How to connect to Azure SQL Server using Managed Service Identity from Django application in my local laptop

I have a Django application which connects to an Azure SQL Server through traditional username and password combination and it works fine.

The library I am using for this is mssql-django. Here is the link to it. https://github.com/microsoft/mssql-django

This is the extract from the settings.py

DATABASES = {
    "default": {
        "ENGINE": "mssql",
        "NAME": "db_name",
        "USER": "foo",
        "PASSWORD": "password",
        "HOST": "foo.database.windows.net",
        "PORT": "1433",
        "OPTIONS": {
            "driver": "ODBC Driver 17 for SQL Server", 
        },
    },
}

However, I want to connect to the Azure SQL Server using Managed Identities. The library I am using talks about this in this link: https://github.com/microsoft/mssql-django/wiki/Azure-AD-Authentication

Towards the bottom of the above link they suggest to use this setting:

DATABASES = {
    "default": {
        "ENGINE": "mssql",
        "NAME": "db_name",
        "HOST": "foo.windows.net",
        "PORT": "1433",
        "OPTIONS": {
            "driver": "ODBC Driver 17 for SQL Server",
            "extra_params": "Authentication=ActiveDirectoryMsi",
        },
    },
}

But how do I set up the managed identity in my local laptop, so that it can authenticate with Azure? I understand that this would work for an App Service or an Azure VM, but how to set this up for local laptop?


Solution 1:

Managed Service Identity can be used only for the resources that are hosted on Azure

As your application is hosted in your local laptop, you cannot use Managed Service Identity

In your case, you can use service principal authentication instead of Managed Service Identity

If your application is hosted in Azure (either Azure App service or Azure VM), then you can create Managed Identity for your Azure Resource and provide the required permissions for the managed identity in the Azure SQL server

Then you would be able to use Managed Service Identity for your application