I am developing a Winforms application (in VS2017 - VB.net) which connects to a Microsoft Azure SQL database by SQL authentication (connection string builder). The plan is to set up a new SQL database for each new customer as it is easier to manage (backups, deleting DB should the customer leave etc). The customer would be set up as a contained user on their database and would be the only one logging onto that database. I will be the only one managing the overview SQL server.
Should the customer be set up in Active Directory instead of sales authentication? I read it is more secure, but not sure if this option is best for my application. There could be many different operating systems, locations, customer domain settings etc. that I would not know in advance. Ideally, my application is generic and each customer would enter in their credentials to connect to their database.
Stay using SQL Authentication, because Azure SQL Authentication is intended for single tenant applications (applications intended to use for a single organization) or for software-as-a-service applications.
In your scenario you can make use of Elastic Pools where you can apply schema changes and upgrade your database with just one elastic job, if all your customer will use the same database schema. This should reduce time and effort of having to deal with many versions of databases for your customers, and having more personnel providing support to the many versions of databases and applications to your customers. Elastic pools only support SQL Authentication.
Related
Good morning,
I am using an asp.net framework with an azure client database.
I am now creating another server on Azure to host databases. On this server, for each customer registering on the website (for which 1 entry is created in my first database), I need to create a database with 8 tables - identical for each customer.
What would be the best thing to map the ASP.NET ID to a new database? Which framework would you recommend?
Thanks
Rather than running a VM where you're going to have to manage a SQL Server installation and write a bunch of code to handle a database per tenant scenario, I highly, highly, highly recommend taking a look at Azure SQL's multi-tenant sharding support. All of this code is already written for you. And it's not that you're paying for one DB per client - check out elastic pooling.
You can read the docs here.
Also note, this option will scale very well.
I have done this three different ways: a database per client where I wrote my own code to manage sharding, a single database with a separate schema per client (a huge pain in the rear), and using Azure SQL sharding support. It's not just the issue of correctly separating client data. You also need to think about querying for reporting across all client databases, and managing schema changes. Under the first two options, if you change a schema, you get to modify N client databases. Azure SQL's sharding tools will manage this for you.
I'm currently creating an SQL database that will eventually be accessed by web applications, both mobile and desktop platforms.
Setting up the SQL database is easy.
What I'm currently having trouble with is how I'm going to allow clients to access to information in the database without having direct access to the database, for security purposes.
For example, let's say I have a list of employees, and I'm creating employee profiles for a mobile application. I would like for the mobile application to be able to use a function such as get(employee_name), which will call the database and retrieve the information about the employee in the form of a JSON.
How would I go about doing this?
To see a very nice solution on using JSON on sql server tables please look at Phil Factors article Consuming JSON Strings in SQL Server at:
https://www.simple-talk.com/sql/t-sql-programming/consuming-json-strings-in-sql-server/
I'm trying to get some advice on how to approach a security architecture on Azure.
Background:
We are looking at building a multi-tenant app on Azure that needs to be extremely secure (personally sensitive data). The app will be accessed by standard browsers and mobile devices.
Security access types:
We have three types of users / access types...
1 - plain old user/password over https is fine, accessing both general, non private SQL plus hosted files
2 - user/pass over https, but need authentication of users via certificates that will be installed on user machines/devices. This level of user will need access to sensitive data which should be encrypted at rest both in database, and also any uploaded files.
3 - same as (2) but with the addition of some two factor authentication (we have used YubiKey for other things - might look towards a phone OTP offering as well)
Most users will only have access to their own tenant databases, however we have "account manager" type users that need access to selected tenant data, therefore we expect that they will need either a copy of one certificate per tenant they serve, or we will have to use some kind of master certificate.
Database type:
From a multi-tenant point of view it seems Azure Federated SQL is a good way to go because (a) we simply write one app with "TenentID" key in each table, and after login, set a global filter that handles the isolate for us (b) we understand that Azure federated SQL actually in the background maintains separate SQL database instances per tenant.(Ref: http://msmvps.com/blogs/nunogodinho/archive/2012/08/11/tips-amp-tricks-to-build-multi-tenant-databases-with-sql-databases.aspx)
Can anyone point to any links or give advice in relation to the approach needed to setup and manage file shares, encryption of SQL and file data at rest, authentication of users etc. (automated management on new user signup pref).
I can't really help on the certificates, but you will indeed need some "master certificate". If you are planning on using Azure website, you can't use your own certificates currently.
Concerning the database setup. SAAS applications build on trust, so you NEVER (EVER) want to be showing or editing the data of using to other users.
Therefore I strongly suggest that you don't use the TenantID for each table. This would leave still the possiblity of an attack by a malicious user or an error by some developer.
The only way to get around these risks are
extensive testing
physical different tables to store each tenant data.
Personally I believe that even with very extensive+automated testing you can't have 100% code coverage against malicious users. I guess I am not alone.
The only way out IMHO is physical different tables. Let's look at the options:
different server: valid, but pretty expensive in azure
different database: valid, less management overhead but same objection as the previous option - expensive if you have a lot of tenants
different schema's: the solution. Think about it...
you only have to manage users and there default schema's
you can back-up schema's using powershell
you can move schema's to other databases with some work
You can still digg into SQL federation if you need to.
the major drawback is that you will need to support database upgrades for each tenant.
Have you read on azure.com any articles about multi-tenancy? http://msdn.microsoft.com/en-us/library/windowsazure/hh689716.aspx
i'm planning to use a combination of entity framework + plain sql access for a large sized project that i'm about to start. its an ASP.NET web application.
for auditing data, i was thinking of creating a user in sql db for every user in membership that i create so that the auditing can automatically track the asp.net logged in user activities. so basically, if i could impersonate as that username for the connection that is used, then sql server will automatically log.
do you know how to implement this in entity framework, i'm fairly new to ef.
if this is not possible, do you know another solution WITHOUT manually including userid in every sql insert/update/delete.
thanks..
That is pretty bad idea. If you want this kind of auditing don't use membership and instead use Windows accounts directly with Kerberos delegation as common in large ERP or CRM systems = each user will have access to the database with his own domain account but it requires very correctly specifying security for the database and it will most probably lead to design without entity framework because you will not want users to be albe to execute queries directly but only to execute stored procedures under their user context.
If your application should be publicly available then this level of auditing is not for you and you must roll your own solution on the application level (not the database level).
Problem
Is it somehow possible to create a Windows Authentication login for a SQL database without performing a check for the user at creation time?
Example
Consider ServerA that exists in our DomainA, and ServerB that exists in the customer's DomainB. Being separate companies, DomainA and DomainB never share resources. But, if we backup from ServerB and restore to ServerA, we are able to see the existing SQL logins for users from DomainB, and even modify and code against these logins. This is good, because we are able to develop the database schema on ServerA and then publish to ServerB.
But, if I want to add a new user for this database, and am working on ServerA in DomainA, the following command produces an error:
CREATE USER [DomainB\User];
Windows NT user or group 'DomainB\User' not found. Check the name again. (Microsoft SQL Server, Error: 15401)
This is bad, because we're no longer able to develop on ServerA using the same schema as ServerB.
Backstory
I'm attempting to bring our database-driven application's database schema into source control using a Visual Studio 2010 Database Project. It's important to me to make this work well enough to convince the boss not to continue using 60-GB database backups in a zip file as a means of 'Version Control' (especially since this is just for schema, and not a backup routine). VS2010 DB Projects use scripting to create/modify databases, and so they can't create WinNT users for an unknown domain. In order to get the boss's buy-off, we're going to have to be able to match the capabilities of restoring a backup, and that means being able to re-create users for domains that we don't have access to.
Using SQL Server 2008 in my case.
Note - DBProjects are best suited to managing and versioning your SCHEMA, not your data.
If you want to keep rolling backups of your SQL databases as a whole, then I'd recommend a decent backup strategy.
If you want to better manage your databases' evolving schemas, then using DBProjects may well be your best bet.
FWIW, if you reverse-engineer a DB into a DBProj, you could then run a script to replace DomainB\known-user with DomainA\known-user prior to deploying within DomainA, no?
No, because SQL needs to know the windows SID (ugly GUID) of the user at the time it's created.
Note that you can, however create a SQL or Windows User with the same name and password as your remote SQL, Machine, or Domain user, and it will be able to log in.