Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 1 year ago.
Improve this question
I am trying to access local resources (database) from Azure. I want to use permissions set on Azure AD user (the AD groups) to avoid the user from gaining too much access to database data.
So, I have a Azure AD User and a web app connected to local database (on premise) through a azure hybrid connection. When I access the database Azure uses a inbuilt IIS Account instead of the signed in user (the Azure user in synchronized with local domain AD User). Is this possible, and how to accomplish this ?
Passing Azure AD user credentials to on-prem SQL Server instance is not supported yet. Connecting to SQL Server running on an Azure VM is not supported using an Azure.
Active Directory account. Use a domain Active Directory account instead. However, It is you can pass Azure SQL database then it is possible to configure Azure SQL database with Azure AD authentication.
Note here gives more info: https://learn.microsoft.com/en-us/azure/sql-database/sql-database-aad-authentication-configure
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 24 days ago.
Improve this question
I have installed SQL Server Express 2019 on my machine and after installation, I am able to login into server using the Windows Authentication method like
And as you can see the sa account has been disabled by default
So I tried to enable the sa account like
But I am getting this error message
Cannot alter the login 'sa', because it does not exist or you do not have permission.(Microsoft SQL Server, Error:15151)
Even when I tried to change the server authentication mode from Windows Authentication Mode to SQL Server and Windows Authentication Mode at
I am facing this error:
The EXECUTE permission was denied on the object 'xp_instance_regwrite', database 'mssqlsystemresource', schema 'sys'. (Microsoft SQL Server, Error; 229)
So it looks like I have no/not granted any permission to do any anything! when login with Windows which apparently is my only option to get into server!(this is also happening when I tried to create new user!)
How can I get this to act as an administrator for DB when I login?
I have already seen and tried this post.
This is poor practice in the first place. If you need a local admin account you should create a different login such that attackers and automated tools won't be able to just assume the user name.
But remember: I said, "If". You can get admin/sa rights to administer the server (or create your initial local login) by logging into the computer (not the database) with the local administrator account. Then you can use using Windows Authentication from that account to access the database server as a server administrator.
Closed. This question is not about programming or software development. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed last month.
Improve this question
I am unable to login my office 365 account on my virtual machine. This my logs when I run dsregcmd /status on cmd.
I tried to edit the VM using this command, still not working.
enablecredsspsupport:i:0
authentication level:i:2
Also, I added Role assignment: Virtual Machine Administrator Login and Virtual Machine User Login
And I have this on my extension: AADLoginForWindows
I tried to reproduce the same in my environment and got the results like below:
While creating virtual machine in management Make sure to check login with Azure Ad like below:
In your virtual machine check whether extension is added:
Try to assign role assignment Virtual Machine User Login or
Virtual Machine Administrator Login to user
Now, Download Rdp file and login. When I tried to check with dsregcmd /status Azure AD joined successfully:
To Login with Azure Ad credentials account try to change Network Level Authentication access in RDP to avoid an error:
In RDP -> search box type allows remote connection to this computer -> uncheck the box like below:
Now edit your RDP downloaded file, try to include
enablecredsspsupport:i:0
authentication level:i:2
username:s:xxxxx.onmicrosoft.com (Add your username here)
domain:s:AzureAD
When I try to connect with login AzureAd\UPN with user it connected successfully like below:
I've got an Azure App Service that needs access to a classic SQL Server (non-Azure SQL, not SQL Managed Instance) and I'd prefer to do this via System Managed Identity. This is enabled on the App Service and a corresponding Enterprise Application is created on Azure AD.
The SQL Server is also connected to this Azure AD and User accounts on the AD already have access to the database. However I can't find how to create a login for the Enterprise Application. If this was an Azure SQL database I could do it with CREATE LOGIN [AZUREAD\app] FROM EXTERNAL PROVIDER but this does not work on a classic SQL Server, only on Azure SQL/MI.
A solution would be to use SQL accounts and reference the login/password in the connection strings, but as mentioned I'd much rather use Azure AD for authentication.
To answer my own question: SQL Server 2022 includes Azure AD authentication Link
Using integrated security or an access token it will be possible to authenticate with an App Registration.
This is currently in preview with no RTM date specified.
I am required to migrate an on-prem ASP.Net web application with its SQL Server 2019 backend to Azure.
The Web application initial migration must be IaaS (Windows VMs running IIS).
The SQL 2019 has to be Azure SQL PaaS (Not Azure SQL Managed instance).
The existing on-prem Web application has several virtual directories, and each application in a virtual directory, is in a separate IIS app pool.
Each app pool is run under the context of a different domain service account.
Connection to the SQL databases is via integrated security.
In the current on-prem solution, the domain service accounts are added as logins to the SQL Server and each has permissions to one or more of the databases (Execute / Connect permissions; addition to datareader role etc).
I believe there will have a domain join to Azure AD, so the on-prem AD service accounts will be accessible in azure (as far as I can understand).
SQL Azure does not support CREATE LOGIN [MYDOMAIN\MYSVCACCOUNT] FROM WINDOWS;
Is there a way I can setup the existing on-prem domain accounts with the access, permissions and roles in the SQL PaaS solution, to mirror the current on-prem setup?
Alternatively, could someone could help me identify resources for best practice for the architecture described.
Thank you
I found a a few good posts that assisted me to understand all available options:
https://www.mssqltips.com/sqlservertip/5242/adding-users-to-azure-sql-databases/
https://learn.microsoft.com/en-gb/azure/azure-sql/database/logins-create-manage
I am planning to use Yubikey with my systems. Currently I have my windows server Active directory is configured to synchronize with Microsoft AD services. So if I use Yubikey in my server for 2FA, will it cause any problem with synchronizing of server AD with Azure AD?.
If no issues how can i configure yubikey?