The end goal of this is to be able to expose a on-prem SQL Server so that it can be connected to like a 'regular' SQL Server using Azure. I'm trying to avoid doing a Azure Data Sync as I don't want to 'copy' data in this situation, although I will probably have to fall back to that if this doesn't work out.
So far, I've created an Azure Hybrid Connection to the SQL Server and now I'm trying to connect to the SQL Server through the Hybrid Connection.
I've managed to connect to the Hybrid Connection by creating an SAS token and connecting. However, now, I'm thoroughly stumped on how to pass a connection through that connection if that makes any sense.
I've tried using Stream classes but those don't seem to fit what I want to do in this situation. I'm having trouble googling or searching on StackOverflow because of how convoluted this whole thing is.
Is this even possible? Is there some class or library that I'm missing here?
According to your description, you could follow the steps below:
1) Create Hybrid Connections via your App Service app in Azure Portal, details you could follow Add and Create Hybrid Connections in your app.
2) Go to "Networking > Configure your Hybrid Connection endpoints" of your App Service app, then click Download connection manager or HybridConnectionManager.msi for downloading the Hybrid Connection Manager. You could sign in with your Azure account, choose your subscription, select the hybrid connections that you want the HCM to relay or you could select enter manually int the HCM with the Hybrid connection string from Azure Portal. Details you could follow Hybrid Connection Manager.
Moreover, you could follow Accessing on Premise SQL Server Database From Azure Web App Using Azure Hybrid Connection, though it uses the older BizTalk Hybrid Connections.
Related
I have an Azure VM and a SQL DB on that VM - IAAS.
I want to get data from that DB using C#, but I'm unable to get how to connect to SQL of Azure VM using C#.
Any suggestions?
What would be the connection string I have to pass, and how can I get data from that SQL on Azure VM?
About connect to SQL Managed instance, it's located inside a Vnet.
The options to connect to it are :
From the Azure
Inside the same VNet (different subnet)
From different VNet using VNet peering / Site-to-Site VPN / Express
Route circuit (for cross-region connection)
From on-premises .
Using express Route or VPN
Then you can learn from this document:
Connect your application to Azure SQL Database managed instance:
You may choose to host application in the cloud either by using Azure App Service or some of Azure's virtual network (VNet) integrated options like Azure App Service Environment, Virtual Machine, Virtual Machine Scale Set. You could also take hybrid cloud approach and keep your applications on-premises.
Whatever choice you made, you can connect it to a Managed Instance.
After you configured these settings, you can reference Quickstart: Use .NET and C# in Visual Studio to connect to and query an Azure SQL database. This tutorial also include the Managed instance.
Hope this helps.
I have an Azure Web App running, the site needs to connect to an on-site SQL database.
My On-site network with the SQL server has been added via VPN to Azures Virtual Network.
When I go to Azure and use the console on my Web App (which I have looked up on how to do on another thread on here) I can tcpping the IP and even run sql commands on it and get results.
However... I take these exact same connection string details that I used in the console and put them in a connection string and the Web App just will not connect.
I am using
<add name="ConSQL" connectionString="Server=tcp:192.168.xxx.xxx:1433;Initial Catalog=LoggerData;User ID=xxx;Password=xxx;Trusted_Connection=False;Encrypt=True;"/>
Is there something I am missing? I know that my Azure Service Web App can see and access the onsite sql server by pinging and querying it from console, but as soon as I launch the web app itself and try and connect to a database as you would in C# it will not connect.
Try going to Configuration>Connection Strings and add the connection string under the web app. Make sure it is name exactly as referenced in your code. Also, in your code make sure you get the connection string from the configuration file.
services.AddDbContext<YourDBContext>(options =>
{
options.UseSqlServer(Configuration.GetConnectionString("ConSQL"));
});
Step 1. Moving the connection string to Azure.
Step 2. Removing Trusted_Connection=False;Encrypt=True; from the connection string.
Fixed this issue. Thank you Salli for your help.
I am working on WPF app that connects to Azure SQL using EF 6 and defined connection string ( no Web Service to save money on Azure running SQL and Web server ).
So my question is how secure is such connection?
I have in connection string Encrypt=True ( so I am using SSL ).
I am using AD user credentials to connect to DB itself ( combination of AD user and corresponding contained DB user, unfortunately username and password are in config files of app ).
I have registered app in Azure AD and gave it permission to access DB using this contained DB user matching AD user. ( I am using this app client id to identify that communication comes from my WPF app ).
The only threat I can see here is if someone gain access to computer with app installed and retrieves from config files all those information needed to establish connection and authenticate it.
But I am really weak in networking stuff and I have no idea if someone can obtain those information from snuffing network traffic. ( tried to use wireshark myself but it all looked pretty gibberish to me )
So has anyone any idea how such communication can be corrupted in any way?
SQL Server and SQL Azure support encryption for database connections (encryption in motion). Please be aware that SSL is the older term for this - the current best capability supported to talk to the SQL engine (in either context) is TLS 1.2. Note that you need to have the right (up to date) versions of client drivers to be able to get this security when talking to SQL Azure. SQL Azure enforces encryption by default when using these drivers. You can read the current state of this in this post:
https://support.microsoft.com/en-us/help/3135244/tls-1-2-support-for-microsoft-sql-server
With respect to your broader question, there are lots of things you need to consider when writing an application (2 tier or 3 tier). You should be looking at the firewall on Azure SQL DB to lock down whatever path you enable. You should use the SQL permission model to limit what each user/role can do when operating in the database. You should use audit to track who connects to the db (and from where). You should make sure you are using TDE (on by default in SQL Azure for new DBs). There are additional security features in SQL that may also be useful to you (row level security, data masking, always encrypted, etc). The networking part is really just the starting point for designing a secure solution.
I have a bunch of small desktop applications for which I have a simple database for keeping user data (who uses which app and in which version) etc.
I want the apps to connect to Azure SQL server and update database record when they're started. My apps have the ADO.NET connection string hardcoded in them.
It works fine from my home network and my company guest network - however, the corporate network has got some of the ports disabled, and that apparently includes port 1433. As per Microsoft troubleshooting guide, I tried telnet and failed.
C:\Users\xxx>telnet 65.55.74.144 1433
Connecting To 65.55.74.144...Could not open connection to the host, on port 143
: Connect failed
I cannot connect neither via my applications, nor by SQL Server explorer in Visual Studio.
So, the question is - how can I get around this problem? It is highly doubtful that corporate IT will unlock a port just because I ask, besides I want to keep it as simple, low profile and independent as possible. Or maybe my approach is incorrect from the very beginning and I should do stuff differently?
Cheers
Bartek
You can't.
Make your desktop applications talk to web services instead, over HTTP/HTTPS. Among other things this will also allow a more controlled access (right now anyone can connect to your database and modify the data, since your access credentials are publicly shared with your app).
A side effect of using we services is that 80/443 are almost always opened in all corp firewalls.
I just upload my project to Windows Azure website free version.
My website need to connect to external SQL server on another web hosting.(not SQL server on windows azure).
When i develop on my PC. Everything works well (that mean my connection string is correct).
But when i upload to windows azure. It can't connect to that database.
And throw exception like this.
Access is denied
when i do the following this answer, error show like this
Connecting to remote SQL Server 2008 from Windows Azure
A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond
and both show stack trace like this
A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
[SqlException (0x80131904): A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible.
how can i solve this issue, please help.
You're uploading your application to a Windows Azure Website. Most probably port 1433 that connects to SQL Server is blocked by default on their firewall. Since you're using an azure website you will have no control over this firewall setting.
You can either:
Migrate your existing SQL Server database into SQL Azure and consume it from there
Upgrade your application to a Cloud Service where you can define the endpoints you need to connect to the external database (which I wouldn't recommend anyway because it would be very slow on deployment)
Find a way to publish your existing database as web services so you can consume them from your application, but you would probably have to rewrite your app's data access layer.
I would simply move everything to SQL Azure, it's pretty straightforward.
If you can add a website to the remote host where the database is hosted, can you create a service (e.g. WCF or Rest) on that same host that allows you to talk to the database? That way you can still host the database on the external host and communicate with it via the service from the Azure Website.
Looks like there's a new way to allow Azure webapps to connect to on premises SQL Servers using Hybrid Connections. Google leads me to believe that this feature became available sometime in 2016. It will require that you install additional software on the machine that hosts your SQL Server instance.
More information available here.