LINQPad 8: Proxy authentication not working for Azure SQL
We are still using proxy severs with Kerberos authentication for most of our computers. But we als have computers directly running on the Internet. I can connect to my Azure SQL DB on a client without proxy without any issues. But when I try to connect to the same server from my computer that is behind the authenticating proxy I get a proxy 407 error
The proxy settings a such work
i guess the setting to use the Windows credentials for the proxy server is nor being used for the connection - which is the default for .net core.
There is also the issue that changes to the proxy settings are not directly being used for connections (both new or existing). You first have to re-start LINQPad 8
LINQPad 8.0.18 x64
Host runtime version: 8.0.0
Default query runtime version: 8.0.0
Default query reference assembly version: 8.0.0
Roslyn Version: 4.8.0-7.23558.1
FSharp.Compiler.Service version: 43.7.400.0
NuGet client version: 6.7.0.127
Results rendering engine: Edge Chromium Engine 120.0.2210.91 (WebView2)
Windows 10 22H2
Comments
AFAIK, SqlConnection uses tcp, not http. So even if you managed to get through the MFA login, you wouldn't be able to connect to the database if your Internet connectivity is limited to an http proxy.
And how is this related to each other? The one thing is the proxy authentication not working. The other aspect is if I could establish a TCP connection to a server. That is limited by the corporate firewall settings - where I can request an exception for a fixed IP address / DNS name (that of the SQL: server) and a fixed TCP port or a even a range of TCP ports. Or I could establish a virtual network on Azure that is accessible from our private network ... So simply fix the proxy authentication bug?
Here we can learn how to use virtual networks on Azure https://learn.microsoft.com/en-us/microsoft-365/enterprise/connect-an-on-premises-network-to-a-microsoft-azure-virtual-network?view=o365-worldwide
Any support? We paid for the product.
I see: so your network admin is willing to allow you to access port 1433 on database.windows.net, but not port 433 on login.microsoftonline.com?
This is somewhat of a niche scenario. I'll try to get an option into the 8.2.1 beta - this should be released next week after the 8.1 security update has been pushed to RTM. Note that you'll need to enable it via a checkbox in the Proxy options. It will look like this:
Also note that if your proxy requires authentication, you'll probably need to re-enter your proxy credentials when the MFA dialog appears, as it doesn't appear possible to send proxy credentials to the Chromium engine:
https://superuser.com/questions/1548001/how-to-setup-user-and-password-for-proxy-server-in-chrome-chromium-in-headless-m
However, there is now a checkbox to save refresh tokens to disk (from LINQPad 8.1.x) so you will only have to see the dialog once.
Great! Thanks for the support!