Using windows azure connect - azure

Is it possible for an asp.net mvc web api deployed on azure to connect to on premise db using windows authentication?

To achieve what you want, you have to:
Domain Join your WebRole
Programmatically set AppPool credentials to a user who has access to the local DB.

Related

Azure Function to use Windows Authentication for On-Premises SQL DB

We already have an express route configured between azure and our local domain. Local AD is also synced with Azure AD. Azure Function is under a VNet which can access on-premises resources.
The problem is when Azure Function tries to access on-premises SQL using Windows Authentication, it gets the error "Logon Failed" (which proves that the server is accessible but the user doesn't have permission). Event Log shows DWASSVC as the account trying to access DB.
Is there a way we can change the context of Azure Function to run under a specific user which has access to on-Premises SQL DB and any call from Azure Function is generated under that account?
Windows Authentication is not possible on Azure App service platform ( Azure web app, Azure Function).
To access on-prem SQL server, you can use Hybrid connection manager
https://learn.microsoft.com/en-us/azure/app-service/app-service-hybrid-connections
Or Put Azure Function in VNET ( ASE) and then make site to site connection.

Azure Mobile App targeting Linux database

Is it possible to use xamarin forms and azure Azure Mobile Service to sync data online/offline but with the database hosted on a linux server outside the Azure platform?
No, you can’t use On-prem database hosted on Linux server with Azure Mobile App.
For windows server, you can use Hybrid Connection to achieve this scenario: https://github.com/Azure/azure-mobile-services/blob/master/docs/mobile-services-dotnet-backend-hybrid-connections-get-started.md.
But Hybrid Connection client is not yet available for Linux Server.

Azure App Service Web App access to VM

I am running a .NET website web app (App Service) and a separate windows Azure VM running onprem AD Domain controller.There is no connection between onprem AD with Azure AD.I want to access windows VM Active directory (Azure VM) objects under my WebApp/website. Is this possible to access Azure VM Active directory objects through my website ( web app) ? And if yes please suggest the secured way.
Thanks
Consider to use Azure Virtual Network to put your resources (Web App included) into the one virtual network. Then you should be able to query what you need. Tutorial. Or Web Apps Hybrid Connections.

Connect Azure app service to SQL Server VM using Windows auth?

Is there a way to connect from a web app (azure app service) to a SQL Server VM in Azure using Windows authentication? I'm not exactly sure if I need to impersonate or if the app needs to run under the identity that has access to the DB on the SQL Server.
I believe that you can do this - but you will need to share a Active Directory between the two - or have then in a private network together so that they are in the same broadcast subnet.
If you need to use your own Active Directory the create a network and a VPN to your site.
If you don't need to use Active Directory then use SQL Auth.
Looks like it is not possible, although it may be with Azure SQL. But not a VM running MSSQL. Ref links below.
SQL Server Integrated Security from an Azure Web Site
https://azure.microsoft.com/en-us/documentation/articles/sql-database-aad-authentication/

Azure AD Domain Services Single-sign-on with Application Proxy using KCD

I have connected an Azure VM with Azure AD Domain Services. I am trying to set up sso for IIS web app which authenticates users using Integrated Windows.
I have followed the guide to setup the Application Proxy and I am stuck at Delegating KCD. https://azure.microsoft.com/en-us/documentation/articles/active-directory-application-proxy-sso-using-kcd/
Has anyone tried to authenticate users with Integrated Windows Authentication via Azure AD SSO?
This is not possible as in Azure AD Domain Services you don't have access to the domain controller so you can't configure KCD for the connector.
Disclaimer - I worked in the App Proxy team :-)

Resources