I have an Azure SQL database and auditing is enabled on it. According to the portal, it is necessary to use connection strings related to security for auditing and, therefore, set the "Enable access to security" parameter on the database portal "Required" so that no applications with insecure connection strings get into my database.
When I try to connect to SSMS using the name of the insecure connection string name, for example MyAzureServer.database.windows.net , I get an error message that only allowed connections to the protected connection string, which I expected
However, my .NET application using an insecure connection string as shown below works fine and no errors. I could also see that there is an entry in the audit logs that the login was successful
Server=tcp:MyDBServer.database.windows.net,1433; Database=DemoDB; User ID=Srisail@MyDBServer ; Password=password123%; Encrypt=True; TrustServerCertificate=False; Connection Timeout=30;
My question is how my .NET application uses an insecure connection string to log into my Azure SQL Server, although I forced my server to accept only connections to a secure connection string.
Also, I'm not sure I fully understand secure and insecure connection strings, except that you include text in a secure server name, such as MyDBServer.secure.database.windows.net . I would like to know more about this.
As always, any help is appreciated.
source share