I have an Azure App Service which already connects to a on-premises SQL Server database (VNet Integration is configured). I also need to access an on-premises fileshare, which is currently not working (access denied). How can this be achieved?
I already tried to use the SimpleImpersonation package (https://www.nuget.org/packages/SimpleImpersonation/), but this was not working. I'm not sure if this was package to work from an Azure App Service.
Thanks in advance.
Related
We already have an express route configured between azure and our local domain. Local AD is also synced with Azure AD. Azure Function is under a VNet which can access on-premises resources.
The problem is when Azure Function tries to access on-premises SQL using Windows Authentication, it gets the error "Logon Failed" (which proves that the server is accessible but the user doesn't have permission). Event Log shows DWASSVC as the account trying to access DB.
Is there a way we can change the context of Azure Function to run under a specific user which has access to on-Premises SQL DB and any call from Azure Function is generated under that account?
Windows Authentication is not possible on Azure App service platform ( Azure web app, Azure Function).
To access on-prem SQL server, you can use Hybrid connection manager
https://learn.microsoft.com/en-us/azure/app-service/app-service-hybrid-connections
Or Put Azure Function in VNET ( ASE) and then make site to site connection.
we have configured azure active directory pass-through authentication . Need to access on premise resources from the azure deployed application. can we do this by configuring application proxy?. so that on premise application authenticated with azure AD. so the communication between azure application and on premise application be seamless. Is it possible?
I'm not entirely sure if I understand you correctly but what you want is probably possible by using Azure Hybrid Connections: https://learn.microsoft.com/en-us/azure/app-service/app-service-hybrid-connections
You install the Hybrid Connector on-prem, e.g. on a VM, and then for instance an Azure App Service can access certain resources on-prem.
Or for anything more advanced you might want to look at Azure VPN (or ExpressRoute in the long run).
I have successfully deployed my site into Azure Cloud Services. I would like to see the deployed files in azure portal now. Where I can see these files ? For Azure Web App I can see it from Kudu(mysite.scm.azurewebservices.net).
But how for azure Cloud services ?
There is no exact way you can access files just like web apps via Kudu Console. In order to access Cloud service files, you can enable a Remote Desktop connection in your role during development by including the Remote Desktop modules in your service definition or you can choose to enable Remote Desktop through the Remote Desktop Extension.
For more details, refer to Enable Remote Desktop Connection for a Role in Azure Cloud Services.
I would like to see the deployed files in azure portal now
As far as I know it is not supported by azure portal now. Azure cloud services allow us to remote the could services role, so we could remote the service to get the deployed files. About how to remote the cloud services role please refer to the azure document. We could see the published website under the IIS and we could get the physical path of files on the azure.
More details please refer to the screenshot.
The Architecture Design of Cloud service is different then App Service. Cloud Service is hosted on its own dedicated environment. Cloud Service is NOT hosted on Shared Server like App Service.
When you create package for the Cloud Service. it contains all information of it's roles, Size of roles, number of instances per role and what files needs to be hosted on that role. ( Other information also).
if you have multiple roles in your cloud service. there will be dedicated VM for each instance of the Role. so your files will be placed on each role of that VM.
if you want to change any file from the deployment, you need to change it on all instances.
Remember that if you restart the Cloud Service or Role all changes made in the file will be lost. Cloud Service will restore the old files. ( files at the time of deployment).
you can enable the remote login for roles and check the files.
How to Enable remote desktop for Cloud Service?
if you want to know more about cloud Service check : http://avipatils.blogspot.in/
I am running a .NET website web app (App Service) and a separate windows Azure VM running onprem AD Domain controller.There is no connection between onprem AD with Azure AD.I want to access windows VM Active directory (Azure VM) objects under my WebApp/website. Is this possible to access Azure VM Active directory objects through my website ( web app) ? And if yes please suggest the secured way.
Thanks
Consider to use Azure Virtual Network to put your resources (Web App included) into the one virtual network. Then you should be able to query what you need. Tutorial. Or Web Apps Hybrid Connections.
Is there a way to connect from a web app (azure app service) to a SQL Server VM in Azure using Windows authentication? I'm not exactly sure if I need to impersonate or if the app needs to run under the identity that has access to the DB on the SQL Server.
I believe that you can do this - but you will need to share a Active Directory between the two - or have then in a private network together so that they are in the same broadcast subnet.
If you need to use your own Active Directory the create a network and a VPN to your site.
If you don't need to use Active Directory then use SQL Auth.
Looks like it is not possible, although it may be with Azure SQL. But not a VM running MSSQL. Ref links below.
SQL Server Integrated Security from an Azure Web Site
https://azure.microsoft.com/en-us/documentation/articles/sql-database-aad-authentication/