Config & Debugging - Entra + On-Prem SQL Server

Leif A 0 Reputation points
2024-04-11T18:29:13.86+00:00

I have the following configuration and I'm wondering what the best way to configure and develop the code is.

I have an Azure App Service App that needs to connect to two different SQL Servers.

  • Azure SQL Server (12.0.2000.8)
  • SQL Server (15.0.4355)

So, I have two questions:

  1. Connecting to the SQL Server requires windows authentication to connect and get data. So, how can we give an Azure app Service access to log into an on-prem SQL Server?
  2. If we get some kind of Entra/Service Principle to do this, how would our developers run the code in Visual Studio using these credentials?
SQL Server
SQL Server
A family of Microsoft relational database management and analysis systems for e-commerce, line-of-business, and data warehousing solutions.
12,747 questions
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
6,899 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,541 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Azar 19,245 Reputation points
    2024-04-11T19:18:01.9866667+00:00

    Hi there Leif A

    Thats a good question and thanks for using QandA platfrorm.

    lets get to the questions.

    One approach is to set up a hybrid connection. You can use Azure Hybrid Connections to allow your Azure App Service to access resources on your on-premises network, such as your SQL Server.

    Another option is to use Azure Virtual Network. You can connect your Azure App Service to your on-premises network using Azure Virtual Network (VNet) integration.

    now you can set up Managed Identity for your Azure App Service. Managed Identity provides an identity for the App Service, which you can use to authenticate to other Azure services or resources. However, remember this doesn't directly support authentication to on-premises resources like your SQL Server.

    To authenticate this, you might need to set up a middle-tier service or an API that runs on-premises and acts as a bridge between your Azure App Service and the SQL Server.

    Developers can use Managed Identity during development by configuring their local development environment to use Managed Identity additionally, developers can use Azure Key Vault to securely store and retrieve credentials needed for local development.

    to sum up,, to enable your Azure App Service to connect to an on-premises SQL Server, you can use hybrid connections or Azure Virtual Network integration. For authentication, Managed Identity can be used along with a middle-tier service or Azure Key Vault for securely storing and retrieving credentials. Developers can configure their local development environment to use Managed Identity or Azure Key Vault for development purposes.

    If this helps kindly accept the answer thanks much.

    0 comments
  2. MikeyQiao-MSFT 560 Reputation points Microsoft Vendor
    2024-04-15T07:56:21.5833333+00:00

    Hi, Leif A

    The following article provides instructions on how to connect to Azure SQL Server using different methods. (including authentication and default password-less connection)

    .NET and the Microsoft.Data.SqlClient library.

    .NET and Entity Framework Core.

    Python and the Python SQL Driver - pyodbc

    2.If we get some kind of Entra/Service Principle to do this, how would our developers run the code in Visual Studio using these credentials?

    You can get more details from this article.

    The following is a supplement to the excellent answer from Azar

    Connect to an Azure SQL server using an Azure Private Endpoint using the Azure portal

    Web app with private connectivity to Azure SQL Database

    If the answer helps don't forget to ***Accept ***it!

    0 comments