locked
Connection to SQL Azure client application RRS feed

  • Question

  • Dear all,

    I have setup an SQL azure database that will be accessible from a Desktop client application.

    So that when I need to connect to the database, I need to go to the Admin portal and then allows my current PC IP to the firewall rules tables acess. When this is done my client application is allowed to access the database.

    I am actually accessing the database from a local WCF services hosted as an NT service which have the connection string to the SQL azure database.

    By testing different scenario I have found weird issue and hope you can help on the best way to approach it :

    Question 1 : Client application PC IP adress
    When I distribute my application to a customer which try to run it, it cannot access to the azure database simply because its client IP address PC is not in the list of the firewall on my azure account. As I do not know in advance the IP address of my customer, what is the way to allows the connection automatically ?

    I understand that it can be a security feature in a way to authorize a user or not to the data.

    Question 2 : Connection string password
    Actually the connection string to my SQL azure database is visible in the config file of my Nt service host for my WCF endpoint. The problem is that the password is in clear text here and I would like to avoid that. To solve that issue I guess I have 2 posiibilities :

     - Encrypt the connection string password from my config file, but then how Azure will be able to understand it fro decrypting ?

     - Host my WCF service under azure ? if yes how ? will it be better it terms of performance as well ?

    Thnaks for your feedback and help

    regards 

    Friday, January 24, 2014 11:23 AM

Answers

  • Hello,

    1. SQL Database use server-level firewall to prevents all access to SQL Database server until the client computers have permission.The firewall grants access based on the originating IP address of each request.
    So, you should configure the firewall rule by adding the IP address of the client PC before connect to the SQL Database.

    2. Windows Azure provides a secure certificate store where you can maintain your certificates. After encrypt sensitive data in your configuration files, you can deploy certificate with a key pair to Windows Azure and it can be used for encryption/decryption.

    Reference: Wiki: Windows Azure SQL Database Connection Security

    Regards,
    Fanny Liu


    Fanny Liu
    TechNet Community Support

    • Proposed as answer by Fanny Liu Monday, February 3, 2014 6:13 AM
    • Marked as answer by Fanny Liu Tuesday, February 4, 2014 2:00 AM
    Monday, January 27, 2014 3:18 AM