Connect to Internal SQL database from Azure Web Application - sql-server

I'm trying to build a webservice that talks to a SQL database hosted on a server in our internal network. The service is hosted by Azure as a Web App. Is there a good way of doing this? Do I have to use Azure Sql databases, and if I do, is there a way to have the Azure database act as a proxy for our internal database?
There are already rules permitting connections to the ports on our database server, so I don't think that's the problem. I see a lot of questions regarding connecting to Azure hosted sql databases, but nothing about connecting Azure web apps to other kinds of databases.
The error occurs when I try to call a stored procedure (via generated entity framework code) and is as follows:
Error occurred: System.Data.Entity.Core.EntityException: The underlying provider failed on Open. ---> System.Data.SqlClient.SqlException: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections.
Our database is configured to allow remote connections, so what I'm guessing the Web App is having difficulty connecting to our vpn.
Please let me know if you need any additional information.
Thanks,
Josh

You can leverage Azure Hybrid Connections which is a feature of App service. Within App Service, Hybrid Connections can be used to access application resources in other networks. It provides access from your app to an application endpoint and uses Azure Relay service to connect to on-premise.
Check out the below link for more details :
https://learn.microsoft.com/en-us/azure/app-service/app-service-hybrid-connections

First option is to look on azure app service hybrid connection but for you to do that you should have Windows server 2012 or above.
Azure App Service Hybrid
Azure App Service hybrid connection is good if you are pulling small amount of data.
If you are pulling large amount of data or your SQL server version is below server 2012 you have two options:
Azure Site to Site VPN
Azure SQL Data Sync
Azure SQL DB Sync is a feature that available on Azure SQL database. You can create a Azure SQL database on azure and sync your on-premise SQL database or SQL database table to Azure SQL database and you can connect your application to Azure SQL database instead of connecting to on-premise database server. This will increase your performance of your application.

We ended up adding the application to an Azure Virtual network that allowed connections to our on-prem servers. The remaining difficulties were due the wrong port numbers being open.
What was very helpful in debugging this was the Kudu console in Azure, under Advanced tools -> console. There you can run commands from the machine hosting your application like ping, or the below:
sqlcmd -S tcp:servername,1433 -U Username -d databasename -P password -q "SELECT * FROM tablename"

Related

Connecting to On-Premises SQL Server from API in Azure App Service

I am trying to connect to an on-premises SQL Server from my API which i have deployed to Azure App Service. I have established a Azure Hybrid Connection to connect between on-premises SQL and Azure. I created a connection string which included username and password as that of a local login i created in the On-Premises server. This is allowing me to connect.
Connection String:
Data Source=;Initial Catalog=;User=;Password=;MultipleActiveResultSets=True
However i want to connect to the server using windows authentication. My System account has access on the server, but when using connection string as -
Data Source=;Initial Catalog=;Integrated Security=SSPI;User=;Password=;
Or
Data Source=;Initial Catalog=;Integrated Security=SSPI;
It is giving error as
"Login failed. The login is from an untrusted domain and cannot be
used with Windows authentication."
Please suggest how to use windows mode of authentication while forming connection string to the on-premises SQL Server from Azure App Service.
Azure Hybrid Connection does not appear to support Active Directory and hence Windows Authentication will not work. See note about sql auth being required in Official MS documentation.
https://learn.microsoft.com/en-us/azure/biztalk-services/integration-hybrid-connection-overview
Also, look at the following SO question where one of the answers details common issues faced this setup:
C# web app not connecting to on premise SQL Server through Azure hybrid Connection
You are unlikely to get around this, especially if you are hosting your app as a web app.

how to connect api running on azure to connect to on-premises sql server database

I have my api running on Azure and it is working perfect if it is connected to Azure SQL database.
I want this api to use my local database i.e on-premises database. I made my database to accept connection from remote and also enabled TCP/IP in wf.msc and also created an inbound rule for 1433. Is there anything i had to do to make this work? I tried to use the following connection string in azure :
ASP.Net core 2.0 web api written in C# hosted on azure and trying to access the sqlserver database on the Virtual Machine.
I tried as mentioned in the following to create hybrid connection but the status keeps saying 'Not Connected'
https://learn.microsoft.com/en-us/azure/app-service/app-service-hybrid-connections
Server=tcp:<mycomputername>,1433;Initial Catalog=MyDb;Persist Security Info=False;User ID=userid;Password=pwd;MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;
If your On-Prem SQL VM is behind firewall, you need to allow inbound from Azure. Usually you poke a hole in your On-Prem firewall and allow inbound from your Azure (source) to your On-Prem SQL server (Destination) on a particular port.

ELOGIN error while connecting to SQL Server RDS in AWS Elastic Beanstalk

I have setup SQL Server RDS using AWS Elastic Beanstalk. I am running a nodejs-express application to fetch details from the RDS. When I run app locally I am able to connect to RDS but when I deploy my application in Elastic Beanstalk I get ELOGIN error - Login failed for user ***. I have setup environment variables in the Software Configuration and stored them locally to connect to the RDS.
You might receive an error if you attempt to use SQL Server Management Studio (SSMS) with a SQL Server account to log into SQL Server running on a Windows 2012 R2 EC2 instance or in Amazon RDS. The issue occurs when SSMS is run as a domain user and can result in the error "Login failed for user," even when valid credentials are provided. This is a known issue and AWS is actively working to resolve it.
To work around the issue, you can log into SQL Server with Windows Authentication instead of SQL Authentication. Or launch SSMS as a local user instead of a Simple AD domain user.
More Info https://docs.aws.amazon.com/directoryservice/latest/admin-guide/admin_troubleshooting.html

Is there any difference to access SQL Server and SQL Server instance from an Application server that is in DMZ

I am new to workflow stake and don't have good knowledge in networking.
Can someone please tell me if I have an application server in DMZ which connects to SQL server instance which is not in DMZ, Is there any difference if i connect to SQL server or SQL Server instance. I am able to make connection to the SQL Server but once i try to try the instance it won't find the instance.
I.e. Can connect to sqlservername but not to sqlservername\instanename the error i am getting is the SQL Server instance can't be found. the instance is setup to allow remote connection. Hope my question make sense.
Regards
You can't connect to named instance? - as minimum you need to enable remote connections to this server from SSMS->Server->Properties->Connections or you can read, for example, this article for more information how to do that. And... be sure that Sql Server Browser service is started and feels good, because it's responsible for managing connections to named instances.
The main issue with DMZ in my experience is dealing with authentication. Domain users usually can't access DMZ so, services such as Analysis Services (known as Cubes) for example, which allow only windows authentication, will be not accessible from the application server without extra efforts, establishing for example, kerberos auth.

OLAP cube / Analysis Services = error on transport layer

Problem:
When connecting to an OLAP cube via Excel by using Windows authentication we receive this error: "An error was encountered in the transport layer"
When connecting to Analysis Services via SQL Server Management Studio 2008 R2 by using Windows authentication we receive this error: "Cannot connect to Lake. A connection cannot be made. Ensure that the server is running."
The thing is that a connection with a proxy user via an automated SQL Server job in which the cube is deployed and processed worked. Using the credentials of that user when trying to connect to Analysis Services via SQL Server Management Studio however, does not work.
The server, on which the cube is deployed, is named Lake and is definitely running. Also, the connection to the database engine on Lake is possible.
What could cause this issue? Why is it possible that a proxy user can update the cube in a SQL Server Job but the very same credentials cannot be used to manually log in to the Analysis Services server?
It is possible that the SQL Job uses credentials of a Service Account - most likely SQL Server Agent (NT Service\SQLServerAgent) or Analysis Services (NT Service\MSSQLServerOlapService) to connect to the SSAS database and this account has access to the cube but the end-user running this job doesn't have an explicit access, hence the error.
Probably, you try to connect from another domain, than MS SSAS service works. You may check it by connecting with login from domain of MS SSAS server.

Resources