Skip to content

Verify Azure DLL via public key token#3978

Merged
paulmedynski merged 1 commit intomainfrom
dev/paul/verify-assemblies
Feb 27, 2026
Merged

Verify Azure DLL via public key token#3978
paulmedynski merged 1 commit intomainfrom
dev/paul/verify-assemblies

Conversation

@paulmedynski
Copy link
Contributor

@paulmedynski paulmedynski commented Feb 24, 2026
edited
Loading

Description

  • Consolidated strong name signing into Directory.Build.props.
  • Added a conditional compilation constant for strong name signing.
  • Added public key token check when SqlClient loads the Azure assembly.
  • Added a LogWriter property to SqlClientEventSource to fork event messages to any TextWriter.

Testing

  • PR runs will confirm that the public key token check is not active for un-signed builds.
  • Manual run of the OneBranch pipelines, followed by manual test app will confirm that the check is active.

@paulmedynski paulmedynski added this to the 7.0.0-preview4 milestone Feb 24, 2026
@paulmedynski paulmedynski requested a review from a team as a code owner February 24, 2026 23:54
Copilot AI review requested due to automatic review settings February 24, 2026 23:54
@paulmedynski paulmedynski added the Area\Azure Connectivity Use this to tag issues that are related to Azure connectivity. label Feb 24, 2026
Copilot AI reviewed Feb 24, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR consolidates strong-name signing configuration from individual project files into a centralized Directory.Build.props file and adds public key token validation for the Azure extension assembly. The changes improve maintainability by eliminating duplicated signing configuration across 11 project files and enhance security by verifying that dynamically loaded Azure authentication provider assemblies are signed with Microsoft's key.

Changes:

  • Centralized strong-name signing configuration in src/Directory.Build.props with automatic STRONG_NAME_SIGNING preprocessor constant
  • Removed duplicated signing configuration from 11 project files (SqlClient main/ref, SqlServer.Server, Extensions packages, AKV Provider)
  • Added conditional public key token verification for Azure extension assembly in SqlAuthenticationProviderManager
  • Updated pipeline template comment to reflect generic usage (not just Extension packages)

Reviewed changes

Copilot reviewed 14 out of 14 changed files in this pull request and generated 5 comments.

Show a summary per file
File Description
src/Directory.Build.props Added centralized strong-name signing configuration with SignAssembly, AssemblyOriginatorKeyFile, and STRONG_NAME_SIGNING constant when SigningKeyPath is specified
src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SqlAuthenticationProviderManager.cs Added conditional public key token validation (23ec7fc2d6eaa4a5) for Azure extension assembly when STRONG_NAME_SIGNING is enabled
src/Microsoft.Data.SqlClient/src/Microsoft.Data.SqlClient.csproj Removed duplicated signing configuration, kept InternalsVisibleTo condition for unsigned builds
src/Microsoft.Data.SqlClient/ref/Microsoft.Data.SqlClient.csproj Removed signing configuration (now inherited from Directory.Build.props)
src/Microsoft.Data.SqlClient/netfx/src/Microsoft.Data.SqlClient.csproj Removed duplicated signing configuration (legacy project)
src/Microsoft.Data.SqlClient/netfx/ref/Microsoft.Data.SqlClient.csproj Removed signing configuration (legacy ref project)
src/Microsoft.Data.SqlClient/netcore/src/Microsoft.Data.SqlClient.csproj Removed duplicated signing configuration (legacy project)
src/Microsoft.Data.SqlClient/netcore/ref/Microsoft.Data.SqlClient.csproj Removed signing configuration (legacy ref project)
src/Microsoft.Data.SqlClient/add-ons/AzureKeyVaultProvider/Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider.csproj Removed signing configuration and simplified Trim/AOT property group
src/Microsoft.Data.SqlClient.Extensions/Logging/src/Logging.csproj Removed duplicated signing configuration
src/Microsoft.Data.SqlClient.Extensions/Azure/src/Azure.csproj Removed duplicated signing configuration
src/Microsoft.Data.SqlClient.Extensions/Abstractions/src/Abstractions.csproj Removed duplicated signing configuration
src/Microsoft.SqlServer.Server/Microsoft.SqlServer.Server.csproj Removed signing configuration block
eng/pipelines/steps/compound-build-csproj-step.yml Updated comment to reflect generic usage (not just Extension packages)

Copilot AI review requested due to automatic review settings February 25, 2026 12:55
Copilot AI reviewed Feb 25, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 14 out of 14 changed files in this pull request and generated no new comments.

@paulmedynski paulmedynski force-pushed the dev/paul/verify-assemblies branch from bc7bdb2 to 873c96e Compare February 25, 2026 16:37
Copilot AI review requested due to automatic review settings February 25, 2026 16:39
Copilot AI reviewed Feb 25, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 14 out of 14 changed files in this pull request and generated 1 comment.

Copilot AI mentioned this pull request Feb 25, 2026
Merged
Copy link
Contributor

Copilot AI commented Feb 25, 2026

@paulmedynski I've opened a new pull request, #3983, to work on those changes. Once the pull request is ready, I'll request review from you.

@codecov
Copy link

codecov bot commented Feb 25, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 77.77778% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 64.59%. Comparing base (ee71014) to head (4d0a127).
⚠️ Report is 3 commits behind head on main.

Files with missing lines Patch % Lines
...Data/SqlClient/SqlAuthenticationProviderManager.cs 77.77% 2 Missing ⚠️

❗ There is a different number of reports uploaded between BASE (ee71014) and HEAD (4d0a127). Click for more details.

HEAD has 1 upload less than BASE
Flag BASE (ee71014) HEAD (4d0a127)
CI-SqlClient 1 0
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #3978      +/-   ##
==========================================
- Coverage   72.43%   64.59%   -7.84%     
==========================================
  Files         287      282       -5     
  Lines       43105    66025   +22920     
==========================================
+ Hits        31225    42652   +11427     
- Misses      11880    23373   +11493
Flag Coverage Δ
CI-SqlClient ?
PR-SqlClient-Project 64.59% <77.77%> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

Copilot AI review requested due to automatic review settings February 26, 2026 13:56
Copilot AI reviewed Feb 26, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot reviewed 15 out of 15 changed files in this pull request and generated 2 comments.

Copilot AI review requested due to automatic review settings February 26, 2026 18:10
mdaigle
mdaigle previously approved these changes Feb 26, 2026
View reviewed changes
Copilot AI reviewed Feb 26, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 14 out of 14 changed files in this pull request and generated 1 comment.

paulmedynski
paulmedynski commented Feb 26, 2026
View reviewed changes
@paulmedynski
Task 42666: Verify Azure DLL via public key token
4d0a127 
- Consolidated strong name signing into Directory.Build.props.
- Added a conditional compilation constant for strong name signing.
- Added public key token check when SqlClient loads the Azure assembly.
- Added logging related to Azure assembly loading.
- Added explicit check for .NET runtime.
- Added a way to define whatever conditional compilation constants we want on the command-line.
@paulmedynski paulmedynski force-pushed the dev/paul/verify-assemblies branch from 8884ab4 to 4d0a127 Compare February 26, 2026 21:48
Copilot AI review requested due to automatic review settings February 26, 2026 21:48
Copilot AI reviewed Feb 26, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 14 out of 14 changed files in this pull request and generated no new comments.

priyankatiwari08
priyankatiwari08 reviewed Feb 27, 2026
View reviewed changes
@paulmedynski paulmedynski merged commit 66a8ed3 into main Feb 27, 2026
300 checks passed
@paulmedynski paulmedynski deleted the dev/paul/verify-assemblies branch February 27, 2026 12:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@mdaigle mdaigle mdaigle approved these changes

@priyankatiwari08 priyankatiwari08 priyankatiwari08 approved these changes

Assignees

No one assigned

Labels

Area\Azure Connectivity Use this to tag issues that are related to Azure connectivity.

Projects

None yet

Milestone

7.0.0-preview4

Development

Successfully merging this pull request may close these issues.

5 participants

@paulmedynski @mdaigle @priyankatiwari08