If I have a Windows Forms app that gets data from Azure SQL is it safe to connect directly to the Azure SQL with a connections string or should I develop a Web service that the Azure SQL sits behind so I connect to web service and the web service connects to Azure SQL.
I was thinking that someone could get hold of the connection string from with in the app when it is published or is this not possible.
Related
Currently I have everything on premise - .NET Core 3.0 API and SQL Server database.
Azure AD/Service account are configured in IIS and database has given access to the service account.
All requests use that Azure AD service account.
Now we are planning for an Azure migration. API is published in App Services.
Now I want to use the same Azure AD account to connect to an Azure SQL Server database.
How should I do that?
Don't send me Microsoft links, those are having toooo much info.
Tell what and how to do configuration in Azure SQL and App Services.
Any help is appreciated.
Now I want to use the same AD account to connect to an Azure SQL Server database.
AD accounts can't connect to Azure SQL Database. Only SQL and Azure Active Directory (AAD) Logins/Users.
There are some options, but there's a clear best-practice: Provision a Managed Service Identity (MSI) for your Azure App Service Application and use that to connect to SQL Server.
Here is a simple tutorial for how you should integrate App Service and Azure SQL Database:
Tutorial: Secure Azure SQL Database connection from App Service using a managed identity
Currently I have two Azure VM's, one for the ASP.NET application (VM1) and another with SQL Server 2017 (VM2).
At the moment, the application on VM1 connects to VM2's SQL Server using SQL Server authentication, but now I want to change it to Windows authentication. I found this on the Azure website about how to connect:
Virtual networks also enables you to join your Azure VMs to a domain. This is the only way to use Windows authentication to SQL Server. The other connection scenarios require SQL Server authentication with user names and passwords.
https://learn.microsoft.com/en-us/azure/virtual-machines/windows/sqlclassic/virtual-machines-windows-classic-sql-connect
But there is also a website forum ask to use Azure Active Directory domain in order to achieve this.
I am confused regarding this, can anyone help me with a description how to connect my VM1 application to VM2 SQL Server using Windows authentication?
I am trying to connect to an on-premises SQL Server from my API which i have deployed to Azure App Service. I have established a Azure Hybrid Connection to connect between on-premises SQL and Azure. I created a connection string which included username and password as that of a local login i created in the On-Premises server. This is allowing me to connect.
Connection String:
Data Source=;Initial Catalog=;User=;Password=;MultipleActiveResultSets=True
However i want to connect to the server using windows authentication. My System account has access on the server, but when using connection string as -
Data Source=;Initial Catalog=;Integrated Security=SSPI;User=;Password=;
Or
Data Source=;Initial Catalog=;Integrated Security=SSPI;
It is giving error as
"Login failed. The login is from an untrusted domain and cannot be
used with Windows authentication."
Please suggest how to use windows mode of authentication while forming connection string to the on-premises SQL Server from Azure App Service.
Azure Hybrid Connection does not appear to support Active Directory and hence Windows Authentication will not work. See note about sql auth being required in Official MS documentation.
https://learn.microsoft.com/en-us/azure/biztalk-services/integration-hybrid-connection-overview
Also, look at the following SO question where one of the answers details common issues faced this setup:
C# web app not connecting to on premise SQL Server through Azure hybrid Connection
You are unlikely to get around this, especially if you are hosting your app as a web app.
I have my api running on Azure and it is working perfect if it is connected to Azure SQL database.
I want this api to use my local database i.e on-premises database. I made my database to accept connection from remote and also enabled TCP/IP in wf.msc and also created an inbound rule for 1433. Is there anything i had to do to make this work? I tried to use the following connection string in azure :
ASP.Net core 2.0 web api written in C# hosted on azure and trying to access the sqlserver database on the Virtual Machine.
I tried as mentioned in the following to create hybrid connection but the status keeps saying 'Not Connected'
https://learn.microsoft.com/en-us/azure/app-service/app-service-hybrid-connections
Server=tcp:<mycomputername>,1433;Initial Catalog=MyDb;Persist Security Info=False;User ID=userid;Password=pwd;MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;
If your On-Prem SQL VM is behind firewall, you need to allow inbound from Azure. Usually you poke a hole in your On-Prem firewall and allow inbound from your Azure (source) to your On-Prem SQL server (Destination) on a particular port.
I need to connect my web app on Azure to our on site SQL Server instance via Windows authentication (not via SQL Server account authentication). Active Directory is already integrated with the on-site AD and therefore all of the users are available there.
My question is, is it possible to hook up an azure web app to an on-site SQL Server via Windows authentication.
is it possible to hook up an azure web app to an on-site SQL Server via Windows authentication.
Base on my option, it maybe that we couldn’t do that. As we have been limited to do that operation for azure WebApp. There is also another SO thread mentioned that.
If we want to connect to on premise SQL Server, we can use hybrid connections to access on-premises SQL server database in Azure WebApp, more info please refer to the document.
If we want to authenticate the WebApp with local Active Directory, and we have an on-premises secure token service (STS) like Active Directory Federation Services (AD FS), we could use that to federate authentication for our Azure WebApp. More info please refer to the document.
Hybrid connections at this time does not support AD accounts due to
because you cannot domain join an App Service worker