Client having issues connecting to Azure SQL Database
Question
I have built a C# application for my client and I am hosting the database using Microsoft Azure. I found that in order for the client to access the database I need to add their client IP into the firewall configurations. Is there any way that this could be done automatically once they launch the application or if there is another more efficient authentication method which could be used since the application will be download from a website and used by anyone so I would need a method to grant access to anyone who downloads my application. I am fairly new to Microsoft Azure so forgive me if I come off as stupid I just need some advice. Thanks in advance.
2 answers
solution1
2 2020-04-23 01:27:00
There's no way can add the client IP into Azure SQL database firewall automatically.
But you can set the firewall range to allow the all database user connect Azure SQL database from any client IP: set the firewall range from:
0.0.0.0---255.255.255.255
But as @Caurav Mantri mentioned, you must need think about the database security issue to protect the SQL database.
Please reference:
- ransparent data encryption for SQL Database and Azure Synapse
- Always Encrypted: Protect sensitive data and store encryption keys in Azure Key Vault
Hope this helps.
solution2
2 ACCPTED 2020-04-23 03:01:52
Programmatically adding each ip address:
- using tsql:
If you want to add ip address to database firewall programatically, you can run the below stored proecedure in the your Azure database.
sp_set_database_firewall_Rule at MSDN
-- Create database-level firewall setting for only IP 0.0.0.4
EXECUTE sp_set_database_firewall_rule N'Example DB Setting 1', '0.0.0.4', '0.0.0.4';
- Using Commandline:
You can use SQLCMD.exe to execute stored procedure sp_set_daabase_firewall_rule
- Using ADO.NET: Reference Blog Post
String clientIPAddress = Request.UserHostAddress;
using(SqlConnection sqlConnection = new SqlConnection(ConfigurationManager.ConnectionStrings["SqlAzureMaster"].ConnectionString)) {
sqlConnection.Open();
using(SqlCommand sqlCommand = new SqlCommand("sp_set_firewall_rule", sqlConnection)) {
sqlCommand.CommandType = System.Data.CommandType.StoredProcedure;
sqlCommand.Parameters.Add("@name", SqlDbType.NVarChar).Value = clientIPAddress;
sqlCommand.Parameters.Add("@start_ip_address", SqlDbType.VarChar).Value = clientIPAddress;
sqlCommand.Parameters.Add("@end_ip_address", SqlDbType.VarChar).Value = clientIPAddress;
sqlCommand.ExecuteNonQuery();
}
}
2. Refreshing the cache post the firewall rules change
Once, you programmatically add the firewall rules, you have to update the authentication cache which is holding logins, firewall rules for the database.
You need to call below command. DBCC FLUSTHAUTHCACHE on msdn
DBCC FLUSHAUTHCACHE
Note: Adding range of ip address for a office network:
If your client will be working from an office network, you can get the range of ip addresses for that office network and add them. It will avoid you to add the ip address every time to the database. Database supports 128 IP configurations at a time. Make sure that you are not going beyond 128 limit.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.