locked
Encrypted Communication - Connecting to Azure directly from Desktop with WPF, EF or ADO.Net RRS feed

  • Question

  • We need to write an invoice management application for a small customer
    We need a shared database. So my first choice would be an Azure SQL Database.
    We don't have a lot of time  and resources, so a WPF application with direct connection to the Azure SQL Database would be the fastest way to develop, for us at least. I know this is possible with Entity Framework or ADO.Net.

    How does a WPF application communicates with Azure through EF or ADO.Net ?
    Are the data and queries encrypted ? I don't want to openly transfer company related info trough the internet.

    thx,

    Gert (Asterinex)

    Wednesday, August 9, 2017 8:13 AM

Answers

  • Hello Stephen, is this secure enough or should a webservice be considered ?
    • Marked as answer by Asterinex Wednesday, August 9, 2017 10:02 AM
    Wednesday, August 9, 2017 9:36 AM
  • Here is a good article to get you started.

    Azure SQL Database Security Overview

    Essentially, you want to (if possible) limit network connectivity via the use of either a logical server or database-level firewall. Then ensure all traffic (in transit) is encrypted using Encrypt=True and TrustServerCertificate=False. Then use logins and standard database permissions (like you would on-premises).

    If you want to force TLS 1.2, you would need to limit TLS 1.0, 1.1 and SSL 1/2/3 at the clients (Azure SQL Database will use the strongest encryption (in transit) the client supports.

    By default (since June 2017) encryption at rest (TDE) is enabled by default on Azure SQL Database.

    Wednesday, August 9, 2017 9:46 AM

All replies

  • Make sure you have Encrypt=True in the connection string.
    Wednesday, August 9, 2017 9:30 AM
  • Hello Stephen, is this secure enough or should a webservice be considered ?
    • Marked as answer by Asterinex Wednesday, August 9, 2017 10:02 AM
    Wednesday, August 9, 2017 9:36 AM
  • Here is a good article to get you started.

    Azure SQL Database Security Overview

    Essentially, you want to (if possible) limit network connectivity via the use of either a logical server or database-level firewall. Then ensure all traffic (in transit) is encrypted using Encrypt=True and TrustServerCertificate=False. Then use logins and standard database permissions (like you would on-premises).

    If you want to force TLS 1.2, you would need to limit TLS 1.0, 1.1 and SSL 1/2/3 at the clients (Azure SQL Database will use the strongest encryption (in transit) the client supports.

    By default (since June 2017) encryption at rest (TDE) is enabled by default on Azure SQL Database.

    Wednesday, August 9, 2017 9:46 AM