We are trying to get connectionstring from Azure Web App to work with our ASP.net Website.
We have configured the connection string correctly in Azure Web App:
However, when we visit our Kudu environment page its showing a completely incorrect connection string, cannot figure out why its not showing our custom connection string.
Also - we are using a custom connection string because we have a special connector (Devart Mysql) that we need the provider name to remain correctly.
When we try to load our site we receive this:
I'm wondering if azure web app is overriding our provider and resetting it to a Sql Server provider instead of the Devart.MySql provider we need to use. Appreciate any help/guidance
UPDATE
Checking the web.config using kudu it appears that azure is automatically changing the provider name to System.Data.Entityclient - how can we prevent this from happening? I believe this is the root of the issue
Also - we are using a barebones project to test this with the bare minimum so we know that there aren't other factors in the project manipulating these values, pretty certain azure web app is making this change, just not sure how to fix it
For .NET apps like ASP.NET, these connection strings are injected into your .NET configuration connectionStrings settings at runtime, overriding existing entries where the key equals the linked database name.
These settings will also be available as environment variables at runtime, prefixed with the connection type. The environment variable prefixes are as follows:
SQL Server: SQLCONNSTR_
MySQL: MYSQLCONNSTR_
SQL Database: SQLAZURECONNSTR_
Custom: CUSTOMCONNSTR_
You retrieve the settings in your application using ConfigurationManager.ConnectionStrings["keyname"];.
So in web.config set the connectionString blank and will automatically use the connectionString of the application settings. For more details, you could refer to this tutorial.
Related
Okay so I have a Web API I am making for talking to a SQL Azure database and following this tutorial here: https://learn.microsoft.com/en-us/azure/sql-database/sql-database-security-tutorial
I get to the section I already know on how to copy the Azure connnection strings and there are ones like this(ADO.NET):
Server=tcp:{myDatabase}.database.windows.net,1433;Initial Catalog=Expenses;Persist Security Info=False;User ID={your_username};Password={your_password};MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;
I know I have to provide my credentials and I can put them in and get the API to work just fine. My question is how do I protect this string if I save it to GitHub or under source control? In the past with .NET I did a method with a protected configuration as shown here:
https://learn.microsoft.com/en-us/dotnet/framework/data/adonet/connection-strings-and-configuration-files
Basically something like this:
<connectionStrings configProtectionProvider="DataProtectionConfigurationProvider">
<EncryptedData>
<CipherData>
<CipherValue>{long ciphered value}</CipherValue>
</CipherData>
</EncryptedData>
</connectionStrings>
I was attempting to potentially extend services off of something like this article: Encrypted Configuration in ASP.NET Core
However I am using Azure and I know that mixing Azure into the mix gives you some other things to do as well. Are there any suggestions by people that have used Azure Databases on how they secure their connection string or at least a link to get me started?
I guess that you are using Azure Sql Authentication ( which needs a username and password) or Azure Integrated Security with password, that's why you are concerned about protecting the credentials.
If there is an option I would suggest to use Azure Integrated Security(equivalent to Windows integrated security) which avoids exposing the user/service principal credentials in connection strings. It just needs that account in azure active directory.
If this is not an option to consider we can look for storing the connection string in Azure Key Vault and retrieving it dynamically for establishing database connection.
If you are using Azure App Services there is another way of securely storing your connection strings (and other application secrets). In the Azure portal you can add these settings in the dashboard for your app service, under 'Application settings'. When you scroll down you will eventually come across the 'Application settings' and 'Connection strings' headers. As stated on the dashboard these settings are encrypted at rest and transmitted over an encrypted channel.
We have an IIS application hosted on AWS Elastic Beanstalk and are using the PARAM values to define the connection strings for our deployments. We are also using the membership role manager and the Session State Server within our application (sql server mode). This is creating a problem as we want the connection string to be completely dynamic and for that we are trying to write the string in C# on App_Start event. But the project throws an error "connectionstringname property not found" when we do that.
Basically our use case is:
We deploy same application across multiple elastic beanstalk instances and would like to depend on PARAM values to define which one is which. However the membership role manager and the session state server aren't allowing us to have the entire connection string in just those PARAM parameters.
Is there a way to achieve what we are trying to do?
Regards
Sunil Rai
It can be achieved by removing membership dependency from web project. We have to write our logic instead of membership function and we can write one app setting which will specify server name "Demo" or "Live" and we can define our connection string in our C# code.I have implemented in my projects.
i have created a default MVC 4 app with web api. so far i have added a few API calls.
i would like to use the out of the box membership provider with no customization.
on my local machines i have added two users and added two user roles.
in the api i have added [Authorize] attribute for the API calls class.
It works well and prevents calls to API if the user is not logged in.
However, when i deploy the app on to Amzaon Beanstalk the Register and Login functions are broken. I am getting
Error. An error occurred while processing your request.
in the web.config of the application i have:
<connectionStrings>
<add name="DefaultConnection" connectionString="Data Source=(LocalDb)\v11.0;Initial Catalog=aspnet-UserListsActionsTest-20131103214231;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|\aspnet-UserListsActionsTest-20131103214231.mdf" providerName="System.Data.SqlClient" />
</connectionStrings>
Also, i have gone to the properties of the project and set "Items to deploy" to all files in this project.
should that not be enough? do i need to create a SQL db on beanstalk?
would greatly appreciate some help.
In my experience, I've used Amazons RDS service to create a SQL Server instance and point my connection string to that in which I'll run all of my Migrations to that database. That or you can point it to whatever SQL Server instance you have with the appropriate connection string.
You can then call update-database and have your Users / User Roles created in the Seed() method.
FYI: You may need to configure certain ports/permissions within the RDS instance to be friendly with the Elastic Beanstalk instance. (Think about security groups)
I would also download the AWS Toolkit for Visual Studio as it'll help get you setup with the database connection string and the ability to publish straight to AWS Elastic Beanstalk.
I'm working on an exercise and i want a help. So far I have to created an MVC4 Internet Application using C# and uploaded it to azure as a web site (custom create with sql server). Now I want to create a web service to use the same database that my web application is using. How I can do it?
I found an option when you create a new project (C#->Cloud Project-> Windows Azure Cloud Service)
Note that then i want to use the web service with workflow based service
Thank you
Connections to SQL Azure are just Connection Strings. This isn't any different than creating applications on premises or hosting them elsewhere. Get the connection string of your existing Azure SQL Database and then use that when setting up your database calls in your web service project. You can get the connection string from the Windows Azure Management portal. Dig down to the database and there will be a Show Connection Strings option on the dashboard page for the database. See this documentation if you aren't familiar with working with connection strings Azure SQL: http://msdn.microsoft.com/en-us/library/windowsazure/ee336282.aspx
Note that Azure SQL Databases do not support integrated windows authentication, so the connection string will contain the username and password. You may want to look into securing that information in your configuration.
I deployed my MVC application on the WindowsAzure staging environment. I used universal provider for membership. But i am little bit confused.
My confusion is that i created some accounts on my local machine now after deployment when i am trying to access those accounts in cloud, i got error message incorrect username or password but if i am accessing those accounts from my local machine, then there was no error message. I did`nt change the connection string. Can anybody please explain me the concept or give me some reference link ?
As you asked for concept on how it works, i can explain it. When you are using ASP.NET Universal Providers in your MVC app, there must a database where it can be configured. In most cases SQLExpress is the local database used by Universal Providers to store the membership details.
Now when you deploy your application to Windows Azure as Cloud Service there is no local database configured so your default configuration to Universal Providers will not work. The best way to solve this problem is to configure your MVC application universal providers to use SQL Database even when you are testing locally. Once local tests are completed and your deploy your application to Windows Azure, because your application is still pointing to SQL Database, it will work without any problem (considering you have configured SQL Database properly).
This particular article shows different connection strings used in MVC application to connect with SQLExpress or SQL Database so you can use it to modify your SQL DB.
You'll want to set an explicit <machineKey> in your web.config. That key is used for a number of things relating to sessions and membership (like cookies and passwords). If you don't specify the key explicitly, Windows Azure chooses one for you on each deployment, which will invalidate existing auth cookies and stored passwords.