diff --git a/src/Microsoft.Data.SqlClient/netcore/ref/Microsoft.Data.SqlClient.cs b/src/Microsoft.Data.SqlClient/netcore/ref/Microsoft.Data.SqlClient.cs
index 1e038fdc5a..0a04d047f8 100644
--- a/src/Microsoft.Data.SqlClient/netcore/ref/Microsoft.Data.SqlClient.cs
+++ b/src/Microsoft.Data.SqlClient/netcore/ref/Microsoft.Data.SqlClient.cs
@@ -212,6 +212,7 @@ public enum SqlAuthenticationMethod
///
SqlPassword = 1,
///
+ [System.Obsolete("ActiveDirectoryPassword is deprecated, use a more secure authentication method. See https://aka.ms/SqlClientEntraIDAuthentication for more details.")]
ActiveDirectoryPassword = 2,
///
ActiveDirectoryIntegrated = 3,
diff --git a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SqlInternalConnectionTds.cs b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SqlInternalConnectionTds.cs
index b80174d9a0..06736ab693 100644
--- a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SqlInternalConnectionTds.cs
+++ b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SqlInternalConnectionTds.cs
@@ -1363,7 +1363,9 @@ private void Login(ServerInfo server, TimeoutTimer timeout, string newPassword,
// If the workflow being used is Active Directory Authentication and server's prelogin response
// for FEDAUTHREQUIRED option indicates Federated Authentication is required, we have to insert FedAuth Feature Extension
// in Login7, indicating the intent to use Active Directory Authentication for SQL Server.
+ #pragma warning disable 0618 // Type or member is obsolete
if (ConnectionOptions.Authentication == SqlAuthenticationMethod.ActiveDirectoryPassword
+ #pragma warning restore 0618 // Type or member is obsolete
|| ConnectionOptions.Authentication == SqlAuthenticationMethod.ActiveDirectoryInteractive
|| ConnectionOptions.Authentication == SqlAuthenticationMethod.ActiveDirectoryDeviceCodeFlow
|| ConnectionOptions.Authentication == SqlAuthenticationMethod.ActiveDirectoryServicePrincipal
@@ -2579,7 +2581,9 @@ internal SqlFedAuthToken GetFedAuthToken(SqlFedAuthInfo fedAuthInfo)
_activeDirectoryAuthTimeoutRetryHelper.CachedToken = _fedAuthToken;
}
break;
+ #pragma warning disable 0618 // Type or member is obsolete
case SqlAuthenticationMethod.ActiveDirectoryPassword:
+ #pragma warning restore 0618 // Type or member is obsolete
case SqlAuthenticationMethod.ActiveDirectoryServicePrincipal:
if (_activeDirectoryAuthTimeoutRetryHelper.State == ActiveDirectoryAuthenticationTimeoutRetryState.Retrying)
{
diff --git a/src/Microsoft.Data.SqlClient/netfx/ref/Microsoft.Data.SqlClient.cs b/src/Microsoft.Data.SqlClient/netfx/ref/Microsoft.Data.SqlClient.cs
index 0008c37f68..e662fc0560 100644
--- a/src/Microsoft.Data.SqlClient/netfx/ref/Microsoft.Data.SqlClient.cs
+++ b/src/Microsoft.Data.SqlClient/netfx/ref/Microsoft.Data.SqlClient.cs
@@ -130,6 +130,7 @@ public enum SqlAuthenticationMethod
///
SqlPassword = 1,
///
+ [System.ObsoleteAttribute("ActiveDirectoryPassword is deprecated, use a more secure authentication method. See https://aka.ms/SqlClientEntraIDAuthentication for more details.")]
ActiveDirectoryPassword = 2,
///
ActiveDirectoryIntegrated = 3,
diff --git a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/SqlInternalConnectionTds.cs b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/SqlInternalConnectionTds.cs
index 8ebb341f44..9f4a612951 100644
--- a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/SqlInternalConnectionTds.cs
+++ b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/SqlInternalConnectionTds.cs
@@ -1371,7 +1371,9 @@ private void Login(ServerInfo server, TimeoutTimer timeout, string newPassword,
// If the workflow being used is Active Directory Authentication and server's prelogin response
// for FEDAUTHREQUIRED option indicates Federated Authentication is required, we have to insert FedAuth Feature Extension
// in Login7, indicating the intent to use Active Directory Authentication for SQL Server.
+ #pragma warning disable 0618 // Type or member is obsolete
if (ConnectionOptions.Authentication == SqlAuthenticationMethod.ActiveDirectoryPassword
+ #pragma warning restore 0618 // Type or member is obsolete
|| ConnectionOptions.Authentication == SqlAuthenticationMethod.ActiveDirectoryInteractive
|| ConnectionOptions.Authentication == SqlAuthenticationMethod.ActiveDirectoryDeviceCodeFlow
|| ConnectionOptions.Authentication == SqlAuthenticationMethod.ActiveDirectoryServicePrincipal
@@ -1786,7 +1788,9 @@ private bool ShouldDisableTnir(SqlConnectionString connectionOptions)
Boolean isAzureEndPoint = ADP.IsAzureSqlServerEndpoint(connectionOptions.DataSource);
Boolean isFedAuthEnabled = this._accessTokenInBytes != null ||
+ #pragma warning disable 0618 // Type or member is obsolete
connectionOptions.Authentication == SqlAuthenticationMethod.ActiveDirectoryPassword ||
+ #pragma warning restore 0618 // Type or member is obsolete
connectionOptions.Authentication == SqlAuthenticationMethod.ActiveDirectoryIntegrated ||
connectionOptions.Authentication == SqlAuthenticationMethod.ActiveDirectoryInteractive ||
connectionOptions.Authentication == SqlAuthenticationMethod.ActiveDirectoryServicePrincipal ||
@@ -2622,7 +2626,9 @@ internal SqlFedAuthToken GetFedAuthToken(SqlFedAuthInfo fedAuthInfo)
_activeDirectoryAuthTimeoutRetryHelper.CachedToken = _fedAuthToken;
}
break;
+ #pragma warning disable 0618 // Type or member is obsolete
case SqlAuthenticationMethod.ActiveDirectoryPassword:
+ #pragma warning restore 0618 // Type or member is obsolete
case SqlAuthenticationMethod.ActiveDirectoryServicePrincipal:
if (_activeDirectoryAuthTimeoutRetryHelper.State == ActiveDirectoryAuthenticationTimeoutRetryState.Retrying)
{
diff --git a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/ActiveDirectoryAuthenticationProvider.cs b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/ActiveDirectoryAuthenticationProvider.cs
index 3302b027f4..0393de9beb 100644
--- a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/ActiveDirectoryAuthenticationProvider.cs
+++ b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/ActiveDirectoryAuthenticationProvider.cs
@@ -85,7 +85,9 @@ public static void ClearUserTokenCache()
public override bool IsSupported(SqlAuthenticationMethod authentication)
{
return authentication == SqlAuthenticationMethod.ActiveDirectoryIntegrated
+ #pragma warning disable 0618 // Type or member is obsolete
|| authentication == SqlAuthenticationMethod.ActiveDirectoryPassword
+ #pragma warning restore 0618 // Type or member is obsolete
|| authentication == SqlAuthenticationMethod.ActiveDirectoryInteractive
|| authentication == SqlAuthenticationMethod.ActiveDirectoryServicePrincipal
|| authentication == SqlAuthenticationMethod.ActiveDirectoryDeviceCodeFlow
@@ -245,7 +247,9 @@ public override async Task AcquireTokenAsync(SqlAuthenti
SqlClientEventSource.Log.TryTraceEvent("AcquireTokenAsync | Acquired access token for Active Directory Integrated auth mode. Expiry Time: {0}", result?.ExpiresOn);
}
}
+ #pragma warning disable 0618 // Type or member is obsolete
else if (parameters.AuthenticationMethod == SqlAuthenticationMethod.ActiveDirectoryPassword)
+ #pragma warning restore 0618 // Type or member is obsolete
{
string pwCacheKey = GetAccountPwCacheKey(parameters);
object previousPw = s_accountPwCache.Get(pwCacheKey);
@@ -275,8 +279,7 @@ previousPw is byte[] previousPwBytes &&
{
entry.Value = GetHash(parameters.Password);
entry.AbsoluteExpirationRelativeToNow = TimeSpan.FromHours(s_accountPwCacheTtlInHours);
- };
-
+ }
SqlClientEventSource.Log.TryTraceEvent("AcquireTokenAsync | Acquired access token for Active Directory Password auth mode. Expiry Time: {0}", result?.ExpiresOn);
}
}
diff --git a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SqlAuthenticationProviderManager.cs b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SqlAuthenticationProviderManager.cs
index 404b231322..447ea0e9c5 100644
--- a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SqlAuthenticationProviderManager.cs
+++ b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SqlAuthenticationProviderManager.cs
@@ -14,6 +14,7 @@ namespace Microsoft.Data.SqlClient
///
internal sealed class SqlAuthenticationProviderManager
{
+ [Obsolete("ActiveDirectoryPassword is deprecated, use a more secure authentication method. See https://aka.ms/SqlClientEntraIDAuthentication for more details.")]
private const string ActiveDirectoryPassword = "active directory password";
private const string ActiveDirectoryIntegrated = "active directory integrated";
private const string ActiveDirectoryInteractive = "active directory interactive";
@@ -58,7 +59,9 @@ private static void SetDefaultAuthProviders(SqlAuthenticationProviderManager ins
{
var activeDirectoryAuthProvider = new ActiveDirectoryAuthenticationProvider(instance._applicationClientId);
instance.SetProvider(SqlAuthenticationMethod.ActiveDirectoryIntegrated, activeDirectoryAuthProvider);
+ #pragma warning disable 0618 // Type or member is obsolete
instance.SetProvider(SqlAuthenticationMethod.ActiveDirectoryPassword, activeDirectoryAuthProvider);
+ #pragma warning restore 0618 // Type or member is obsolete
instance.SetProvider(SqlAuthenticationMethod.ActiveDirectoryInteractive, activeDirectoryAuthProvider);
instance.SetProvider(SqlAuthenticationMethod.ActiveDirectoryServicePrincipal, activeDirectoryAuthProvider);
instance.SetProvider(SqlAuthenticationMethod.ActiveDirectoryDeviceCodeFlow, activeDirectoryAuthProvider);
@@ -239,8 +242,10 @@ private static SqlAuthenticationMethod AuthenticationEnumFromString(string authe
{
case ActiveDirectoryIntegrated:
return SqlAuthenticationMethod.ActiveDirectoryIntegrated;
+ #pragma warning disable 0618 // Type or member is obsolete
case ActiveDirectoryPassword:
return SqlAuthenticationMethod.ActiveDirectoryPassword;
+ #pragma warning restore 0618 // Type or member is obsolete
case ActiveDirectoryInteractive:
return SqlAuthenticationMethod.ActiveDirectoryInteractive;
case ActiveDirectoryServicePrincipal:
diff --git a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SqlConnection.cs b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SqlConnection.cs
index ace87f3d0b..276201ec1d 100644
--- a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SqlConnection.cs
+++ b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SqlConnection.cs
@@ -2150,7 +2150,9 @@ private bool TryOpen(TaskCompletionSource retry, SqlConnec
if (connectionOptions != null &&
(connectionOptions.Authentication == SqlAuthenticationMethod.SqlPassword ||
+ #pragma warning disable 0618 // Use of obsolete member 'SqlAuthenticationMethod.ActiveDirectoryPassword'
connectionOptions.Authentication == SqlAuthenticationMethod.ActiveDirectoryPassword ||
+ #pragma warning restore 0618 // Use of obsolete member 'SqlAuthenticationMethod.ActiveDirectoryPassword'
connectionOptions.Authentication == SqlAuthenticationMethod.ActiveDirectoryServicePrincipal) &&
(!connectionOptions._hasUserIdKeyword || !connectionOptions._hasPasswordKeyword) &&
_credential == null)
diff --git a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/TdsEnums.cs b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/TdsEnums.cs
index 3113e19625..53aaf8295b 100644
--- a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/TdsEnums.cs
+++ b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/TdsEnums.cs
@@ -1144,6 +1144,7 @@ public enum SqlAuthenticationMethod
SqlPassword,
///
+ [Obsolete("ActiveDirectoryPassword is deprecated, use a more secure authentication method. See https://aka.ms/SqlClientEntraIDAuthentication for more details.")]
ActiveDirectoryPassword,
///
diff --git a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/TdsParser.cs b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/TdsParser.cs
index 35df415a7c..34191099ea 100644
--- a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/TdsParser.cs
+++ b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/TdsParser.cs
@@ -8731,7 +8731,9 @@ internal int WriteFedAuthFeatureRequest(FederatedAuthenticationFeatureExtensionD
byte workflow = 0x00;
switch (fedAuthFeatureData.authentication)
{
+ #pragma warning disable 0618 // Type or member is obsolete
case SqlAuthenticationMethod.ActiveDirectoryPassword:
+ #pragma warning restore 0618 // Type or member is obsolete
workflow = TdsEnums.MSALWORKFLOW_ACTIVEDIRECTORYPASSWORD;
break;
case SqlAuthenticationMethod.ActiveDirectoryIntegrated:
diff --git a/src/Microsoft.Data.SqlClient/tests/FunctionalTests/SqlAuthenticationProviderTest.cs b/src/Microsoft.Data.SqlClient/tests/FunctionalTests/SqlAuthenticationProviderTest.cs
index c15f1a9300..8168c26f8e 100644
--- a/src/Microsoft.Data.SqlClient/tests/FunctionalTests/SqlAuthenticationProviderTest.cs
+++ b/src/Microsoft.Data.SqlClient/tests/FunctionalTests/SqlAuthenticationProviderTest.cs
@@ -11,7 +11,9 @@ public class SqlAuthenticationProviderTest
{
[Theory]
[InlineData(SqlAuthenticationMethod.ActiveDirectoryIntegrated)]
+ #pragma warning disable 0618 // Type or member is obsolete
[InlineData(SqlAuthenticationMethod.ActiveDirectoryPassword)]
+ #pragma warning restore 0618 // Type or member is obsolete
[InlineData(SqlAuthenticationMethod.ActiveDirectoryServicePrincipal)]
[InlineData(SqlAuthenticationMethod.ActiveDirectoryDeviceCodeFlow)]
[InlineData(SqlAuthenticationMethod.ActiveDirectoryManagedIdentity)]
diff --git a/src/Microsoft.Data.SqlClient/tests/ManualTests/SQL/ConnectivityTests/AADConnectionTest.cs b/src/Microsoft.Data.SqlClient/tests/ManualTests/SQL/ConnectivityTests/AADConnectionTest.cs
index c99c5bc656..608c34c977 100644
--- a/src/Microsoft.Data.SqlClient/tests/ManualTests/SQL/ConnectivityTests/AADConnectionTest.cs
+++ b/src/Microsoft.Data.SqlClient/tests/ManualTests/SQL/ConnectivityTests/AADConnectionTest.cs
@@ -53,7 +53,9 @@ public override async Task AcquireTokenAsync(SqlAuthenti
public override bool IsSupported(SqlAuthenticationMethod authenticationMethod)
{
+ #pragma warning disable 0618 // Type or member is obsolete
return authenticationMethod.Equals(SqlAuthenticationMethod.ActiveDirectoryPassword);
+ #pragma warning restore 0618 // Type or member is obsolete
}
}
@@ -260,7 +262,9 @@ public static void TestADPasswordAuthentication()
[ConditionalFact(nameof(IsAADConnStringsSetup))]
public static void TestCustomProviderAuthentication()
{
+ #pragma warning disable 0618 // Type or member is obsolete
SqlAuthenticationProvider.SetProvider(SqlAuthenticationMethod.ActiveDirectoryPassword, new CustomSqlAuthenticationProvider(DataTestUtility.ApplicationClientId));
+ #pragma warning restore 0618 // Type or member is obsolete
// Connect to Azure DB with password and retrieve user name using custom authentication provider
using (SqlConnection conn = new SqlConnection(DataTestUtility.AADPasswordConnectionString))
{
@@ -278,7 +282,9 @@ public static void TestCustomProviderAuthentication()
}
}
// Reset to driver internal provider.
+ #pragma warning disable 0618 // Type or member is obsolete
SqlAuthenticationProvider.SetProvider(SqlAuthenticationMethod.ActiveDirectoryPassword, new ActiveDirectoryAuthenticationProvider(DataTestUtility.ApplicationClientId));
+ #pragma warning restore 0618 // Type or member is obsolete
}
[ConditionalFact(nameof(IsAADConnStringsSetup))]
diff --git a/src/Microsoft.Data.SqlClient/tests/StressTests/SqlClient.Stress.Tests/SqlClientStressFactory.cs b/src/Microsoft.Data.SqlClient/tests/StressTests/SqlClient.Stress.Tests/SqlClientStressFactory.cs
index d5c8cd0000..7aec9d461a 100644
--- a/src/Microsoft.Data.SqlClient/tests/StressTests/SqlClient.Stress.Tests/SqlClientStressFactory.cs
+++ b/src/Microsoft.Data.SqlClient/tests/StressTests/SqlClient.Stress.Tests/SqlClientStressFactory.cs
@@ -132,7 +132,9 @@ private SqlConnectionStringBuilder CreateBaseConnectionStringBuilder(
}
else if (_source.EntraIdUser.Length != 0)
{
+ #pragma warning disable 0618 // Type or member is obsolete
builder.Authentication = SqlAuthenticationMethod.ActiveDirectoryPassword;
+ #pragma warning restore 0618 // Type or member is obsolete
builder.UserID = _source.EntraIdUser;
builder.Password = _source.EntraIdPassword;
}