question

MSTechie-7364 avatar image
0 Votes"
MSTechie-7364 asked ·

Azure app service windows ad authentication to on-premises SQL server ?

My on-premises network is connected to Azure network via Express Route , in a hub-and-spoke model.

I have an asp.net application with SQL database on-premises , which i want to move to cloud

From Azure App Service , via Regional Vnet integration enabled, can i communicate with on-premises SQL Server using Windows authentication (AD Authentication) or should i use only SQL authentication ?

Please help.

azure-webappsazure-webapps-vnetazure-webapps-authentication
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

ajkuma-MSFT avatar image
0 Votes"
ajkuma-MSFT answered ·

@MSTechie-7364, Thanks for posting this question.

Windows/Active Directory authentication is not supported on App Service, because you cannot domain join an App Service worker.

However, you could use SQL authentication.
Managed identities in App Service make your app more secure by eliminating secrets from your app( connection strings).
In this tutorial, you will add managed identity to the sample web app you built: Tutorial: Secure Azure SQL Database connection from App Service using a managed identity

  • Enable managed identities and grant SQL Database access to the managed identity

  • Configure Entity Framework to use Azure AD authentication with SQL Database

  • Connect to SQL Database from Visual Studio using Azure AD authentication


Additionally, kindly see this blog for more details.

Hope this helps!

· 4 ·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

My Database is going to remain on-premises . That is the requirement.

Can we connect to on-premises SQL Server from Azure App Service , using Managed identity ?

0 Votes 0 ·

@MSTechie-7364, Thanks for follow-up. I'm discussing with our product team on this (and also to update the docs as necessary), and will get back to you shortly.

0 Votes 0 ·

I received a response from our product team, SQL Server on-prem does not support Managed Identity (this work is in progress). To add clarity I'll update in my post. As I have more information will share here. Thanks again for your feedback, it's much appreciated.

0 Votes 0 ·

To Update: Based on the feedback, we have updated a 'Note' in the Azure documentation as well for additional clarity.
Note: AAD is not supported for on-prem SQL Server, and this includes MSIs - The document will reflect the note/changes within 24 hours.



0 Votes 0 ·