Sign in to confirm you’re not a bot
This helps protect our community. Learn more

Track middle tier applications with SQL Audit | Data Exposed

Microsoft Developer
588K subscribers
<__slot-el>
<__slot-el>
903 views 1 year ago #LearnSQL #SQL #AzureSQL
The on-behalf-of authentication flow (or OBO) enables an application or web API to use an identity other than its own to call another web API or service. Azure SQL Database supports OBO with Microsoft Entra authentication, allowing middle-tier applications to connect and perform actions using the credentials of the signed in user. The SQL auditing team has released an enhancement to surface when connections and actions are made with OBO. Audit logs now display a new column, obo_middle_tier_appid, which stores the application ID of the middle-tier application calling on behalf of a user. This allows organizations to meet compliance requirements, and provides greater insight into how their databases are being utilized. In this demo we have a simple web app that connects to a SQL database using the credentials of the signed in user. The server is configured with Azure SQL Auditing to a storage account. When a user accesses the web app, they are  ...more
...more
Track middle tier applications with SQL Audit | Data Exposed
21Likes
903Views
2023Nov 2
The on-behalf-of authentication flow (or OBO) enables an application or web API to use an identity other than its own to call another web API or service. Azure SQL Database supports OBO with Microsoft Entra authentication, allowing middle-tier applications to connect and perform actions using the credentials of the signed in user. The SQL auditing team has released an enhancement to surface when connections and actions are made with OBO. Audit logs now display a new column, obo_middle_tier_appid, which stores the application ID of the middle-tier application calling on behalf of a user. This allows organizations to meet compliance requirements, and provides greater insight into how their databases are being utilized. In this demo we have a simple web app that connects to a SQL database using the credentials of the signed in user. The server is configured with Azure SQL Auditing to a storage account. When a user accesses the web app, they are prompted to authenticate with Microsoft Entra ID. Authentication is successful, at which point the web app is connected to the database through the user's credentials, and the user is taken to the home page. The OBO flow is established. ✔️ Additional Resources: https://techcommunity.microsoft.com/t... 📌 Let's connect: Twitter - Anna Hoffman,   / analyticanna   Twitter - AzureSQL, https://aka.ms/azuresqltw 🔴 Watch even more Data Exposed episodes: https://aka.ms/dataexposedyt 🔔 Subscribe to our channels for even more SQL tips: Microsoft Azure SQL: https://aka.ms/msazuresqlyt Microsoft SQL Server: https://aka.ms/mssqlserveryt Microsoft Developer: https://aka.ms/microsoftdeveloperyt #AzureSQL #SQL #LearnSQL

Follow along using the transcript.

Microsoft Developer

588K subscribers