Not able to connect to Azure SQL MI from webApp. I tried 1) Public endpoint 2) VNet integration too.

Question

Not able to connect to Azure SQL MI from webApp. I tried 1) Public endpoint 2) VNet integration too.

Siba 0

Followed the following steps for VNet integration:

https://learn.microsoft.com/en-us/azure/app-service/overview-vnet-integration

2 answers

Your answer

Answer 1

Hi @Siba

Have a look at the Deploy an ASP.NET Core and Azure SQL Database app to Azure App Service - Azure App Service | Microsoft Learn tutorial.

Here are somethings I would do to resolve the issue.

First, remove the VNet integration if you don't intend to use it. Using a sql username/password, connect locally from your machine using SSMS and connecting using the connection string from the resource itself or search for the instance under Azure in the SQL Data Explorer inside Visual Studio; see Connect and query - Azure SQL Database & Azure SQL Managed Instance | Microsoft Learn for more details. Make sure you allow your public IP. Once that's confirmed working, take that same connection string and add it to the application as an app setting. Depending on the runtime, load that app setting as an environment variable in your codebase and configure your SQL connection to use it. Make sure you enable logging to observe any issues. You can also use the app service advanced tools to connect to the kudu environment and use a terminal to ping <server-name>database.windows.net. If you don't get a response, then check the network connectivity on the managed instance.

If your app doesn't report any issues and you SQL connection object is able to query your database, then enable your application to use a system managed identity and add that identity to your SQL database with db_datareader and db_datawriter DB roles. See Tutorial: Access Azure databases with managed identity - Azure App Service | Microsoft Learn for the step-by-step.

After all that, make sure you go back to your Azure SQL resources firewall settings and remove your public IP entry.

Answer 2

Siba 0

From Jupyter notebook I am able to connect to the public endpoint of SQL MI DB using server='<name>.database.windows.net:3342' . It was not expecting port number as a separate parameter. But when I tried in VS Code and App Service/Web app, its not connecting SQL MI DB without a separate "port" parameter.

I was able to connect to SQL MI from Web Apps/App service. I connected to both public Endpoint and VPN-Local Endpoint (after VNet Integration) using the following python code.

If the SQL MI DB and the App Service are in different VNets, then "Private Endpoint", "VPN Peering" or "VNet-to-VNet VPN gateway" would be required.

Note: Port parameter is optional when connecting to Local Endpoint. But mandatory for connecting to Public Endpoint.

   conn = pymssql.connect(

    server='<name>.database.windows.net',

    port='1433', #(1433 for local endpoint and port 3342 for public endpoint)

    user='',

    password='',

    database='',

    as_dict=True

   )

Thanks. This solved my issue.

Ryan Hill 30,281 Reputation points Microsoft Employee Moderator

2024-03-13T18:53:06.17+00:00

Hi @Siba,

Glad to hear you were able to resolve your issue and apologies for the misunderstanding. In Connectivity architecture - Azure SQL Managed Instance | Microsoft Learn, it does mention the point about 3342 port when using the public endpoint. For VNet-Local though, per the doc, it should be accessible from <mi-name>.<dns-zone>.database.windows.net endpoint. It doesn't mention setting a port number so let me know if an empty port setting still failed for you.
Siba 0 Reputation points

2024-03-14T05:19:55.15+00:00

Hello Ryan, You are correct. Connecting using Local Endpoint is not expecting port number. Neither in the server/host nor as a separate field "port".

Share via

Not able to connect to Azure SQL MI from webApp. I tried 1) Public endpoint 2) VNet integration too.

2 answers

Your answer