客户端在连接到 Azure SQL 数据库时遇到问题

Question

I have built a C# application for my client and I am hosting the database using Microsoft Azure. I found that in order for the client to access the database I need to add their client IP into the firewall configurations. Is there any way that this could be done automatically once they launch the application or if there is another more efficient authentication method which could be used since the application will be download from a website and used by anyone so I would need a method to grant access to anyone who downloads my application. I am fairly new to Microsoft Azure so forgive me if I come off as stupid I just need some advice. Thanks in advance.

Answer 1

There's no way can add the client IP into Azure SQL database firewall automatically.

But you can set the firewall range to allow the all database user connect Azure SQL database from any client IP: set the firewall range from:

0.0.0.0---255.255.255.255

But as @Caurav Mantri mentioned, you must need think about the database security issue to protect the SQL database.

Please reference:

1. ransparent data encryption for SQL Database and Azure Synapse
2. Always Encrypted: Protect sensitive data and store encryption keys in Azure Key Vault

Hope this helps.

Answer 2

1. Programmatically adding each ip address:

   • using tsql:

If you want to add ip address to database firewall programatically, you can run the below stored proecedure in the your Azure database.

sp_set_database_firewall_Rule at MSDN

-- Create database-level firewall setting for only IP 0.0.0.4  
  EXECUTE sp_set_database_firewall_rule N'Example DB Setting 1', '0.0.0.4', '0.0.0.4'; 

• Using Commandline:

You can use SQLCMD.exe to execute stored procedure sp_set_daabase_firewall_rule

• Using ADO.NET: Reference Blog Post

String clientIPAddress = Request.UserHostAddress;
using(SqlConnection sqlConnection = new SqlConnection(ConfigurationManager.ConnectionStrings["SqlAzureMaster"].ConnectionString)) {
 sqlConnection.Open();
 using(SqlCommand sqlCommand = new SqlCommand("sp_set_firewall_rule", sqlConnection)) {
  sqlCommand.CommandType = System.Data.CommandType.StoredProcedure;
  sqlCommand.Parameters.Add("@name", SqlDbType.NVarChar).Value = clientIPAddress;
  sqlCommand.Parameters.Add("@start_ip_address", SqlDbType.VarChar).Value = clientIPAddress;
  sqlCommand.Parameters.Add("@end_ip_address", SqlDbType.VarChar).Value = clientIPAddress;
  sqlCommand.ExecuteNonQuery();
 }
}

2. Refreshing the cache post the firewall rules change

Once, you programmatically add the firewall rules, you have to update the authentication cache which is holding logins, firewall rules for the database.

You need to call below command. DBCC FLUSTHAUTHCACHE on msdn

DBCC FLUSHAUTHCACHE 

Note: Adding range of ip address for a office network:

If your client will be working from an office network, you can get the range of ip addresses for that office network and add them. It will avoid you to add the ip address every time to the database. Database supports 128 IP configurations at a time. Make sure that you are not going beyond 128 limit.