I have a website deployed to Azure App Service which connects to MS SQL Server 2019 database. There are two instances of the database for the 2 environments (UAT and Production). At the moment, the application connects to both databases using SQL Server Authentication and it's working fine. Note following:
- The UAT version of database is on an on-premise MS SQL Server 2019 instance (but accessible to App Service through networking).
- The Production version of database is on an MS SQL Server 2019 instance installed on an Azure VM (note, this is NOT an Azure SQL Database rather a normal SQL Server instance).
I want to modify my Azure App Service to get rid of SQL Server Authentication and connect to these SQL Servers using Windows Authentication (or a similar Authentication method). We do have Azure Active Directory setup and working properly.
Based on my research so far, Azure App Service can use Managed Identities to connect to an Azure SQL Database, but in my case the MS SQL Server instances are managed by us (UAT is on-premise, Production is installed on an Azure VM). Any ideas how can I achieve this for the 2 environments?
I can see a post from August last year ( Does Azure Managed Identity support on-prem MS SQL Database? ) which says it's not possible but I wanted to check if any progress has been made since then.
1条答案
按热度按时间agxfikkp1#
I got all excited when Kerberos was added to AAD, but while it does now allow us to access Windows file shares from Azure it sadly doesn't allow access to on-prem SQL Server. That's according to our own PoC and our friends at Microsoft.
Our Microsoft friends have however pointed us to this, which would require you to upgrade to the latest version of SQL Server and also use Azure Arc: https://learn.microsoft.com/en-us/sql/relational-databases/security/authentication-access/azure-ad-authentication-sql-server-overview?view=sql-server-ver16