I recently deployed a .net web api to Azure as a "Web App" using VS Community 2022. Now I need to deploy the sql server authentication db so that I can auth users and create JWT tokens.
The problem is, I can't find how to do this...
I would expect to see "Publish to Azure" for the database, or even better, publish the database with the api as it is a "Connected Service".
So now I have a live api that's inaccessible because I can't authorize users.
Am I missing a setting somewhere that says (wishful thinking) "Publish connected services with project?"
I created a database in Azure, but I can't find out how to publish my auth db (localdb) to it. I would expect a simple "Publish to Azure" when I right click it in the sql server object explorer, but it's not there.
Any help would be greatly appreciated.
Related
I have created an ASP.NET Core MVC application and published it directly via VS 2022 to Azure. It includes EF and Identity.
What is the best approach to also connect the database with data?
I have connected the database, but that didn't work as expected. All the data is missing
You can deploy your local database to Azure and connect with Web application.
I deploy My local database which is having SQL server authentication by following below procedure:
I selected the database and right click on it I go to below option:
Clicked on Deploy Database to Microsoft Azure SQL Database.
Connected to the Azure database server By clicking on connect option.
Image for reference:
It connected successfully.
Image for reference:
Summary of operation:
I click on finish. The operation started and completed successfully.
Image for reference:
My database is deployed to azure SQL database successfully.
Image for reference:
In this way we can deploy Local database to Azure SQL database.
Connecting to application:
Create web application go to publish page of that
From the View menu, select SQL Server Object Explorer.
At the top of SQL Server Object Explorer, click the Add SQL Server button.
In connect dialog box expand your azure node and connect to the database with username and password
Add client IP
database connected successfully.
In this way you can connect with azure SQL database.
Goal:
Assign appropriate Azure SQL database privileges to App Service Web Site's system service principal (or better yet) the user assigned service principal.
Background:
After having followed along with Alexandre's tutorial on creating Azure SQL administrators I created a simple Blazor Server App that can insert entries into a simple Azure SQL resident table because the system assigned service principal of the Azure App Service Web site is an administrator for the Azure SQL database.
Problem:
Database administrator privileges are not appropriate or necessary for the Azure App Service Web site. I need to endow the Azure App Service Web site with minimal privileges (such as db_datawriter) to be consistent with Microsoft's recommend best practices.
What is Working (Updated):
I've been following along with Jesse's tutorial where he endows his account as the Azure SQL administrator and creates new accounts with limited roles like db_datareader and dt_datawriter and db_ddladmin. This was not working previously (when I first posted).
Tue May 24 2022 Update:
I started over again (with a new azure SQL database) following Jesse's tutorial and I can now
log into the Query Explorer
create a user
grant access to that user to update, select and insert into a table
Connect with SSMS with no password and access the database tables as that user
Run my blazor app and insert into the table as well (with no password!)
New Questions (Tue May 24 2022):
When I deploy my blazor app to Azure AppService Web app, it cannot connect.
How do I write bicep code to grant my azure app service resident blazor app access to my azure SQL database? I think I need to use the system assigned service principal for the web app (does this have a password?) and use SQLCMD.EXE to execute those CREATE USER and ALTER ROLE commands. How do I do that? The problem is that the system assigned service principal of the web app is not an active directory object. Conversely, "az ad user show" does not have a principalId I can use as a user assigned service principal that I could assign to the web app.
So when I am running on my desktop dev machine, DefaultAzureCredential is detecting that I am logged to Azure with the Microsoft account and I can debug my blazor app on my dev machine...
How do I configure Azure SQL to allow access from the Azure App Service web app as well as access from my desktop dev machine? This is easy to do with cosmos SQL and I'm thinking it should be possible with Azure SQL as well.
Thanks
Siegfried
This article I recently published should be able to help you: https://dev.to/azure/create-and-connect-to-an-azure-sql-db-9k0. And yes, this sentences you mentioned "it looks like this is the way to conform to the Microsoft recommend Best Practices of abandoning passwords in favor of service principals and managed identities", is definitely correct.
I am starting to write an open source application which is intended to be deployed on premises with MS SQL Server as backend. Now I was wondering how to go about deploying the application and the SQL Server backend.
For MSSQL there is a pretty clear installation path but I was wondering how I could create an easy installer for the web application. The idea is to copy the website to some location, start it and then call a special installation controller where the user could specify a database user with elevated privileges (such as the 'sa' user). The website should then create some database users, views and tables on that database and perform the initial setup. Additionally, it should also modify the configuration of the website to use the correct database user.
Of course, other ideas are welcome as well. How do you handle the deployment of a website for a small company which doesn't have dedicated IT staff.
I've deployed my project to Azure and my login page loads. When I attempt to login, it hangs for a moment and returns an "Access is denied" error. I've double and triple checked my connection string and it matches the one provided by Azure.
I've deployed to Azure in the past but it's been a while. Is there something I need to do in order to make my DB accessible? I read a couple articles about similar problems people had with remote connections. It involved turning on remote connection accessibility in SSMS, but I don't see that being the case in my situation as it's not being accessed thru Sql Server.
Are there modifications I must make to my DB to make it accessible on Azure?
Here's my error:
EDIT - I am using forms authentication for user handling if it makes a difference.
This error indicates that your Azure SQL Database is not configured to accept connections from the service you are trying to connect.
You have to Enable Windows Azure Services to connect to your Azure SQL Database Server.
To achieve that, navigate to your Azure SQL Database Dashboard and click on Manage Allowed IP Addresses, as shown bellow:
Then On this new page, make sure that Windows Azure Services are enabled (YES):
I had the same problem and found that I didn't have the database and the app service in the same location. One was in Australia East while the other was in Australia South East. I moved my app service to be in the same location as the DB and bingo. :)
I've created a Lightswitch HTML application in VS 2013. It relies on a SQL Server database which was created locally and then uploaded to Azure. The database was then linked to the Azure web site.
I tested my database connection strings in the publish routine and they succeeded. The publish succeeded, but when I browse my azure URL, I receive the following message:
You do not have permission to view this directory or page.
What must be done to remedy this error?
I had a similar problem that would not resolve until I moved to a "Pay-As-You-Go" subscription rather than a "Free Trial".
I also had the same problem, but did NOT have to move to a "Pay-As-You-Go" subscription to get it working. Here was what I had to do.
The Azure management portal will tell you that the Site URL is something like https://mywebsite.azurewebsites.net/
but to test a Lightswitch HTML5 client application, the URL in Azure will actually be https://mywebsite.azurewebsites.net/HTMLClient/
Hope that helps.