I have an application built using the ASP.NET 5 runtime - I would like to connect it to an on-premise SQL Server Database.
After some research I've already created the user-provided service with the relevant credentials, however I am unsure what to do next (i.e. writing the necessary code connecting it in ASP.NET).
Some further googling suggests to use Secure Gateway? but is this the only way? the cloud I am working on is dedicated and does not have the Secure Gateway service. Is there a workaround for this?
(Note: The application I'm working on is based on the ASP.NET-Cloudant example on IBM Github, if that helps).
https://github.com/IBM-Bluemix/asp.net5-cloudant
The Secure Gateway service isn't required as long as the Bluemix environment can connect to the server running SQL Server. This might require your firewall rules to be a little more relaxed on the SQL Server, or you can contact IBM to create a secure tunnel as Hobert suggested in his answer.
Aside from that issue, if you're planning to use Entity Framework to connect to your SQL Server, it should work similar to the existing tutorials on the asp.net site. The only difference will be in how you access the environment variables to create your connection string.
Assuming that you created your user-provided service with a command similar to this:
cf cups my-sql-server -p '{"server":"127.0.0.1","database":"MyDB","user":"sa","password":"my-password"}'
Your connection string in your Startup.cs file's ConfigureServices method would then look something like this:
string vcapServices = Environment.GetEnvironmentVariable("VCAP_SERVICES");
string connection = "";
if (vcapServices != null)
{
string myServiceName = "my-sql-server";
JArray userServices = (JArray)JObject.Parse(vcapServices)?["user-provided"];
dynamic creds = ((dynamic)userServices
.FirstOrDefault(m => ((dynamic)m).name == myServiceName))?.credentials;
connection = string.Format(#"Server={0};Database={1};User Id={2}; Password={3};",
creds.server, creds.database, creds.user, creds.password);
}
Update
The cloudant boilerplate that you're modifying doesn't use Entity Framework because cloudant is a NoSQL database, so it's a bit different than connecting to SQL Server. The reason that the boilerplate calls .Configure to register the creds class is that it needs to use that class from another location, but when using Entity Framework you simply need to use the credentials when adding EF to the services in the Startup.cs file so you don't need to use .Configure<creds>.
If you follow the guide here, the only part you'll need to change is the line var connection = #"Server=(localdb)\mssqllocaldb;Database=EFGetStarted.AspNet5.NewDb;Trusted_Connection=True;"; replacing it with the code above to create the connection string instead of hard-coding it like they did in the example tutorial.
Eventually, your ConfigureServices method should look something like this, assuming your DbContext class is named BloggingContext like in the example:
public void ConfigureServices(IServiceCollection services)
{
string vcapServices = Environment.GetEnvironmentVariable("VCAP_SERVICES");
string connection = "";
if (vcapServices != null)
{
string myServiceName = "my-sql-server";
JArray userServices = (JArray)JObject.Parse(vcapServices)?["user-provided"];
dynamic creds = ((dynamic)userServices
.FirstOrDefault(m => ((dynamic)m).name == myServiceName))?.credentials;
connection = string.Format(#"Server={0};Database={1};User Id={2}; Password={3};",
creds.server, creds.database, creds.user, creds.password);
}
services.AddEntityFramework()
.AddSqlServer()
.AddDbContext<BloggingContext>(options => options.UseSqlServer(connection));
services.AddMvc();
}
And then your Startup method would be simplified to:
public Startup(IHostingEnvironment env)
{
var configBuilder = new ConfigurationBuilder()
.AddJsonFile("config.json", optional: true);
Configuration = configBuilder.Build();
}
Excellent!
In Public Bluemix Regions, you would create and use the Secure Gateway Service to access the On-Premise MS SQL Server DB.
In your case, as a Bluemix Dedicated client, you should engage your IBM Bluemix Administration Team so they can work with your Network Team to create a tunnel between the Dedicated Bluemix Region and your On-Premise MS SQL DB Server.
If you want to connect directly from your Asp.Net Core application to a SQL Server you actually don't need a Secure Gateway.
For example, if you want to use a SQL Azure as your Database you can simply add the given connection string in your application.
But, for pratical and security reasons, you should create a User-Provided Service to store your credentials (and not use statically in your code), and pull your credentials from you VCAP_SERVICES simply adding SteelToe to your Cconfiguration Builder. (Instead of use parse the configuration manually with JObjects and JArrays)
Step-by-step:
In your CloudFoundry console create a User-Provided Service using a Json:
cf cups MySqlServerCredentials -p '{"server":"tcp:example.database.windows.net,1433", "database":"MyExampleDatabase", "user":"admin", "password":"password"}'
Obs.: If you use Windows console/Powershell you should escape you double quotes in Json like:
'{\"server\":\"myserver\",\"database\":\"mydatabase\",\"user\":\"admin\",\"password\":\"password\"}'
After you have created your User-Provided Service you should Connect this Service with your application in Bluemix Console.
Then, In your application add the reference to SteelToe CloudFoundry Steeltoe.Extensions.Configuration.CloudFoundry
In your Startup class add:
using Steeltoe.Extensions.Configuration;
...
var builder = new ConfigurationBuilder()
.SetBasePath(basePath)
.AddJsonFile("appsettings.json")
.AddCloudFoundry();
var config = builder.Build();
Finally, to access your configurations just use:
var mySqlName = config["vcap:services:user-provided:0:name"];
var database = config["vcap:services:user-provided:0:credentials:database"];
var server = config["vcap:services:user-provided:0:credentials:server"];
var password = config["vcap:services:user-provided:0:credentials:password"];
var user = config["vcap:services:user-provided:0:credentials:user"];
OBS.: If you're using Azure, remember to configure your Database firewall to accept the IP of your Bluemis application, but as default Bluemix don't give a static IP address you have some options:
Buy a Bluemix Statica service to you application (expensive)
Update firewall rules with REST put with the current IP of application (workaroud)
Open your Azure Database Firewall to a broad range of IPs. (Just DON'T)
More info about SteelToe CloudFoundry in :
https://github.com/SteeltoeOSS/Configuration/tree/master/src/Steeltoe.Extensions.Configuration.CloudFoundry
Related
I got a free Oracle Cloud Infrastructure (OCI) service from Oracle for two months.
I would like to create an Oracle database and connect to it directly over the internet (I don't want to create a VPN tunnel).
Do you know how I should do it?
One way to do it, use this URL pattern:
jdbc:oracle:thin:/#OCI_DB_NAME_high?TNS_ADMIN=PATH_TO_THE_WALLET_FOLDER
user name and password as usual, the Wallet should be unzipped.
Properties info = new Properties();
info.put(OracleConnection.CONNECTION_PROPERTY_USER_NAME, DB_USER);
info.put(OracleConnection.CONNECTION_PROPERTY_PASSWORD, DB_PASSWORD);
...
OracleDataSource ods = new OracleDataSource();
ods.setURL(DB_URL);
ods.setConnectionProperties(info);
OracleConnection connection = (OracleConnection) ods.getConnection();
I solved the problem myself.
To get to the database server without configuring a VPN link, you can create a virtual machine accessible via an external IP address and ssh from it to a local address from the 10.0.0.0 network
Here is the Spring Boot sample to connect to OCI managed autonomous database.
https://github.com/oracle-devrel/oci-sdk-java-samples/tree/main/usecases/connect-autonomous-database
I'm using Terraform with the AWS provider (v3.37.0) to create an RDS instance:
resource "aws_db_instance" "rds" {
identifier = "my_db"
engine = "sqlserver-se"
engine_version = "14.00.3401.7.v1"
name = null
username = "${somewhere/in/ssm}"
password = "${somewhere/in/ssm}"
}
I wish to create a database alongside this RDS instance, so the documentation (https://registry.terraform.io/providers/hashicorp/aws/3.37.0/docs/resources/db_instance) states that I need to assign a value to the variable name, which I cannot, since the engine that I'm using (SQL Server) doesn't support that.
Is there another way to create that database inside this instance within Terraform?
I was thinking of using the local-exec provisioner or a community provider, but:
For the local-exec provider, I don't know what I would put in the command. Would the following work, for example?
resource "aws_db_instance" "rds" {
identifier = "my_db"
engine = "sqlserver-se"
engine_version = "14.00.3401.7.v1"
name = null
username = "${somewhere/in/ssm}"
password = "${somewhere/in/ssm}"
provisioner "local-exec" {
command = "USE master; CREATE DATABASE db-name"
}
}
For the community providers, I'm not really that trusting, but I could make leeway if they end up being my only option.
I don't know what I would put in the command
You need to use full mssql-cli command (or any other programming interface to mssql) which will execute on your computer and create your database. This means you have to have it installed first. For example, you can develop a python script which will connect and create your database. Then you invoke the python script from your local-exec.
I Have strange problem when i tried to publish my asp.net mvc application to my local (pc) iis with "Always Encrypted" Enabled.
My application keep timeout when i tried to access database using EF6 at local IIS (not express) :
But if i tried to access & debug my asp.net mvc app using Visual Studio 2017, database with 'always encrypted enabled' can be accessed perfectly without timeout.
And also i can access it with SQL Management Studio without problem.
Both (SMSS & ASP.NET web config) using this configuration.
Column Encryption Setting=enabled;
Note : I'm using ASP.NET MVC 5 & EF 6, SQL Server 2016 Developer Edition.
Sorry for my bad english.
UPDATED :
I have tried using .NET Framework Data Provider to see if there's any clue that'll help me solving this issue, Using following code :
var context = new TestDevEntities();
StringBuilder sb = new StringBuilder();
string connectionString = context.Database.Connection.ConnectionString;
using (SqlConnection connection = new SqlConnection(connectionString))
{
connection.Open();
using (SqlCommand cmd = new SqlCommand(#"SELECT [id],[name],[CCno] FROM [TestDev].[dbo].[testEncCol]", connection, null, SqlCommandColumnEncryptionSetting.ResultSetOnly))
{
using (SqlDataReader reader = cmd.ExecuteReader())
{
if (reader.HasRows)
{
while (reader.Read())
{
sb.Append(reader[2] + ";");
}
}
}
}
}
above code show me this error :
Now, with this kind of error i know i exactly i must do :)
Change the identity of application pool to the 'user' who previously generated the certificate.
Export currentuser cert (used by always encrypted) and import to the user that you want to use as application pool identity.
Now its worked!
EF should throw some kind of error as clear as .NET Data Providers do, instead of timeout failure that really confuse me #_#
UPDATED (1) :
Now the question is how to use it (Certificate) with default ApplicationPoolIdentity instead of custom account?
UPDATED (2) :
I have done what jakub suggest, but still no luck.
Thanks
One way (could be the only way) to use the DefaultAppPool identity instead of a custom (user) account is to store the certificate in the Local Machine certificate store (not Current User).
Once you create a certificate in the Local Machine certificate store, you need to grant DefaultAppPool access to the cert. You can do that using Microsoft Management Console (and the plugin for Local Computer certs):
Right click on the cert, select All Tasks > Manage Private Keys.
Click Add.
Set location to your computer (not your domain).
Enter IIS AppPool\DefaultAppPool as the object name.
Click OK twice.
I have created a cloud sql instance in a PHP project and have made the billing procedure successfully. The project works.
Now, I want to access my database from another project but this time in Java SDK project with servlets.
Using the example in https://developers.google.com/appengine/
docs/java/cloud-sql/
In Java project I have:
project id: javaProjectID
In php project id I have:
project id: phptestID
instance name: phpinstanceName
database: dbname
In my code in Servlet i do the below connection:
String url = "jdbc:google:mysql://phptestID:phpinstanceName/dbname?user=root";
Connection conn = (Connection) DriverManager.getConnection(url);
(...>> The connection fails in this point and doesn't access the database to make the below query )
String sqlStmt = "SELECT * FROM sometable";
PreparedStatement stmt = conn.prepareStatement(sqlStmt);
ResultSetres = stmt.executeQuery(sqlStmt);
How can I access my database in another project?? Is there any other way except
your-project-id:your-instance-name???
You will need to give the new app engine app access to your CloudSQL instance. To do this go to the Cloud SQL instance in the console, edit it, go down to Authorized App Engine Applications and then add the app id of the new App Engine app.
UPDATE:
The most recent steps look like in the attached screenshot below
I'm building an app around the servicestack framework and need to be able to access data in both Oracle and MS Sql Server. Is this possible using ORMLite, it seems that I can only set a single dialect for the App or have I missed something?
Yes it is possible and support for this is already built into the OrmLiteConnectionFactory, see the Master SQLServer + Sqlite shard example on OrmLite's project home page.
Basically you would register your default (or master) connection first with:
var dbFactory = new OrmLiteConnectionFactory(
"Data Source=host;Initial Catalog=RobotsMaster;Integrated Security=SSPI",
SqlServerDialect.Provider);
Then you would register a named connection for every other connection you wish to support, e.g:
dbFactory.RegisterConnection("shard-1",
"~/App_Data/{0}.sqlite".Fmt(shardId).MapAbsolutePath(),
SqliteDialect.Provider);
Once that's configured, opening a connection without specifying a name will open a connection to the default database, e.g:
using (IDbConnection db = dbFactory.OpenDbConnection()) { ... } //Default DB
Whilst you can specify a name to open up a named connection to a db with a different provider, e.g:
using (var dbShard = dbFactory.OpenDbConnection("shard-1")) { ... } //Named DB
Manually use different Dialect Providers
The differences between the SQL Provider implementations between different RDBMS's are contained within each dialect provider. So if you want to use OrmLite's convenience extension methods against an specific ADO.NET provider implementation you just need to assign the ThreadStatic DialectProvider you wish to use, e.g:
OrmLiteConfig.DialectProvider = SqlServerDialect.Provider;
var dbConn = new SqlConnection(SqlServerConnString);
dbConn.Select<Table>(); //All db access now uses the above dialect provider
This is essentially all what RegisterConnection in OrmLiteConnectionFactory automatically does behind the scenes for you.
For reference here are all the dialect providers for OrmLite up to this point:
SqlServerDialect.Provider
SqliteDialect.Provider (different 32/64 and Mono impls available)
MySqlDialect.Provider
PostgreSqlDialect.Provider
OracleDialect.Provider
FirebirdDialect.Provider