Merge branch 'main' into release-dallas

Author: v-alje

azure-sql/database/automated-backups-overview.md

@@ -48,6 +48,9 @@ Servers in SQL Database and Azure Synapse support the following three options fo
 
 We highly recommend the `Redirect` connection policy over the `Proxy` connection policy for the lowest latency and highest throughput. However, you will need to meet the additional requirements for allowing network traffic as outlined above. If the client is an Azure Virtual Machine, you can accomplish this using Network Security Groups (NSG) with [service tags](/azure/virtual-network/network-security-groups-overview#service-tags). If the client is connecting from a workstation on-premises then you may need to work with your network admin to allow network traffic through your corporate firewall.
 
+> [!IMPORTANT]
+> Connections to private endpoint only support **Proxy** as the [connection policy](connectivity-architecture.md#connection-policy).
+
 ## Connectivity from within Azure
 
 If you are connecting from within Azure your connections have a connection policy of `Redirect` by default. A policy of `Redirect` means that after the TCP session is established to Azure SQL Database, the client session is then redirected to the right database cluster with a change to the destination virtual IP from that of the Azure SQL Database gateway to that of the cluster. Thereafter, all subsequent packets flow directly to the cluster, bypassing the Azure SQL Database gateway. The following diagram illustrates this traffic flow.

azure-sql/database/connectivity-architecture.md

@@ -22,12 +22,14 @@ The AppContext class allows SqlClient to provide new functionality while continu
 
 [!INCLUDE [appliesto-netfx-netcore-netst-md](../../includes/appliesto-netfx-netcore-netst-md.md)]
 
-Starting with Microsoft.Data.SqlClient 4.0, TLS 1.3 is not supported by the driver and has been removed from the supported protocols list by default. Users can switch back to forcing use of the operating system's client protocols, by setting the AppContext switch **"Switch.Microsoft.Data.SqlClient.UseSystemDefaultSecureProtocols"** to true:
+Starting with Microsoft.Data.SqlClient 4.0, TLS 1.3 isn't supported by the driver and has been removed from the supported protocols list by default. Users can switch back to forcing use of the operating system's client protocols, by setting the AppContext switch **"Switch.Microsoft.Data.SqlClient.UseSystemDefaultSecureProtocols"** to true:
 
 ```csharp
 AppContext.SetSwitch("Switch.Microsoft.Data.SqlClient.UseSystemDefaultSecureProtocols", true);
 ```
 
+Starting with version 5.0, TLS 1.3 is supported in TDS 8 connections without having to use the above switch. TDS 8 is enabled when `Encrypt` is set to `Strict`.
+
 ## Enabling decimal truncation behavior
 
 [!INCLUDE [appliesto-netfx-netcore-netst-md](../../includes/appliesto-netfx-netcore-netst-md.md)]
@@ -50,7 +52,7 @@ On Windows, SqlClient uses a native implementation of the SNI network interface
 AppContext.SetSwitch("Switch.Microsoft.Data.SqlClient.UseManagedNetworkingOnWindows", true);
 ```
 
-This switch will toggle the driver's behavior to use a managed networking implementation in .NET Core 2.1+ and .NET Standard 2.0+ projects on Windows, eliminating all dependencies on native libraries for the Microsoft.Data.SqlClient library. It is intended for testing and debugging purposes only.
+This switch will toggle the driver's behavior to use a managed networking implementation in .NET Core 2.1+ and .NET Standard 2.0+ projects on Windows, eliminating all dependencies on native libraries for the Microsoft.Data.SqlClient library. It's intended for testing and debugging purposes only.
 
 > [!NOTE]
 > There are some known differences when compared to the native implementation. For example, the managed implementation does not support non-domain Windows Authentication.
@@ -59,7 +61,7 @@ This switch will toggle the driver's behavior to use a managed networking implem
 
 [!INCLUDE [appliesto-netfx-xxxx-xxxx-md](../../includes/appliesto-netfx-xxxx-xxxx-md.md)]
 
-Transparent Network IP Resolution (TNIR) is a revision of the existing MultiSubnetFailover feature. TNIR affects the connection sequence of the driver in the case where the first resolved IP of the hostname does not respond and there are multiple IPs associated with the hostname. TNIR interacts with MultiSubnetFailover to provide the following three connection sequences:
+Transparent Network IP Resolution (TNIR) is a revision of the existing MultiSubnetFailover feature. TNIR affects the connection sequence of the driver in the case where the first resolved IP of the hostname doesn't respond and there are multiple IPs associated with the hostname. TNIR interacts with MultiSubnetFailover to provide the following three connection sequences:
 
 * 0: One IP is attempted, followed by all IPs in parallel
 * 1: All IPs are attempted in parallel

azure-sql/managed-instance/automated-backups-overview.md

@@ -16,15 +16,15 @@ ms.author: v-davidengel
 
 [!INCLUDE[Driver_ADONET_Download](../../includes/driver_adonet_download.md)]
 
-The <xref:Microsoft.Data.SqlClient> has a `Connection` object that inherits from <xref:System.Data.Common.DbConnection> as well as a provider-specific <xref:System.Data.Common.DbConnection.ConnectionString%2A> property. The specific connection string syntax for the SqlClient provider is documented in its `ConnectionString` property. For more information on connection string syntax, see <xref:Microsoft.Data.SqlClient.SqlConnection.ConnectionString%2A>.
+The <xref:Microsoft.Data.SqlClient> has a `Connection` object that inherits from <xref:System.Data.Common.DbConnection> and a provider-specific <xref:System.Data.Common.DbConnection.ConnectionString%2A> property. The specific connection string syntax for the SqlClient provider is documented in its `ConnectionString` property. For more information on connection string syntax, see <xref:Microsoft.Data.SqlClient.SqlConnection.ConnectionString%2A>.
 
 ## Connection string builders
 
  Microsoft SqlClient Data Provider for SQL Server introduced the following connection string builder.
 
 - <xref:Microsoft.Data.SqlClient.SqlConnectionStringBuilder>
 
-The connection string builders allow you to construct syntactically valid connection strings at run time, so you do not have to manually concatenate connection string values in your code. For more information, see [Connection String Builders](connection-string-builders.md).
+The connection string builders allow you to construct syntactically valid connection strings at run time, so you don't have to manually concatenate connection string values in your code. For more information, see [Connection String Builders](connection-string-builders.md).
 
 ## Windows authentication
 
@@ -62,7 +62,7 @@ Windows Authentication is preferred for connecting to SQL Server. However, if SQ
 "Persist Security Info=False;User ID=*****;Password=*****;Initial Catalog=AdventureWorks;Server=MySqlServer"  
 ```  
 
-When you connect to Azure SQL Database or to Azure Synapse Analytics and provide a login in the format `user@servername`, make sure that the `servername` value in the login matches the value provided for `Server=`.
+When you connect to Azure SQL Database or to Azure Synapse Analytics and provide a username in the format `user@servername`, make sure that the `servername` value in the username matches the value provided for `Server=`.
 
 > [!NOTE]
 > Windows authentication takes precedence over SQL Server logins. If you specify both Integrated Security=true as well as a user name and password, the user name and password will be ignored and Windows authentication will be used.
@@ -79,7 +79,7 @@ You can also set the <xref:Microsoft.Data.SqlClient.SqlConnectionStringBuilder.D
 
 ### Type system version changes
 
-The `Type System Version` keyword in a <xref:Microsoft.Data.SqlClient.SqlConnection.ConnectionString%2A?displayProperty=nameWithType> specifies the client-side representation of SQL Server types. See <xref:Microsoft.Data.SqlClient.SqlConnection.ConnectionString%2A?displayProperty=nameWithType> for more information about the `Type System Version` keyword.
+The `Type System Version` keyword in a <xref:Microsoft.Data.SqlClient.SqlConnection.ConnectionString%2A?displayProperty=nameWithType> specifies the client-side representation of SQL Server types. For more information about the `Type System Version` keyword, see <xref:Microsoft.Data.SqlClient.SqlConnection.ConnectionString%2A?displayProperty=nameWithType>.
 
 ## Connect and Attach to SQL Server Express user instances
 
@@ -91,31 +91,43 @@ For more information on working with user instances, see [SQL Server Express Use
 
 The `TrustServerCertificate` keyword is valid only when connecting to a SQL Server instance with a valid certificate. When `TrustServerCertificate` is set to `true`, the transport layer will use TLS/SSL to encrypt the channel and bypass walking the certificate chain to validate trust.
 
+This setting is ignored when `Encrypt` is set to `Strict`. The server certificate is always validated in `Strict` mode.
+
 ```csharp  
 "TrustServerCertificate=true;"
 ```  
 
 > [!NOTE]
 > If `TrustServerCertificate` is set to `true` and encryption is turned on, the encryption level specified on the server will be used even if `Encrypt` is set to `false` in the connection string. The connection will fail otherwise.
 
+## HostNameInCertificate
+
+Starting in version 5.0 of Microsoft.Data.SqlClient, HostNameInCertificate is a new connection option. When the driver validates server certificates, it ensures that the Common Name (CN) or Subject Alternate Name (SAN) in the certificate matches the server name being connected to. In some cases, like DNS aliases, the server name might not match the CN or SAN. The HostNameInCertificate value can be used to specify a different, expected CN or SAN in the server certificate.
+
+```csharp
+"HostNameInCertificate=myserver.example.com"
+```
+
 ### Enable encryption
 
-To enable encryption when a certificate has not been provisioned on the server, the **Trust Server Certificate** connection property must be set. In this case, encryption will use a self-signed server certificate without validation since no verifiable certificate has been provisioned on the server.
+To enable encryption when a certificate hasn't been provisioned on the server, the **Trust Server Certificate** connection property must be set. In this case, encryption will use a self-signed server certificate without validation since no verifiable certificate has been provisioned on the server.
 
-Application settings cannot reduce the level of security configured in SQL Server, but can optionally strengthen it. An application can request encryption by setting the `TrustServerCertificate` and `Encrypt` keywords to `true`, guaranteeing that encryption takes place even when a server certificate has not been provisioned. However, if `TrustServerCertificate` is not enabled in the client configuration, a provisioned server certificate is still required.
+Application settings can't reduce the level of security configured in SQL Server, but can optionally strengthen it. An application can request encryption by setting the `TrustServerCertificate` and `Encrypt` keywords to `true`, guaranteeing that encryption takes place even when a server certificate hasn't been provisioned. However, if `TrustServerCertificate` isn't enabled in the client configuration, a provisioned server certificate is still required.
 
 The following table describes all cases.
 
 | Encrypt connection string/attribute | Trust Server Certificate connection string/attribute | Result |
 |--|--|--|
-| No | Ignored | No encryption occurs. |
-| Yes | No | Encryption occurs only if there is a verifiable server certificate, otherwise the connection attempt fails. |
-| Yes | Yes | Encryption always occurs, but may use a self-signed server certificate. |
+| No/Optional | Ignored | No encryption occurs. |
+| Yes/Mandatory | No | Encryption occurs only if there's a verifiable server certificate, otherwise the connection attempt fails. |
+| Yes/Mandatory | Yes | Encryption always occurs, but may use a self-signed server certificate. |
+| Yes/Mandatory | Yes | Encryption always occurs, but may use a self-signed server certificate. |
+| Strict<sup>1</sup> | Ignored | Encryption always occurs and must use a verifiable server certificate, otherwise the connection attempt fails. |
 
-For more information, see [Using Encryption Without Validation](../../relational-databases/native-client/features/using-encryption-without-validation.md).
+<sup>1</sup> Strict encryption is only available starting with Microsoft.Data.SqlClient version 5.0.
 
 ## See also
 
 - [Connection strings](connection-strings.md)
 - [Connecting to a data source](connecting-to-data-source.md)
-- [Microsoft ADO.NET for SQL Server](microsoft-ado-net-sql-server.md)
+- [Microsoft ADO.NET for SQL Server](microsoft-ado-net-sql-server.md)

docs/connect/ado-net/appcontext-switches.md

@@ -1,7 +1,7 @@
 ---
 title: Download Microsoft SqlClient Data Provider for SQL Server
 description: Download page for ADO.NET and Microsoft SqlClient Data Provider for SQL Server.
-ms.date: 05/19/2022
+ms.date: 07/26/2022
 dev_langs:
   - "csharp"
 ms.assetid: 6f5ff56a-a57e-49d7-8ae9-bbed697e42e3
@@ -14,14 +14,15 @@ ms.author: v-davidengel
 ---
 # Download Microsoft SqlClient Data Provider for SQL Server
 
-The Microsoft.Data.SqlClient library is distributed as a NuGet package. Simply add a NuGet reference to Microsoft.Data.SqlClient. NuGet packages are easily consumed directly from a .NET project without the need to manually download anything. If you use Visual Studio for development, see [Install and use a package](/nuget/quickstart/install-and-use-a-package-in-visual-studio). For other ways to consume a NuGet package, see the [NuGet documentation](/nuget).
+The Microsoft.Data.SqlClient library is distributed as a NuGet package. Add a NuGet reference to Microsoft.Data.SqlClient. NuGet packages are easily consumed directly from a .NET project without the need to manually download anything. If you use Visual Studio for development, see [Install and use a package](/nuget/quickstart/install-and-use-a-package-in-visual-studio). For other ways to consume a NuGet package, see the [NuGet documentation](/nuget).
 
 ## Downloading the driver
 
 If you need to download the Microsoft.Data.SqlClient package for offline use, it's available on NuGet.org. Refer to the dependencies section from the links below to download the dependencies.
 
 ## Download stable versions of Microsoft SqlClient Data Provider for SQL Server
 
+* [5.0.0](https://www.nuget.org/packages/Microsoft.Data.SqlClient/5.0.0)
 * [4.1.0](https://www.nuget.org/packages/Microsoft.Data.SqlClient/4.1.0)
 * [4.0.1](https://www.nuget.org/packages/Microsoft.Data.SqlClient/4.0.1)
 * [4.0.0](https://www.nuget.org/packages/Microsoft.Data.SqlClient/4.0.0)