We are migrating an ASP.NET application onto Azure. Target state selected as Cloud Service Web role to host application component and Database onto Azure SQL/SQL Database. Currently the application is configured onto Kerberos in the source environment. Please let me know if Kerberos can be configured onto Target Environment without any issues.
Are they any specific steps to be done for Kerberos to work?
Yes, but you have to use Azure Active Directory. This method of authentication is in preview atm and only available for Azure SQL v12. There's possibly a lot of steps involved for your scenario from populating your Azure AD to setup your application. Check these references:
Integrating your on-premises identities with Azure Active Directory
Azure SQL Database security guidelines and limitations
Connecting to SQL Database By Using Azure Active Directory Authentication
Related
When setting up a Data Migration Project, migrating from SQL database to Azure SQL Database in Azure Portal, I can only see the option to connect to the Target database using SQL Login Authentication Type.
I expect to see more options - like Azure AD integrated Mode.
I am in Azure AD Group assigned as SQL Admin on the Azure SQL Server.
Is any other Authentication Type supported for the target Azure Server?
If others are support, what do I need to do to get them to be available in the Authentication Option for the target server?
Thank you
The following tutorial spells out that only SQL Logins are currently supported:
https://learn.microsoft.com/en-us/azure/dms/tutorial-sql-server-to-azure-sql#specify-target-details
I have been trying to find out some nodejs code in order to connect from my nodeJs application to Azure SQL db via Azure AD authentication. But this will involve only my email Id. I don't have any Azure AD app as this will be from an email ID. I usually login onto my Azure SQL DB using my email Id and choosing the option 'Azure Active Directory-Universal with MFA' from MSSMS. Is there any way that we can replicate this from Code in NodeJs
If you want to Use Azure Active Directory authentication for your Azure SQL database, you must configure Azure AD for it.
Please ref this tutorial: Configure and manage Azure AD authentication with Azure SQL
SSMS and SqlPackage.exe are the only tools currently enabled for MFA through Active Directory Universal Authentication.
For your question "Is there any way that we can replicate this from Code in NodeJs", the answer is no, there isn't. Node.js only support these types:
authentication.type
Type of the authentication method, valid types are default, ntlm,
azure-active-directory-password, azure-active-directory-access-token,
azure-active-directory-msi-vm, or azure-active-directory-msi-app-service
Ref: https://tediousjs.github.io/tedious/api-connection.html
HTH.
We have easily sent up our AD with Azure SQL which now we can login and run queries, etc... with SSMS. Now we would like to set our apps in Azure App Services to run as an AD user. This would be to mimic IIS apps using an application pool that's is running as an AD user. I have not found a clear blog or step by step guide on how to do this. any help would be greatly appreciated.
UPDATE:
This is specifically to be able to connect to the database using AD Credentials and not using SQL Credentials.
Azure Active Directory authentication for SQL Database or SQL Data Warehouse supports the following methods of connecting to a database using Azure AD identities( refer here):
Using integrated Windows authentication
Using an Azure AD principal name and a password
Using Application token authentication
And the scenario you mentioned is not support. We can create an application in Azure AD and using the token authentication for this scenario. More detail about Azure AD authentication, you can refer the link below:
Configure and manage Azure Active Directory authentication with SQL Database or SQL Data Warehouse- Azure AD token
In addition, if you have any idea or feedback about Azure SQL database, you can submit them from here.
In our current on-prem world we rely on Windows authentication. Each IIS app pool runs under identity of a service account. And this service account has dbo permissions on sql database. How can I establish this similar (i know same is not possible) security model for Azure PaaS website?
I referred MSDN link which talks about sql authentication however I couldn't find anything relevant to my scenario in there. Any ideas on how others are dealing with this?
Have you looked at using Azure Active Directory and then integrated this with your Azure SQL Database? https://learn.microsoft.com/en-us/azure/sql-database/sql-database-control-access-aad-authentication-get-started
I developed a native app which sync Active directory using Azure graph api and the AD data is consumed by web and mobile apps. It is working fine.
But now my client wants to use same app for AD syncing purpose in another server which is may be windows server 2008 or below. Which is not support Azure platform as per clients technical team.
My question is that is there any way can I use same app without using azure platform or can is there any way can I use AD graph API in windows server? In else case I will need to do development from the scratch using LDAP.
Thanks in Advance
Currently, there is no way to "deploy" neither the Azure AD Graph nor the Microsoft Graph such that you can leverage the same code for on prem and the cloud. As you've indicated, you will need to either have two apps or have a fork in your code to call the Graph when running with Azure AD and do LDAP queries when running purely on prem.