2024. All future development should use the Az.Sql module. Users are advised to migrate from AzureRM to the Az PowerShell module to ensure continued support and updates. The AzureRM module is no longer maintained or supported. The arguments for the commands in the Az PowerShell module and in the AzureRM modules are substantially identical. For more about their compatibility, see Introducing the new Az PowerShell module.
# sign in to Azure
Connect-AzAccount
# for multiple subscriptions, uncomment and set to the subscription you want to work with
#$subscriptionId = "{xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}"
#Set-AzContext -SubscriptionId $subscriptionId
$appName = "{app-name}" # display name for your app, must be unique in your directory
$uri = "http://{app-name}" # does not need to be a real uri
$secret = "{app-password}"
# create an AAD app
$azureAdApplication = New-AzADApplication -DisplayName $appName -HomePage $Uri -IdentifierUris $Uri -Password $secret
# create a Service Principal for the app
$svcprincipal = New-AzADServicePrincipal -ApplicationId $azureAdApplication.ApplicationId
Start-Sleep -s 15 # to avoid a PrincipalNotFound error, pause here for 15 seconds
# if you still get a PrincipalNotFound error, then rerun the following until successful.
$roleassignment = New-AzRoleAssignment -RoleDefinitionName Contributor -ServicePrincipalName $azureAdApplication.ApplicationId.Guid
# output the values we need for our C# application to successfully authenticate
Write-Output "Copy these values into the C# sample app"
Write-Output "_subscriptionId:" (Get-AzContext).Subscription.SubscriptionId
Write-Output "_tenantId:" (Get-AzContext).Tenant.TenantId
Write-Output "_applicationId:" $azureAdApplication.ApplicationId.Guid
Write-Output "_applicationSecret:" $secret# sign in to Azure
az login
# for multiple subscriptions, uncomment and set to the subscription you want to work with
#$subscriptionId = "{xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}"
#az account set --subscription $subscriptionId
$appName = "{app-name}" # display name for your app, must be unique in your directory
$uri = "http://{app-name}" # does not need to be a real uri
$secret = "{app-password}"
# create an AAD app
$azureAdApplication = az ad app create --display-name $appName --homepage $Uri --identifier-uris $Uri --password $secret
# create a Service Principal for the app
$svcprincipal = az ad sp create --id $azureAdApplication.ApplicationId
Start-Sleep -s 15 # to avoid a PrincipalNotFound error, pause for 15 seconds
# if you still get a PrincipalNotFound error, then rerun the following until successful.
$roleassignment = az role assignment create --role "Contributor" --scope /subscriptions/{Subscription-id}/resourceGroups/{resource-group-name} --assignee $azureAdApplication.ApplicationId.Guid
# output the values we need for our C# application to successfully authenticate
Write-Output "Copy these values into the C# sample app"
Write-Output "-subscriptionId:" (az account show --query "id")
Write-Output "_tenantId:" (az account show --query "tenantId")
Write-Output "_applicationId:" $azureAdApplication.ApplicationId.Guid
Write-Output "_applicationSecret:" $secret