I've been trying to set up my IIS website's connection string to connect to an Azure SQL Database with the following connection string:
<add name="ConnectionString" connectionString="Server=tcp:some.database.windows.net,1433;Database=myDB;Authentication=Active Directory Integrated;" />
The IIS application pool is using a service account which has Azure Active Directory privileges and is added as an user on the Azure SQL Database.
This works fine on my local development machine (probably because it is using my credentials and not a service account) but when I place the site on IIS I get:
System.ArgumentException: Keyword not supported: 'authentication'.
Does anyone know the correct syntax for logging in via Azure AD?
Have you been through this troubleshooting guide, https://azure.microsoft.com/en-us/documentation/articles/sql-database-aad-authentication/#5-configure-your-client-computers?
In particular, do you have .NET Framework 4.6 or later installed?
Related
I have an Azure Web App that accesses my Azure SQL Server database. Until recently (August 2020) the access worked without a problem but now it is not working. When I develop and test the app locally on my machine the read/write to the Azure SQL database is working, just not when I deploy the app to Azure.
I added the Web App’s outbound IP range to the Azure SQL Server firewall settings with no success.
I am using Entity Framework to connect to the database and want to continue doing so.
The error I get is:
"Keyword not supported: 'metadata'."
at System.Data.Common.DbConnectionOptions.ParseInternal
"The underlying provider failed on ConnectionString."
at System.Data.Entity.Core.EntityClient.EntityConnection.ChangeConnectionString
The test that it’s working would be to visit https://www.triviaweb.net/ and see a list of players in the scoreboard.
That connection string is only supported by Entity Framework. Use the below connection string and it should work. If it doesn't then try taking off ;application name=EntityFramework from the connection string.
<add name="Entities" connectionString="data source=tcp:dolaris.database.windows.net;initial catalog={dbname};persist security info=True;user id={user};password={psw};multipleactiveresultsets=True;application name=EntityFramework" providerName="System.Data.EntityClient" />
From what I understand .NetCore no longer uses/needs web.config -- opting instead for appsettings.json.
I have a .NetCore WebAPI that I am trying to host in an Azure WebApp. I've published the API to the WebApp but I keep getting a 500 error. Looking in the Application logs, I can see that the error is:
IIS was not able to access the web.config file for the web site or application.
I'm confused. If .NetCore uses appsettings.json instead of web.config and Azure won't work without web.config, how is one supposed to host a .NetCore app in Azure?
UPDATE
I now realize that this has nothing to do with web.config thanks to #joey-cai pointing me in the right direction.
It appears that Azure did not like my attempt to use Azure Active Directory Authentication in my Connection String. I changed my connection string to simply use SQL Authentication and everything worked. So I guess my question now is, how do I use AAD Authentication for my connection string rather than SQL Authentication.
This SO thread seems to indicate that my connection string was indeed set up correctly for AAD authentication, but I was getting the error:
Keyword not supported: 'authentication'
whenever I used the connection string like so:
Server=tcp:dbname.database.windows.net,1433;Initial Catalog=dbnamesqldb;Persist Security Info=False;User ID={your_username};Password={your_password};MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Authentication="Active Directory Password";
Since the question has now changed, I'm going to create a new post with the new question.
does this mean I must have we.config? If so, can it just be an empty file?
When you deploy the .net core project to Azure, you could go to https://xxxxx.scm.azurewebsites.net and click Debug console> CMD > site > wwwroot > web.config. The web.config will be there.
Try to delete the site in azure and recreat the site in azure. Also, try to run the application that you are deploying by running dotnet MyApp.dll and making sure that works. You need more details as to why it’s having an application issue. This might help. Also consider testing using a self contained application. Also try installing the asp.net core extension on the azure app service.
For more details, you could refer to Deploy ASP.NET Core apps to Azure App Service.
I have created one WEB Api which has some logic to pull data from SQL
server. When i try to get simple string return from Web Api i am
getting it. but when i am trying to get some data from AZURE Sql DB i
am getting NT AUTHORITY\ANONYMOUS LOGON error.
API- WEB API
DB : AZURE Sql with Authentication=Active Directory
Integrated
Anyone faced this problem anytime before. Please suggest.
My suggestion is to use a Azure Active Directory token based authentication. Download samples here for Azure AD .Net WebApi using Azure AD “on-behalf of token” to connect to Azure SQL Database.
The zip file you will download contains an extensive README file describing the whole setup process step-by-step.
Thanks All going through this question. i got resolved this problem.
In order to solve this issue.
I created One separate App pool --> .net Clr Version4.0
Added Identity With Custom Account
Identity --> Custom Account
In Custom account provided the credentials which i have access to DB.
I am working with an mvc5 application in vs 2015.
I am getting errors whenever I attempt to access items from the database
Login failed for user '{your_username}'.
When I go azure portal "allow access to azure services" setting is on with my client Ip address listed.
I think my connection string is not configured correctly. I can't figure out how to correctly configure it on my local machine and with azure.
I have kept my the connection string in my web config to my local server which worked previously:
In my web.config
<add name="IdentityDbContext" connectionString="Data Source=(LocalDb)\MSSQLLocalDB;AttachDbFilename=C:\Users\UserName\EduSmart_db.Mdf; Initial Catalog=EduSmart_db;Integrated Security=True" providerName="System.Data.SqlClient" />
In Azure Portal connection string
Server=tcp:xxxx.database.windows.net,1433;Initial Catalog=Edu;Persist Security Info=False;User ID=Name;Password=Password;MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;
How can I tell which connection string azure is using?
Is there a different problem i have not considered?
How can I tell which connection string azure is using?
Azure use the second connection string. The first one(localdb) just used in your local machine. The server can not get it. You could add Azure Sql connection string name in Context class to specific it.
Is there a different problem i have not considered?
You could check from these ways:
1.The firewall settings in Azure Sql Database. Yo could define a
range of ip address(like ×.×.×.0 to ×.×.×.255) instead of only one ip
address.
2.You could check Azure sql connection string in web.configs file like
this. It works fine on my side.
<connectionStrings>
<add name="ConnectionStringName" providerName="System.Data.SqlClient" connectionString="Data Source=tcp:[databasename].database.windows.net,1433;Initial Catalog=[databasename];Integrated Security=False;User Id=[username];Password=[password];Encrypt=True;TrustServerCertificate=False;MultipleActiveResultSets=True" />
</connectionStrings>
If you use Code First for Azure Sql, you could add related connection string name in Context class:
public ApplicationDbContext(): base("ConnectionStringName")
{
}
3.You could click Tools>Connect to Database>Microsoft SQL
Server>enter your server name, username and password about Azure
Sql. Then click Test Connection button to check whether you could connect successfully.
Besides, you could refer this article to learn how to access Azure Sql in your project locally.
You just need to publish your Web app and database to Azure as explained here.
To publish your web app, right-click the project and select Publish. On the create a site page provide existing SQL Azure server, database and login credentials.
Two database connections will be provided when you publish, one of them is the DBContext. When you publish the Web site with the Wizard data tables are not published.
Since you have configured firewall settings on SQL Azure, to publish the database go to the database project. Right-click the project and select Publish. On the Publish Database dialog, click on Edit and update information regarding the database on Azure. Save the profile and publish the database.
I have an ASP.NET WebForms application which uses EF 4.1 Codefirst.
Running my application the first time creates a new database, tables etc.
Everything has been working fine so far.
But after adding my application as a WebRole to an Azure Project I got an error message when I first hit the database (CREATE DATABASE permission denied in database 'master').
Obviously it makes a difference if I start my application inside the VS Development Webserver or inside the Azure Emulator.
Here is some additional information which I believe could be relevant:
The database does NOT exist when I run the application
Visual Studio 2010 run as Administrator
Trust level of my web role: Full trust
SQL Server service (MS SQL 2008 R2 Express) is up and running
The connection string in my web.config looks like this:
<add name="dbContext" connectionString="server=(local)\SQLEXPRESS;database=myDB;Integrated Security=True;MultipleActiveResultSets=True" providerName="System.Data.SqlClient" />
I also tried using a real user instead of "integrated security". And that user had all possible database roles assigned, including sysadmin, serveradmin etc.
How I can I grant the necessary permissions to my application in order to allow creating a database while running inside the Azure emulator?
Thanks so much for your help!
Azure emulator runs with the credentials of "Network Service" account. You need to add credentials for "Network Service" account on master database.