i have created a default MVC 4 app with web api. so far i have added a few API calls.
i would like to use the out of the box membership provider with no customization.
on my local machines i have added two users and added two user roles.
in the api i have added [Authorize] attribute for the API calls class.
It works well and prevents calls to API if the user is not logged in.
However, when i deploy the app on to Amzaon Beanstalk the Register and Login functions are broken. I am getting
Error. An error occurred while processing your request.
in the web.config of the application i have:
<connectionStrings>
<add name="DefaultConnection" connectionString="Data Source=(LocalDb)\v11.0;Initial Catalog=aspnet-UserListsActionsTest-20131103214231;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|\aspnet-UserListsActionsTest-20131103214231.mdf" providerName="System.Data.SqlClient" />
</connectionStrings>
Also, i have gone to the properties of the project and set "Items to deploy" to all files in this project.
should that not be enough? do i need to create a SQL db on beanstalk?
would greatly appreciate some help.
In my experience, I've used Amazons RDS service to create a SQL Server instance and point my connection string to that in which I'll run all of my Migrations to that database. That or you can point it to whatever SQL Server instance you have with the appropriate connection string.
You can then call update-database and have your Users / User Roles created in the Seed() method.
FYI: You may need to configure certain ports/permissions within the RDS instance to be friendly with the Elastic Beanstalk instance. (Think about security groups)
I would also download the AWS Toolkit for Visual Studio as it'll help get you setup with the database connection string and the ability to publish straight to AWS Elastic Beanstalk.
Related
We are trying to get connectionstring from Azure Web App to work with our ASP.net Website.
We have configured the connection string correctly in Azure Web App:
However, when we visit our Kudu environment page its showing a completely incorrect connection string, cannot figure out why its not showing our custom connection string.
Also - we are using a custom connection string because we have a special connector (Devart Mysql) that we need the provider name to remain correctly.
When we try to load our site we receive this:
I'm wondering if azure web app is overriding our provider and resetting it to a Sql Server provider instead of the Devart.MySql provider we need to use. Appreciate any help/guidance
UPDATE
Checking the web.config using kudu it appears that azure is automatically changing the provider name to System.Data.Entityclient - how can we prevent this from happening? I believe this is the root of the issue
Also - we are using a barebones project to test this with the bare minimum so we know that there aren't other factors in the project manipulating these values, pretty certain azure web app is making this change, just not sure how to fix it
For .NET apps like ASP.NET, these connection strings are injected into your .NET configuration connectionStrings settings at runtime, overriding existing entries where the key equals the linked database name.
These settings will also be available as environment variables at runtime, prefixed with the connection type. The environment variable prefixes are as follows:
SQL Server: SQLCONNSTR_
MySQL: MYSQLCONNSTR_
SQL Database: SQLAZURECONNSTR_
Custom: CUSTOMCONNSTR_
You retrieve the settings in your application using ConfigurationManager.ConnectionStrings["keyname"];.
So in web.config set the connectionString blank and will automatically use the connectionString of the application settings. For more details, you could refer to this tutorial.
I have been created an asp.net web api with a sql server running on MS SQL server. I have uploaded the sql database to azure, then I have added the asp.net web api to azure too. I then edited the connection string (find it below) inside the web.api file to point to the sql server database currently on azure. I have not been added to access the database through the web api
I have tried accessing the sql database using a local client and I am able to access the database. I havee also tried accessing the web api and I have been able to load some pages.
<connectionStrings>
<add name="DefaultConnection" connectionString="Data Source=floshopadmin;Initial Catalog=FloShop;Integrated Security=True" providerName="System.Data.SqlClient" />
</connectionStrings>
Your connection string is using "Integrated Security".
Most likely your database was setup to allow access to your Windows User account.
The ASP.NET process in Azure isn't going to be running under that account.
Create a new User on the database and use the credentials from that user to connect instead of "Integrated Security".
Okay so I have a Web API I am making for talking to a SQL Azure database and following this tutorial here: https://learn.microsoft.com/en-us/azure/sql-database/sql-database-security-tutorial
I get to the section I already know on how to copy the Azure connnection strings and there are ones like this(ADO.NET):
Server=tcp:{myDatabase}.database.windows.net,1433;Initial Catalog=Expenses;Persist Security Info=False;User ID={your_username};Password={your_password};MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;
I know I have to provide my credentials and I can put them in and get the API to work just fine. My question is how do I protect this string if I save it to GitHub or under source control? In the past with .NET I did a method with a protected configuration as shown here:
https://learn.microsoft.com/en-us/dotnet/framework/data/adonet/connection-strings-and-configuration-files
Basically something like this:
<connectionStrings configProtectionProvider="DataProtectionConfigurationProvider">
<EncryptedData>
<CipherData>
<CipherValue>{long ciphered value}</CipherValue>
</CipherData>
</EncryptedData>
</connectionStrings>
I was attempting to potentially extend services off of something like this article: Encrypted Configuration in ASP.NET Core
However I am using Azure and I know that mixing Azure into the mix gives you some other things to do as well. Are there any suggestions by people that have used Azure Databases on how they secure their connection string or at least a link to get me started?
I guess that you are using Azure Sql Authentication ( which needs a username and password) or Azure Integrated Security with password, that's why you are concerned about protecting the credentials.
If there is an option I would suggest to use Azure Integrated Security(equivalent to Windows integrated security) which avoids exposing the user/service principal credentials in connection strings. It just needs that account in azure active directory.
If this is not an option to consider we can look for storing the connection string in Azure Key Vault and retrieving it dynamically for establishing database connection.
If you are using Azure App Services there is another way of securely storing your connection strings (and other application secrets). In the Azure portal you can add these settings in the dashboard for your app service, under 'Application settings'. When you scroll down you will eventually come across the 'Application settings' and 'Connection strings' headers. As stated on the dashboard these settings are encrypted at rest and transmitted over an encrypted channel.
In my web app which is hosted as an Azure App Service, I have the following in my web.config for testing:
<connectionStrings>
<add name="ProductionConnection" providerName="System.Data.SqlClient" connectionString="Data Source=tcp:something.database.windows.net,1433;Initial Catalog=DatabaseName;User Id=admin#sssdddr;Password=Pass#word1;Trusted_Connection=False;Encrypt=True;Connection Timeout=30; MultipleActiveResultSets=True" />
</connectionStrings>
I'm trying to follow some basic security best practices here, so I've moved my connection string up to the Application Settings section of my web app:
This particular setting is a bad example because ideally I'd only ever have ProductionConnection stored in Azure and never used locally - but for other connection strings and appSettings used both locally and in production that should should be protected, how should I handle the values when developing locally?
if you're looking for securing secrets/connection strings from developer, go for Azure Key Vault which is designed to secure all your secrets from everyone. Each secret will be exposed as a URI to end developer to consume via REST.
for this, you need to register your application with Azure AD as KeyVault would request for AD Token to provide secrets.
I mean the connection string value / app setting should not be baked
into the application's bin directory
Connection strings are normally located inside web.config file. web.config will never be inside bin folder; we normally place it inside application's root folder.
I believe you mean storing sensitive information like username and password to access SQL Server. You cannot hide connection string and settings from developers who is debugging the application.
In corporate environment, we (developers) use Windows Authentication to access SQL Server.
We have an IIS application hosted on AWS Elastic Beanstalk and are using the PARAM values to define the connection strings for our deployments. We are also using the membership role manager and the Session State Server within our application (sql server mode). This is creating a problem as we want the connection string to be completely dynamic and for that we are trying to write the string in C# on App_Start event. But the project throws an error "connectionstringname property not found" when we do that.
Basically our use case is:
We deploy same application across multiple elastic beanstalk instances and would like to depend on PARAM values to define which one is which. However the membership role manager and the session state server aren't allowing us to have the entire connection string in just those PARAM parameters.
Is there a way to achieve what we are trying to do?
Regards
Sunil Rai
It can be achieved by removing membership dependency from web project. We have to write our logic instead of membership function and we can write one app setting which will specify server name "Demo" or "Live" and we can define our connection string in our C# code.I have implemented in my projects.