I am hosting an MVC web application in Azure App Service with Azure AD synching with our on prem AD. I need the app pool to run under a specific account so I can access our on prem SQL Server (via trusted connection). Can anyone point me in the right direction?
Related
We already have an express route configured between azure and our local domain. Local AD is also synced with Azure AD. Azure Function is under a VNet which can access on-premises resources.
The problem is when Azure Function tries to access on-premises SQL using Windows Authentication, it gets the error "Logon Failed" (which proves that the server is accessible but the user doesn't have permission). Event Log shows DWASSVC as the account trying to access DB.
Is there a way we can change the context of Azure Function to run under a specific user which has access to on-Premises SQL DB and any call from Azure Function is generated under that account?
Windows Authentication is not possible on Azure App service platform ( Azure web app, Azure Function).
To access on-prem SQL server, you can use Hybrid connection manager
https://learn.microsoft.com/en-us/azure/app-service/app-service-hybrid-connections
Or Put Azure Function in VNET ( ASE) and then make site to site connection.
we have configured azure active directory pass-through authentication . Need to access on premise resources from the azure deployed application. can we do this by configuring application proxy?. so that on premise application authenticated with azure AD. so the communication between azure application and on premise application be seamless. Is it possible?
I'm not entirely sure if I understand you correctly but what you want is probably possible by using Azure Hybrid Connections: https://learn.microsoft.com/en-us/azure/app-service/app-service-hybrid-connections
You install the Hybrid Connector on-prem, e.g. on a VM, and then for instance an Azure App Service can access certain resources on-prem.
Or for anything more advanced you might want to look at Azure VPN (or ExpressRoute in the long run).
We are planning to setup a multi-tenant azure web api which will be invoke by a client app which is registered as converged app with MSA but now in Azure AD. The client app owner dont have Azure AD on thier side. And the client belongs to different tenant.
Can someone please explain how the client will invoke our azure ad web api as client isn't registered as azure webapp.
We have setup .net core azure webapp
You need to consent to the web API from your client app tenant first. To consent to the web API, you could follow this:
https://login.microsoftonline.com/client-app-tenant/oauth2/authorize?client_id=api-client-id&redirect_uri=api-reply-url&response_type=code&prompt=admin_consent
By this, a service principal will be created in your app tenant for the API, allowing you to assign app permissions to the web API in your app tenant.
I have an on premise desktop application and I need it to hit Web APIs I have living in an App Service Web App (on an App Service Plan) in Azure.
My on premise resources are connected over a site to site VPN and I was wondering if there is a way I can call these Web API services(in an app service) directly over the VPN instead of going to the public endpoint.
The "normal" App Service Plan exists in a multi-tenant environment so this is not possible. You would need to use an ASE (App Service Environemnt) to use advanced networking features like VPN and NSG.
I am running a .NET website web app (App Service) and a separate windows Azure VM running onprem AD Domain controller.There is no connection between onprem AD with Azure AD.I want to access windows VM Active directory (Azure VM) objects under my WebApp/website. Is this possible to access Azure VM Active directory objects through my website ( web app) ? And if yes please suggest the secured way.
Thanks
Consider to use Azure Virtual Network to put your resources (Web App included) into the one virtual network. Then you should be able to query what you need. Tutorial. Or Web Apps Hybrid Connections.