I have created one Web Api project and add entity framewok 6 in this.
and Create the API App in App service in azure portal and publish Web Api project in this app.
everything is working fine but when I removed the Connection string from Web.config file and set connection string in azure app
following this https://social.msdn.microsoft.com/forums/azure/en-US/62b9fa9d-7a4a-4927-a702-3e1e834d5187/azure-web-sites-connection-string-for-ef-not-being-picked-up
is not working.
I have put this dummay connection sting in my web.config file
Please help me what I am doing wrong or there is another approach for API App in azure portal.
Connection string in web config will have " for escaped quotes. you need to change them to '' before adding to azure app services connection string
Related
Before I deploy a function app and functions through PowerShell > ARM template I dynamically get a service bus connection string and update the value in the connection binding in the function.json file. Then I deploy the function app and function.
Deployment works, but the function app returns an error message:
Microsoft.Azure.WebJobs.ServiceBus: Microsoft Azure WebJobs SDK ServiceBus connection string 'Endpoint=sb://sbname.servicebus.windows.net/;SharedAccessKeyName=RootManageSharedAccessKey;[Hidden Credential]' is missing or empty.
The question is: Do we really have to create an application setting on the function app with this connection string in it? Is there no other option than using the app setting?
It feels like storing the connection string in another location than on the service bus would just create another vulnerability.
I am aware that I could define "connection": "RootManageSharedAccessKey_SERVICEBUS" in the function.json file and then create an app setting with that same name, but that's not the way forward I want to go.
Please check if my findings help to:
Instead of storing the Service Bus Connection String directly, you can utilize the Azure Key Vault Service or Azure App Configuration Service.
You can store the confidential values like Connection Strings, Key-value pairs, Client Secrets, Certificate Passwords, etc. in Azure Key Vault.
Assume you have stored the ServiceBus connection string in the Key Vault. That you want to retrieve in the Function App through Application Settings but here in the app setting you can define as:
"connection": #Microsoft.KeyVault(SecretUri=https://myvault.vault.azure.net/secrets/RootManageSharedAccessKey_SERVICEBUS/)
This KeyVault URI cannot be accessed by any other user until they are assigned with System or User Assigned Managed Identity Permission.
Azure App Configuration is a central place where you can manage application settings and secure their accesses in one place. Refer here for more information.
I've been working on this for several days now, and after reading many documentations on this I am absolutely out of ideas.
What I've done so far:
Created three web apps (DEV, UAT, PROD) and switched System Assigned to ON to create a Managed Identity. This also registered the web
applications into the Azure Active Directory.
Registered an application in Azure Active Directory that includes redirect URI to UAT, DEV, Prod, and local URL.
Created Key Vault under the same resource group as the web apps for DEV, UAT, PROD.
Included all four applications in the Access Policy of the Key vault with GET and LIST permissions.
App Service Authentication is set to OFF (app service -> Authentication/Authorization -> OFF). We're using another means of user authentication.
After this setup, the key vault is accessible on localhost but not on the deployed environment. The reason why I believe so is because it's not retrieving the connectionString from the key vault.
I've consumed all sorts of documentation on this including https://learn.microsoft.com/en-us/azure/key-vault/service-to-service-authentication.
Project is .Net Framework 4.7.2
In the code, I have which retrieves my secrets locally but not on deployed:
public static string GetSecret(string SecretName, string vaultURL)
{
var azureServiceTokenProvider = new AzureServiceTokenProvider();
var keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback));
return keyVaultClient.GetSecretAsync(vaultURL, SecretName).Result.Value;
}
Please let me know what it is that I'm missing that's preventing my web app from accessing the key vault.
Make sure that you have updated any information that is specifically related to the local application. For example, if it was working locally and is not working when published, it's possible that there's a reference in the code or in the portal to the localhost environment, and this needs to be updated to the published environment. Sometimes in the app registration people will leave in a reference to the localhost URL and not add the published web page URL both there and in the code.
Also, please share the error that you are receiving.
After some careful debugging, I found out that my issue was actually a relatively simple one. The Key vault granted my web app using the identities, but it was this particular call that had caused my issues: ConfigurationManager.ConnectionStrings[1].Name. The purpose was to get the name of the connectionStrings to feed into my DBContext. Turns out that this didn't return the value I had expected in the production. After some changes the code, the problem is solved!
I am accessing the REST API for Kudu as documented at https://github.com/projectkudu/kudu/wiki/REST-API.
Using the GET /api/settings endpoint I am able to retrieve the application settings configured in the Azure portal, however it does not include the connection strings configured in the Azure portal.
I'm not seeing any other endpoints that would include this information - is there any way to retrieve the connection strings?
There is no Kudu API to do this. However, the recommended approach to get both APp Settings and Connection Strings is to go through the Azure ARM API.
e.g. to get Connection Strings:
POST https://management.azure.com/subscriptions/{sub}/resourceGroups/{rg}/providers/Microsoft.Web/sites/{appname}/config/connectionstrings/list?api-version=2016-08-01
I'm going to deploy a website to Azure using MongoLab, but I got into a bit of confusion.
When I log to MongoLab site I get one Uri, but in the Azure site, if I hit connection string I get a different one. The Azure one is quite long and there is no space for putting user and password.
I get the Azure connection string when I select it in the main management site and hit the Connection Info button below. The other one I see it in the MongoLab site.
Also, I made the MongoLab DB from within the Azure Portal.
The connection string I see in Azure is this
mongodb://AzureAppServiceName:M.qKtufxLrRxv.1SwDBKelfkchdjCe08Cmv79lvTD2I-#ds035747.mongolab.com:port/DBName
And the one in MongoLab site is this:
mongodb://<dbuser>:<dbpassword>#ds035747.mongolab.com:port/DBName
Which one should I use?
I'm wondering that one is for direct connection to MongoLab when there is no restriction of ports whatsoever, such as development, and the other one is to connect when the site is deployed because of internal network restrictions in the Azure infrastructure.
Is this understanding correct?
The connection string provided in the MongoLab UI is a template that can be used when constructing your own URI when you create database users of your own.
When you provision a MongoLab database using the MongoLab addon in the Azure store, MongoLab passes the connection URI we generate to Azure. This pre-generated URI is the one available in the "Connection Info" section of the addon screen.
You can immediately use that URI in the connection info screen as suggested in the Quick Start provided at the top of this article: http://azure.microsoft.com/en-us/documentation/articles/store-mongolab-web-sites-dotnet-store-data-mongodb/. The quick start provides the steps for transferring the addon connection info to the environment variables of an Azure website.
It is also, as other responses suggest, entirely plausible to use that URI elsewhere or to create your own username and password after SSOing to MongoLab (using the URI template at the top of the page to construct a URI of your own).
Don't hesitate to email us at support#mongolab.com directly if you have any questions!
Sincerely,
Eric#MongoLab
You should go with the one provided when you go to the details of your database on the MongoLab site. It should look like this
mongodb://<dbuser>:<dbpassword>#ds048537.mongolab.com:48537/<databasename>
I don't know what kind of connection string Azure is showing you, but the format above works pretty well on Azure.
I'm trying to create an azure mobile services .net back end
i download the source sample from azure web site and try to run it on my computer everything works.
when i publish to azure then entity framework is having problem to connect to azure sql. ( I'm using a new database in an existing server)
the error is permission issue.
Somehow in azure the entity framework is trying to log in with a user YAtdHDYMBgLogin that doesn't exists in my database.
I guess the issue is the new connection string azure mobile services is assign to my code.
Is there anyway to change the user who connect to the db. I can remove the MS_TableConnectionString and put it hard coded on the web.config in release mode but i want to know if there is a way to workaround this issue.
You can do the following:
Add a new "ConnectionString" element to the appSettings element in your web.config:
<add key="ConnectionString" value="<your connection string"/>
Pass this to your db context:
public MyContext() : base(WebConfigurationManager.AppSettings["ConnectionString"]) { }
You can override this in the "app settings" section in the Configure tab in the Azure management portal. Just create a new "ConnectionString" variable and give it the value you want.
When you run your app locally, it will use the value in web.config. When you run it on the instance, it will use the value you configured in the portal.