Merge pull request #17941 from karinazhou/data-classification-sni-trace

Update data classification and sni tracing

Author: GitHubber17

docs/connect/ado-net/enable-eventsource-tracing.md

@@ -1,7 +1,7 @@
 ---
-title: "Enabling event tracing in SqlClient"
+title: "Enable event tracing in SqlClient"
 description: "Describes how to enable event tracing in SqlClient by implementing an event listener and how to access the event data."
-ms.date: "06/15/2020"
+ms.date: "11/23/2020"
 dev_langs: 
   - "csharp"
 ms.prod: sql
@@ -12,7 +12,7 @@ author: johnnypham
 ms.author: v-jopha
 ms.reviewer: 
 ---
-# Enabling event tracing in SqlClient
+# Enable event tracing in SqlClient
 
 [!INCLUDE [appliesto-netfx-netcore-netst-md](../../includes/appliesto-netfx-netcore-netst-md.md)]
 
@@ -48,10 +48,99 @@ The following example enables event tracing for a data operation on the **Advent
 
 [!code-csharp [SqlClientEventSource#1](~/../sqlclient/doc/samples/SqlClientEventSource.cs#1)]
 
+## Event tracing support in Native SNI
+
+**Microsoft.Data.SqlClient** v2.1.0 extends event tracing support in **Microsoft.Data.SqlClient.SNI** and **Microsoft.Data.SqlClient.SNI.runtime**. By sending an EventCommand to `SqlClientEventSource`, events in native SNI.dll can be collected using [Xperf](https://docs.microsoft.com/windows-hardware/test/wpt/) and [PerfView](https://github.com/microsoft/perfview) tools. The valid EventCommand values are listed as below:
+
+```cs
+// Enables trace events:
+EventSource.SendCommand(eventSource, (EventCommand)8192, null);
+
+// Enables flow events:
+EventSource.SendCommand(eventSource, (EventCommand)16384, null);
+
+// Enables both trace and flow events:
+EventSource.SendCommand(eventSource, (EventCommand)(8192 | 16384), null);
+```
+
+The following example enables event tracing in native SNI.dll when the application targets .NET Framework. 
+
+```cs
+// Native SNI tracing example
+// .NET Framework application
+using System;
+using System.Diagnostics.Tracing;
+using Microsoft.Data.SqlClient;
+
+public class SqlClientListener : EventListener
+{
+    protected override void OnEventSourceCreated(EventSource eventSource)
+    {
+        if (eventSource.Name.Equals("Microsoft.Data.SqlClient.EventSource"))
+        {
+            // Enables both trace and flow events
+            EventSource.SendCommand(eventSource, (EventCommand)(8192 | 16384), null);
+        }
+    }
+}
+
+class Program
+{
+    static string connectionString = @"Data Source = localhost; Initial Catalog = AdventureWorks;Integrated Security=true;";
+
+    static void Main(string[] args)
+    {
+        using (SqlClientListener listener = new SqlClientListener())
+        using (SqlConnection connection = new SqlConnection(connectionString))
+        {
+            connection.Open();
+        }        
+    }
+}
+```
+
+### Use Xperf to collect trace log
+
+1. Start tracing using the following command line.
+
+   ```
+   xperf -start trace -f myTrace.etl -on *Microsoft.Data.SqlClient.EventSource
+   ```
+   
+2. Run the native SNI tracing example to connect to SQL Server.
+
+3. Stop tracing using the following command line.
+
+   ```
+   xperf -stop trace
+   ```
+   
+4. Use PerfView to open the myTrace.etl file specified in Step 1. The SNI tracing log can be found with `Microsoft.Data.SqlClient.EventSource/SNIScope` and `Microsoft.Data.SqlClient.EventSource/SNITrace` event names. 
+
+   ![Use PerfView to view SNI trace file](media/view-event-trace-native-sni.png)
+
+
+### Use PerfView to collect trace log
+
+1. Start PerfView and run `Collect > Collect` from menu bar.
+
+2. Configure trace file name, output path, and provider name.
+
+   ![Configure Prefview before collection](media/collect-event-trace-native-sni.png)
+   
+3. Start collection.
+
+4. Run the native SNI tracing example to connect to SQL Server.
+
+5. Stop collection from PerfView. It will take a while to generate PerfViewData.etl file according to configuration in Step 2.
+
+6. Open the etl file in PerfView. The SNI tracing log can be found with `Microsoft.Data.SqlClient.EventSource/SNIScope` and `Microsoft.Data.SqlClient.EventSource/SNITrace` event names. 
+
+
 ## External resources  
 For more information, see the following resources.  
 
 |Resource|Description|  
 |--------------|-----------------|  
 |[EventSource Class](/dotnet/api/system.diagnostics.tracing.eventsource)|Provides the ability to create ETW events.| 
-|[EventListener Class](/dotnet/api/system.diagnostics.tracing.eventlistener)|Provides methods for enabling and disabling events from event sources.|
+|[EventListener Class](/dotnet/api/system.diagnostics.tracing.eventlistener)|Provides methods for enabling and disabling events from event sources.|

docs/connect/ado-net/media/collect-event-trace-native-sni.png

@@ -1,7 +1,7 @@
 ---
 title: "Using Azure Active Directory authentication with SqlClient"
 description: "Describes how to use supported Azure Active Directory authentication modes to connect to Azure SQL data sources with SqlClient"
-ms.date: "11/10/2020"
+ms.date: "11/20/2020"
 dev_langs: 
   - "csharp"
 ms.prod: sql
@@ -26,9 +26,9 @@ Azure Active Directory (Azure AD) authentication uses identities in Azure Active
 The early **Microsoft.Data.SqlClient** supports `Active Directory Password` for .NET Framework, .NET Core, and .NET Standard. It also supports `Active Directory Integrated` authentication and `Active Directory Interactive` authentication for .NET Framework. Starting with **Microsoft.Data.SqlClient** 2.0.0, support for `Active Directory Integrated authentication` and `Active Directory Interactive` authentication has been extended across .NET Framework, .NET Core, and .NET Standard. A new `Active Directory Service Principal` authentication mode is also added in SqlClient 2.0.0 that makes use of the client ID and secret of a service principal identity to accomplish authentication. More authentication modes are added in SqlClient 2.1.0 including `Active Directory Device Code Flow` and `Active Directory Managed Identity` (also known as `Active Directory MSI`). These new modes enable the application to acquire an access token to connect to the server. More information about all the Active Directory authentications are covered in the following sections.
 
 
-## Setting Azure Active Directory authentication in the connection string
+## Setting Azure Active Directory authentication
 
-When connecting to Azure SQL data sources with Azure AD authentication, the application needs to provide a valid authentication mode. This table lists the supported authentication modes, which can be specified with the `Authentication` connection property.
+When connecting to Azure SQL data sources with Azure AD authentication, the application needs to provide a valid authentication mode. This table lists the supported authentication modes, which can be specified with the `Authentication` connection property in the connection string.
 
 | Value | Description  | Framework    | Microsoft.Data.SqlClient Version |
 |:--|:--|:--|:--:|
@@ -43,7 +43,7 @@ When connecting to Azure SQL data sources with Azure AD authentication, the appl
 > <sup>1</sup> Before **Microsoft.Data.SqlClient** 2.0.0, `Active Directory Integrated` and `Active Directory Interactive` authentications are only supported on .NET Framework 4.6+. 
 
 
-## Connecting with Active Directory Password authentication
+## Using Active Directory Password authentication
 
 `Active Directory Password` authentication mode supports authentication to Azure data sources with Azure AD for native or federated Azure AD users. When using this mode, user credentials must be provided in the connection string. The following example shows how to use `Active Directory Password` authentication.
 
@@ -57,7 +57,7 @@ using (SqlConnection conn = new SqlConnection(ConnectionString)) {
 ```
 
 
-## Connecting with Active Directory Integrated authentication
+## Using Active Directory Integrated authentication
 
 To use `Active Directory Integrated` authentication mode, you need to federate the on-premise Active Directory with Azure AD in the cloud. Federation can be done using Active Directory Federation Services (ADFS), for example. When logged in to a domain-joined machine, you can access Azure SQL data sources without being prompted for credentials with this mode. Username and password cannot be specified in the connection string for .NET framework applications. Username is optional in the connection string for .NET Core and .NET Standard applications. The Credential property of SqlConnection cannot be set in this mode. The following code snippet is an example of when `Active Directory Integrated` authentication is in use.
 
@@ -78,7 +78,7 @@ using (SqlConnection conn = new SqlConnection(ConnectionString2)) {
 ```
 
 
-## Connecting with Active Directory Interactive authentication
+## Using Active Directory Interactive authentication
 
 `Active Directory Interactive` authentication supports multi-factor authentication technology to connect to Azure SQL data sources. If this authentication mode is provided in the connection string, an Azure authentication screen will be displayed and ask the user to enter valid credentials. The password cannot be specified in the connection string. The Credential property of SqlConnection cannot be set in this mode. With **Microsoft.Data.SqlClient** 2.0.0 and above, username is allowed in the connection string when in interactive mode. The following example displays how to use `Active Directory Interactive` authentication.
 
@@ -100,7 +100,7 @@ using (SqlConnection conn = new SqlConnection(ConnectionString2)) {
 ```
 
 
-## Connecting with Active Directory Service Principal authentication
+## Using Active Directory Service Principal authentication
 
 In `Active Directory Service Principal` authentication mode, the client application can connect to Azure SQL data sources by providing the client ID and secret of a service principal identity. Service Principal authentication involves setting up an App registration with a secret, granting permissions to the App in the Azure SQL Database instance, and then connecting with the correct credential. The following example shows how to use `Active Directory Service Principal` authentication.
 
@@ -114,7 +114,7 @@ using (SqlConnection conn = new SqlConnection(ConnectionString)) {
 ```
 
 
-## Connecting with Active Directory Device Code Flow authentication
+## Using Active Directory Device Code Flow authentication
 
 With [Microsoft Authentication Library](/azure/active-directory/develop/msal-overview) for .NET (MSAL.NET), `Active Directory Device Code Flow` authentication enables the client application to connect to Azure SQL data sources from devices and operating systems that do not have an interactive web browser. Interactive authentication will be performed on another device. For more information about device code flow authentication, see [OAuth2.0 Device Code Flow](/azure/active-directory/develop/v2-oauth2-device-code). When this mode is in use, the Credential property of SqlConnection cannot be set. Also, the username and password must not be specified in the connection string. The following code snippet is an example of using `Active Directory Device Code Flow` authentication.
 
@@ -128,7 +128,7 @@ using (SqlConnection conn = new SqlConnection(ConnectionString)) {
 ```
 
 
-## Connecting with Active Directory Managed Identity authentication
+## Using Active Directory Managed Identity authentication
 
 **Managed Identities** for Azure resources is the new name for the service formerly known as **Managed Service Identity (MSI)**. When a client application uses an Azure resources to access an Azure service that support Azure AD authentication, **Managed Identities** can be used to authenticate by providing an identity for the Azure resource in Azure AD and use it to obtain access tokens. This can eliminate the need for developers having to manage credentials and secrets. There are two types of **Managed Identities**: _System-assigned Managed Identity_ and _User-assigned Managed Identity_. The _System-assigned Managed Identity_ is an identity created on a service instance in Azure AD. It is tied to the lifecycle of that service instance. _User-assigned Managed Identity_ is created as a standalone Azure resource. It can be assigned to one or more instances of an Azure service. For more information about **Managed Identities**, see [About managed identities for Azure resources](/azure/active-directory/managed-identities-azure-resources/overview).
 
@@ -169,7 +169,7 @@ using (SqlConnection conn = new SqlConnection(ConnectionString2)) {
 ```
 
 
-## Customizing Active Directory authentication with ActiveDirectoryAuthenticationProvider class
+## Customizing Active Directory authentication
 
 Besides using the Active Directory authentication built into the driver, **Microsoft.Data.SqlClient** 2.1.0 and later provide applications the option to customize AD authentication. The customization is based on the _ActiveDirectoryAuthenticationProvider_ class, which is derived from the [_SqlAuthenticationProvider_](/dotnet/api/system.data.sqlclient.sqlauthenticationprovider) abstract class. During Active Directory authentication, the client application can define its own _ActiveDirectoryAuthencationProvider_ by either using a customized callback method or passing `Application Client Id` to the MSAL library via SqlClient driver for fetching access tokens.
 

docs/connect/ado-net/media/view-event-trace-native-sni.png

@@ -1,7 +1,7 @@
 ---
 title: "Data discovery and classification in SqlClient"
 description: "Describes how to check if a SQL Server database supports data classification and how to access data classification information through a SqlDataReader object."
-ms.date: "06/15/2020"
+ms.date: "11/23/2020"
 dev_langs: 
   - "csharp"
 ms.prod: sql
@@ -20,10 +20,84 @@ ms.reviewer:
 
 [Data Discovery & Classification](../../../relational-databases/security/sql-data-discovery-and-classification.md) is a set of advanced services for discovering, classifying, labeling & reporting the sensitive data in your databases. SqlClient provides an API exposing read-only Data Discovery and Classification information when the underlying source supports the feature. This information is accessed through SqlDataReader.
 
+Microsoft.Data.SqlClient v2.1.0 introduces support for Data Classification's `Sensitivity Rank` information. `Sensitivity Rank` is an identifier based on a predefined set of values, which define sensitivity rank. It can be used by other services like Advanced Threat Protection to detect anomalies based on their rank. The following Data Classification APIs are now available in Microsoft.Data.SqlClient.DataClassification namespace:
+
+```csharp
+// New in Microsoft.Data.SqlClient v2.1.0
+public enum SensitivityRank
+{
+    NOT_DEFINED = -1,
+    NONE = 0,
+    LOW = 10,
+    MEDIUM = 20,
+    HIGH = 30,
+    CRITICAL = 40
+}
+
+public sealed class SensitivityClassification
+{
+  // Returns the sensitivity rank for the query associated with the active 'SqlDataReader'.
+  // New in Microsoft.Data.SqlClient v2.1.0
+  public SensitivityRank SensitivityRank;
+
+  // Returns the labels collection for this 'SensitivityClassification' Object
+  public ReadOnlyCollection<Label> Labels;
+
+  // Returns the information types collection for this 'SensitivityClassification' Object
+  public ReadOnlyCollection<InformationType> InformationTypes;
+
+  // Returns the column sensitivity for this 'SensitivityClassification' Object
+  public ReadOnlyCollection<ColumnSensitivity> ColumnSensitivities;
+}
+
+public sealed class SensitivityProperty
+{
+  // Returns the sensitivity rank for this 'SensitivityProperty' Object
+  // New in Microsoft.Data.SqlClient v2.1.0
+  public SensitivityRank SensitivityRank;
+
+  // Returns the label for this 'SensitivityProperty' Object
+  public Label Label;
+
+  // Returns the information type for this 'SensitivityProperty' Object
+  public InformationType InformationType;
+}
+
+public sealed class Label
+{
+  // Gets the name for this 'Label' object
+  public string Name;
+
+  // Gets the ID for this 'Label' object
+  public string Id;
+}
+
+public sealed class InformationType
+{
+  // Gets the name for this 'InformationType' object
+  public string Name;
+
+  // Gets the ID for this 'InformationType' object
+  public string Id;
+}
+
+public sealed class ColumnSensitivity
+{
+  // Returns the list of sensitivity properties as received from Server for this 'ColumnSensitivity' information      
+  public ReadOnlyCollection<SensitivityProperty> SensitivityProperties;
+}
+```
+
+> [!NOTE]
+> Microsoft.Data.SqlClient reads `Sensitivity Rank` information only if SQL Server supports Data Classification with rank. For servers use old version of Data Classification without rank, the rank value for queries is "NOT DEFINED".
+
 This sample application demonstrates how to access the Data Classification properties of SqlDataReader.
 
 [!code-csharp [SqlDataReader_DataDiscoveryAndClassification#1](~/../sqlclient/doc/samples/SqlDataReader_DataDiscoveryAndClassification.cs#1)]
 
+
 **See also**  
 
- [SQL Server features and ADO.NET](sql-server-features-adonet.md)
+ - [SQL Server features and ADO.NET](sql-server-features-adonet.md)
+ - [sys.sensitivity_classifications (Transact-SQL)](../../../relational-databases/system-catalog-views/sys-sensitivity-classifications-transact-sql.md)
+ - [ADD SENSITIVITY CLASSIFICATION](../../../t-sql/statements/add-sensitivity-classification-transact-sql.md)