-
Notifications
You must be signed in to change notification settings - Fork 911
Troubleshoot Azure Authentication Issues
This page documents known issues with Azure Authentication with possible fixes/workarounds as available.
When using the Code Grant
method users may see an SSL error when trying to log into their account. This flow opens up an external web page to localhost
which then normally prompts the user to log in via the standard Microsoft authentication prompts. The URL for this page will look something like this http://localhost:50055/signin?nonce=...
Some browsers may be set up to automatically redirect all http
links to https
, which will break this process as the local server serving the web page does not support https. If the link in the address bar starts with https
then you will get an SSL error and the page will not load. In that case here are some workarounds to fix the issue:
First you can try just manually changing the URL from https://...
to http://...
. The browser may change it back to https
though, in which case you will need to try one of the other options
For Edge/Chrome browsers you can disable HSTS for localhost by:
- Open Edge/Chrome and in the address bar type
edge://net-internals/#hsts
(orchrome://net-internals/#hsts
for Chrome) - Scroll to the bottom of the page and in the
Delete domain security policies
section enterlocalhost
and pressDelete
Once that is done you should be able to log in and not have the browser redirect your localhost
links automatically to https
Azure Core extension is @builtin
extension in Azure Data Studio, please ensure it's not disabled or uninstalled accidentally. This extension is required to be able to authenticate Azure accounts and connect to resources with Azure MFA authentication.
Azure Data Studio's default behavior includes validating system's root CA certificates when making REST API calls using HTTPS Protocol. This is controlled by the below setting that is enabled by default:
"http.systemCertificates": true
If a system's Root CA certificate is expired, authentication requests to Azure Active Directory will fail and an error like below would be captured in 'Azure Account' logs:
error: certificate is expired
To mitigate this error, you should remove any expired Root CA Certificates or disable the setting to not validate system certificates.
A handful of features within ADS require network communication to work, such as adding an azure account. For this to work properly in a proxy environment, you must have the product correctly configured.
If you are behind a firewall that needs to allow specific domains used by ADS, here's the list of hostnames you should allow communication to go through:
The URLs to allow can sometimes vary on a case-by-case basis. In order to verify you aren’t blocking any URLs from going through, go to Help > Toggle Developer Tools and select the Network tab. Here you will see any URLs that are getting blocked that you may need to allow to successfully add your account.
You can also use the Device Code method to log in. This will provide you with a code and a URL to enter which can then be used to login.
- Open Azure Data Studio and open the Settings page (
CTRL+,
or run theOpen Settings (UI)
command) - Type
Azure auth
into the search bar - Unselect the
Auth: Code Grant
box - Select the
Auth: Device Code
box - Attempt to log in again
- Select the account icon in the bottom left
- Remove azure account
- Add azure account using the connection pane
Documentation
- Get Started
- Install Azure Data Studio
- Telemetry
- Microsoft Ready 2019 Lab
- MS Docs Overview
- Debug Trace Logging
- Troubleshoot Azure Authentication Issues
- FAQ
Contributing
- How to Contribute
- Developer Getting Started
- Submitting Bugs and Suggestions
- Localization
- Troubleshooting Build Issues
- Engineering FAQ
- How to update typings files
- Importing and using modules
- UI Guidelines
- Angular UI Guidelines
- Contributor License Agreement
- Azure Data Studio Tests
- Why is the Azure Data Studio license different than the repository license?
Tool Services
Extensibility Reference
- Getting Started
- Extensibility API
- Contribution Points
- Context Variables
- Servers and Data Explorer Tree Views
- Debugging with VS Code
- Extension Authoring
- Building multiple insight widgets
- Microsoft Ignite lab
- List of Extensions
- Replace sqlops namespace
Project Management