Entity Framework with Code First Connection string to a remote database - entity-framework-5

I am working on a local machine (ASP.NET MVC 4 application) but now I want to start using the company's SQL server so I need to change the Connection string in order to connect me to that remote server.
The set up is this:
I have a VPN connection where I use an IP address, can't show the exact IP so let's say - xxx.xxx.xxx.xxx
I have username and password in order to connect to VPN - VPNUsername/VPNPassword
When I use Microsoft SQL Server Management Studio to connect to the remote server I use the same IP that I use to connect to the VPN - xxx.xxx.xxx.xxx
I have different username and password for the SQL Server - SQLUsername/SQLPassword
I have an existing connection string that I use to connect to the server on my PC so I thought it would be enough to just change the parameters there like so :
<add name="ProjectName.DAL.MyDbContext"
providerName="System.Data.SqlClient"
connectionString="Data Source=xxx.xxx.xxx.xxx;
Initial Catalog=DatabaseName;Integrated Security=True;
MultipleActiveResultSets=True;
user id=SQLUsername;password=SQLPassword;App=EntityFramework" />
So the changes from the connection string that works and connects me to my local server are two:
Data Source= xxx.xxx.xxx.xxx - I'm using the IP. Here I wonder if the IP itself is sufficinet. Should I use http://xxx.xxx.xxx.xxx or just IP is ok?
user id=SQLUsername;pasword=SQLPassword - I'm using the same Username and Password as in the Management studio from where I can connect successfully to the remove server by providing the xxx.xxx.xxx.xxx as Server name and using SQLUsername/SQLPassword under SQL Server Authentincation.
So to be clear - under Management Studio I have no problems connecting to the remote server. However, when I change the connection string to what I posted above in my HomeController where I have very simple logic just to check that the call to the database is executed :
private MyDbContext db = new MyDbContext();
//
// GET: /Home/
public ActionResult Index()
{
return View(db.Users.ToList());
}
I get 3 exceptions:
SqlException (0x80131904): Login failed for user 'VPNUsername'
ProviderIncompatibleException: The provider did not return a ProviderManifestToken string.
ProviderIncompatibleException: An error occurred while getting provider information from the database. This can be caused by Entity Framework using an incorrect connection string.
So besides that in my opinion and as the number 3 exception tells that the problem is in the way I'm using the connection string what concerns me is also the Number 1 exception that says that login is failed but not for my SQLUsername but for the VPNUsername. As I said - I'm really using VPN connection and I use the same IP - xxx.xxx.xxx.xxx to connect both to the VPN and the SQL Server(From Management Studio).
Any idea how to resolve this?

Remove Integrated Security=True from your connection string as you're trying to connect with a SQL Server username/password

Related

I am trying to connect to my azure managed instance(configured fail over group) using listener end point from SSMS

I have my data migrated to managed instance and configured fail over group. But not able to connect to my database using SSMS .I have also tried connecting by giving database name in options
Error:
A network-related or instance-specific error occurred while
establishing a connection to SQL Server. The server was not found or
was not accessible. Verify that the instance name is correct and that
SQL Server is configured to allow remote connections. (provider: TCP
Provider, error: 0 - A connection attempt failed because the connected
party did not properly respond after a period of time, or established
connection failed because connected host has failed to respond.)
(Microsoft SQL Server, Error: 10060)
A connection attempt failed because the connected party did not
properly respond after a period of time, or established connection
failed because connected host has failed to respond
Failover group listener endpoint is basically a DNS record pointing to the private IP address of the current primary of failover group. The error message indicates that there is no network path between the client machine running SSMS and managed instance injected into your VNet within your private IP address space.
Given this error message I would expect that you cannot connect from the same client machine even using fully-qualified name of the instance itself.
Do you have P2S, S2S or Express Route established between the two locations?

Connecting Azure WebApp Service to SQL Managed Instance via Private Endpoint

Is it possible to connect an Azure Web App to a SQL Managed Instance via the private endpoint for the MI?
Following the documentation here https://learn.microsoft.com/en-us/azure/sql-database/sql-database-managed-instance-connect-app it seems to be that as long as the web app service is in the same VNET as the managed instance, then the connection should be OK via the private endpoint.
I have enabled VNET integration on the app service so that it is integrated into the same VNET as the managed instance. I have also whitelisted all of the outbound IP addresses for the webapp (including the additional ones) on port 1433 for the MI.
Using the private connection string for the MI, the webapp fails to connect when loading the front end and also when checking the connection string via the diagnostic tools.
Enabling the public endpoint on the MI and whitelisting all outbound IPs on port 3342, the webapp is able to connect straight away with no issues. Switching back to the private endpoint fails again.
The error message received is:
System.Data.SqlClient.SqlException: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server)
Came across this issue as well, a simple restart after the vnet-integration activated the connection for me

Azure Hybrid Connection to HTTP Service

I have created successfully a Hybrid Connection (ServerA) and linked it to my Azure Web App. The status is successfully connected: ServerB:1010 is defined
On My On Premise machine (ServerA) I can connect to a HTTP Service which is running on ServerB:1010 but I can't install the Hybrid Connection Manager on ServerB because of other restrictions.
If I Use WebClient.UploadData('ServerB:1010', data[]) in my Azure Web App I receive following error.
Unable to connect to the remote server ---> System.Net.Sockets.SocketException: An attempt was made to access a socket in a way forbidden by its access permissions.
If I connect to a database server MySql or Oracle which are also accessible from this server I don't have any problems
I have created successfully a Hybrid Connection (ServerA) and linked it to my Azure Web App.
Remove it and add a Hybrid Connection to Server B instead. Install the Hybrid Connection Manager on Server A. The HCM will act as a reverse proxy.
Hybrid Connections do not care which server has the HCM installation as long as that server can reach the DNS name you specify in the New > Hybrid Connection Portal blade.
Example traffic flow for WebClient.UploadData('ServerB:1010', data[]):
Web App ---> Hybrid Connection ---> HCM on Server A ---> 1010/TCP on Server B.
<--- <--- <---
There's an easier way to test. Open the Kudu console and do
tcpping ServerB:1010
CORRECTION: The tcpping test is very misleading since you're handshaking the Azure-end of the Hybrid Connection, not the on-prem application's TCP endpoint. And that may happily reply to you even though the on-prem stuff is not connected. Here's what i mean:
Always test at application layer (e.g. with curl.exe http://webservice.corp.local from the Kudu Console)
You must use names instead of IP addresses. Use the full FQDN to reference ServerA and ServerB both in the Portal setup and in your code. Hybrid Connections work by intercepting DNS calls at OS level and resolving them to the magic 127.0.0.x which is then routed over the Hybrid Connection to on-prem.
TL;DR version:
Instead of
10.10.10.2:1010
use
ServerB.domain.local:1010
both in the Portal setup and when referencing the on-prem host in your code.
Here's what happens if you use an IP Address instead of name:
In Kudu's DebugConsole:
D:\home>nameresolver 192.168.0.4
Server: Default
Non-authoritative answer:
Name: 192.168.0.4
Addresses: 127.0.0.3
D:\home>tcpping 192.168.0.4:80
Connection attempt failed: An attempt was made to access a socket in a way forbidden by its access permissions 192.168.0.4:80
Connection attempt failed: An attempt was made to access a socket in a way forbidden by its access permissions 192.168.0.4:80
Connection attempt failed: An attempt was made to access a socket in a way forbidden by its access permissions 192.168.0.4:80
Connection attempt failed: An attempt was made to access a socket in a way forbidden by its access permissions 192.168.0.4:80
Complete: 0/4 successfull attempts (0%). Average success time: 0ms
D:\home>curl -s 192.168.0.4
This is iisstart.htm from IIS 8.5 on Windows Server 2012 R2, on-prem.
So depending on what APIs you call (APIs that take 192.168.0.4 as FQDN vs IP Address) it kinda works.
You can't use tcpping with Hybrid Connections. It doesn't really tell you anything. All that tells you is that you hit the local socket that will catch your TCP traffic headed to your HC endpoint. It doesn't actually go through the connection.
As far as using an IPv4 address with Hybrid Connections, it can work and yet sometimes it won't. The reason for that is that the feature functions by catching the DNS request. If you are using a client library in your application code that doesn't do a DNS lookup on IP addresses then it won't go over the Hybrid Connection.
The DNS name must resolve to the correct IP address from the host(s) where you have the Hybrid Connection Manager running.
Going to the original question, you need a Hybrid Connection defined for your endpoint of ServerB port 1010. The DNS name used for ServerB must resolve from the host(s) running the HCM. Your HCM needs network access to ServerB port 1010 and to Azure. Your status says Connected which means that your web app can talk to your Hybrid Connection Manager for that endpoint. So, test connectivity from the host running the HCM to your desired host:port endpoint. Use a DNS name if you can. I hope this unblocks you.

Can't connect to azure sql via ssms

I'm trying to connect Azure's SQL database via SQL Server 2008 R2 SP2. I'm using Azure with free trial subscription. I already search everywhere and tried these things:
Allow inbounds and outbounds rule in windows firewall for port 1433
Check that TCP connections in SQL Server Configuration Manager is available and running on port 1433
Create server and database on azure portal and configure its ip allowance
I connect with these settings
Server Type: Database Engine
Server Name: tcp:aaa.database.windows.net,1433 / aaa.database.windows.net
Login: bbb#aaa
Password: xxx
And the error is
"A network-related or instance-specific error occurred while
establishing a connection to SQL Server.
The server was not found or was not accessible. Verify that the
instance name is correct and that SQL Server is configured to allow
remote connections.
(provider: TCP Provider, error: 0 - A connection attempt failed
because the connected party did not properly respond after a period of
time, or established connection failed because connected host has
failed to respond) (Microsoft SQL Server, Error: 10060)"
P.S. I also can't ping xxx.database.windows.net and can't telnet xxx.database.windows.net 1433
Your question is confusing, as you're talking about both SQL Server and SQL Database. But, given the connection strings you mentioned (xxx.database.windows.net) you are definitely talking about SQL Database service, not SQL Server in a VM.
That said: You must allow certain IP addresses to connect to it (this is a built-in part of the service itself). Look at the SQL Database server's Firewall setting:
You'll need to add the IP address of your computer (or IP range), to access SQL Database through your local tools.

Sql instance is not opening in Windows azure

I've deployed my version in windows azure.
After that I've added sql database. When I trying to connect, it doesn't allow from local. So I've clicked on "Set up Windows Azure firewall rules for this IP address" and added ip address. Now working fine when I run from local.
But When I tried to access from the iis8, I got an isssue is,
A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: TCP Provider, error: 0 - No such host is known.)
.Net SqlClient Data Provider.
In local, the same functionality is working fine.
Your server running IIS8 needs to be added to the firewall just like you did with your local machine, you can do this either using the Management Portal or you can connect to your SQL Azure instance from your local machine and run:
exec sp_set_firewall_rule N'IIS8 Webserver','X.Y.Z.0','X.Y.Z.0';
Where the first arguments is name of this firewall rule and X.Y.Z.0 is the public ip of your IIS8 Webserver.
The reason its specified two times is that you can specify a range of IP's.
More info here

Resources