I have a requirement where in I need to parameterize my Azure SQL/Azure Synapse linked service using 2 parameters 'DBServer' and 'DBName'. I configured my collaboration branch as below and everything works as expected in my Synapse workspace.
Even the linked service ARM template shows the connection string values as expected.
However when I publish the code (using the publish button in Synapse workspace), the code in the Synapse Live mode does not contain these parameters defined. Please see the snippet below.
Even the code in the TemplateParameter file of the publish branch is blank.
I tried removing the parameters and put in the actual values for Server and DBName, it still shows no values in the publish branch/Live mode. While I understand that the git mode does not store secrets, this case of mine does not have any secrets and I am authenticating via Managed Identity.
Is there a solution to deal with this scenario? I would not prefer to store the connection string in KeyVault and refer it back in the linked service as it does not make the solution completely dynamic.
I created Azure sql database and created synapse pool in Azure portal. I created SQL linked service in synapse pool with managed identity authentication.
to authenticate with managed identity, I created user in SQL database with synapse pool name using below query
create user [SynapsePoolName] from external provider;
ALTER ROLE db_owner ADD MEMBER [SynapsePoolName];
Image for reference:
Linked service:
I published the Linked Service with publish button.
Image for reference:
It published successfully.
When I open the linked service after publish, I am getting the parameters.
Image for reference:
I got the parameters in template also.
Image for reference:
It worked in my machine kindly check from your side.
Related
App Service dev, staging and prod deployment slots and SQL DB all have system assigned managed identities.
Contributor roles have been assigned to managed identities at the subscription level.
SQL Server Contained users have been created and roles assigned for the App Service dev, staging and production slots:
SQL Server Contained Users
appsettings.json connectionStrings:
connectionStrings
AD DB Admin User created and added to SQLServer as a contained user.
Permissions added to AppService managed identity for dB1 and dB2 to SQL Server AppService Managed Identity Permissions
msi-validator returns success for token based connection from the web app to two different databases on the same sql server instance.
msi-validator success
Local and Azure deployment slot both return: SQLException Login failed for token-identified principal
Walked through https://social.technet.microsoft.com/wiki/contents/articles/53928.azure-ad-managed-identity-connecting-azure-web-app-and-slots-with-azure-sql-db-without-credentials.aspx and many other tutorials.
Still missing something...
Attempts to run the application using the managed identity connection string is consistently failing with the token-provider principal login failure error.
Confirmation of settings:
Confirmation of Settings
Please make sure the Azure Active Directory user is created on the Azure SQL Database. Please make you create the user in the Azure SQL Database following the steps mentioned here.
To create an Azure AD-based contained database user, connect to the database with an Azure AD identity, as a user with at least the ALTER ANY USER permission. Then use the following Transact-SQL syntax:
CREATE USER <Azure_AD_principal_name> FROM EXTERNAL PROVIDER;
CREATE USER [bob#contoso.com] FROM EXTERNAL PROVIDER;
CREATE USER [alice#fabrikam.onmicrosoft.com] FROM EXTERNAL PROVIDER;
Make sure you are connect to the Azure SQL database and not to the master database on the Azure SQL logical server.
As per my understanding you are facing an error stating login fails for token-identified principal when trying to connect your Azure ap service managed identity with your Azure SQL Database.
Could you please try the below in order to mitigate the issue.
Make sure System managed Identity status is showing on your app.
on your app service Verify that your connection string under application settings is set to "Server=tcp:.database.windows.net,1433;Database=;"
Allow Azure services and resources to access this server” should be set as Yes in Firewalls and virtual networks settings in your Azure SQL DB, in case it was not set earlier during Azure SQL setup.
Please do let me know if that help mitigate the issue. If not, we will keep working on the same to get you unblock.
Requirement: I wanted to copy data from a specific table/view residing on a on-premise SQL Server to Azure SQL DB.
Infrastructure: As depicted in below picture. Essentially, the Azure network is directly connected with corporate network over Express Route. Thus it's a pure private network connection; as good as the corporate network itself.
Issue/Question: I know there are multiple approaches present to get this operation done and I am not restricted to use ADF copy Data tool only. BUT, for all of these I see some cavets or extra steps needed to be done as below:
ADF Copy Data Tool: Needs a SH-IR and a small MSI package needs to be installed on on-premise machine which hosts the SQL server for registration purpose.
Logic Apps: Needs a Virtual Gateway (OR) ASE
App Service: If the operation is wrapped in a C# application and I choose to deploy to a Azure Web Apps. Then in-order to connect to on-premise SQL Server we need to setup hybrid connection manager and as in #1 we need to install something in on-premise machine.
For my case, none of these extra steps can be done. essentially, the on-premise SQL Server comes under a different BU and thus I don't have any permission there; except they have given grant to a table/view. Thus, none of these extra shitty steps can be done.
Moreover, as mentioned above; since it's connected over express route as direct connection, As can be seen in above picture, both the on-premise and azure SQL are essentially inside the same corporate network. THUS, I should be able to access them directly without configuring any of these extra steps as mentioned above.
Please confirm on these and provide a suggestion.
Thank You.
You can still go with the ADF scenario without a SHIR by creating ADF in a Managed VNET using Private Endpoint. As you already have an ER circuit and have the flexibility to configure the Azure side, can you do this with Azure IR: Access on-premises SQL Server from Data Factory Managed VNet using Private Endpoint - Azure Data Factory | Microsoft Docs
There are 2 solutions which could work for your scenario but even for them to work ,you would need access to on prem SQL server machine access to some extent atleast for one time config and Azure SQL db should be accessible via SSMS installed on on-prem machine.
Using linked server
You can create a linked server ( process explained here https://www.sqlshack.com/create-linked-server-azure-sql-database/ ) on on-prem server and create a agent server job to insert data to azure SQL db table.
Via Python Script
This would need Python installation on on-prem machine. Once installed you can write script to transfer data between on-prem SQL server and Azure SQL db. You can schedule this script again by using an agent server job.
I have an API published to Azure App Services, using ef core, connect to Azure SQL database. below are the steps and the problem:
The Azure SQL database is up and running OK, I setup two firewall rules, one for my local dev ip, one for Azure App. I can connect to Azure SQL from local without any issue, and I have done the migrations.
I copied the connection string from Azure SQL and put in the appsettings.json, running the API from my local and connect to Azure SQL without any issue.
I published my API to Azure App services without any issues, I can see my app running OK since it has static file.
Then I went to Azure App Services => Settings/Configuration => Connection strings, create one new connect string with the same key/value as I used in the appsettings.json, based on the document from Microsoft: https://learn.microsoft.com/en-us/azure/app-service/containers/configure-language-dotnetcore#access-environment-variables
But the problem is after I done these, my API still not working, the api call to SQL return error 500.
Anything I missed or did wrong?
Thanks!
Thanks for the comments CSharpRocks, I did by adding the client ip, but I figured that's not the right way, so resolved by set the "Allow Azure services and resources to access this server" to True, that works.
For Others looking for the answer I had followed the steps above and it still did not work for me. But when I went to Visual Studios --> Publish --> Service Dependency's --> Add Azure SQL Database That fixed it for me.
I created a default ASP.NET web form web site using Visual Studio. By default it contains a .mdf database file, Registration page, Login page and some other pages. Then I host this web application on Azure as a web app.
After that I did several registrations for the web site and I need to see the data (data which i used on registration) on the hosted application.
Is there any way to connect to the database file in Azure? In Azure, I did not set up a connection string. I just publish the app and it manages the database connection itself.
There is nothing inside the "Database" section
It seems that you do not publish your asp.net to Azure with Sql Database correctly. So, you could refer to this article to check if you have deploy database correctly.
As you have published, you could go to the database on Azure portal and choose query editor(preview). Click Login and enter the username and password you have set in Azure Sql server.
Also, you could open Microsoft SQL Server Management Studio to get your database. And you also need to login into the Sql Server as above.
After logining into the sql database, you will see all the data you have insert.
BTY, make sure you have synced the data in local database to Azure Sql Database. For more details, you could refer to this article.
I'm using .net backend for Azure mobile services. I've published the service on the cloud with the publishing profile downloaded from Azure portal.The service gets published successfully. But I'm unable to connect to the service with my windows phone client. I get 500 response from the service. The logs on the portal shows this error
"Exception=System.InvalidOperationException: This operation requires a connection to the 'master' database. Unable to create a connection to the 'master' database because the original database connection has been opened and credentials have been removed from the connection string. Supply an unopened connection. ---> System.Data.SqlClient.SqlException: Login failed for user 'KqRUJJyDGlLogin'."
I'm using web.config transforms and in the Web.Release.config , the connectionstring with name , "MS_TableConnectionString" is pointing to the cloud db.
Is something that I'm missing over here.
Please help.
Thanks
It seems to be a problem with droping and recreating the db.
If you have something like this:
public class MyInitializer: DropCreateDatabaseIfModelChanges<MyContex>
in your WebApiConfig.cs change it to CreateDatabaseIfNotExists...
If you want to change your model, manually drop the tables of your db.
That might not be a perfect solution, but it works for me.