No, azure app service does not support windows authentication (it can not join the ad domain). File stream does support standard security, so this option is available. Sql server acts as a proxy to the files, and uses Sqlserver security to control access.
Authenticating with FILESTREAM SQL Server from Azure App Service
I am currently dealing with an application which is being migrated from on-prem to Azure - this is a .Net Web Application which is planned to be hosted on an Azure Web App resource. Additionally, the application depends on a SQL Server database, which in the cloud will be hosted on an Azure Virtual Machine.
Currently, the application runs under an AD service account and authenticates with SQL Server using Windows integrated security. I am trying to find a definitive answer on the following:
Is it at all possible for an application running from an Azure App Service to use Windows authentication with a SQL Server instance? Or are the only options to use SQL authentication or, provided the server is upgraded to SQL Server 2022, Microsoft Entra ID?
- This database makes use of the FILESTREAM feature which, as I understand, will not work with SQL authentication. If a solution were to be implemented using MS Entra ID authentication, would it be possible to continue using FILESTREAM, or is this feature something that is not possible to use from an App Service-hosted application at all?
2 answers
Sort by: Most helpful
-
-
Sina Salam 12,651 Reputation points
2024-08-26T15:12:36.0333333+00:00 Hello Drew C,
Welcome to the Microsoft Q&A and thank you for posting your questions here.
I understand that you need clarification on your Azure App Service, SQL Server authentication, and FILESTREAM.
SQL Authentication works well with Azure App Service, and it's a good option where you provide a username and password in your connection string. Also, if your SQL Server is upgraded to SQL Server 2022, you can use Microsoft Entra ID authentication, it will allow you to authenticate using Azure AD identities, to provide more secure and manageable authentication. https://learn.microsoft.com/en-us/answers/questions/197436/azure-app-service-windows-ad-authentication-to-on and https://learn.microsoft.com/en-us/azure/app-service/overview-authentication-authorization But, Azure App Service does not natively support Windows Authentication for connecting to an on-premises SQL Server instance.
Secondly, when using Microsoft Entra ID authentication, FILESTREAM is still possible. You will need to ensure that your Azure SQL Managed Instance is configured correctly to support FILESTREAM. This involves setting up the necessary permissions and enabling FILESTREAM on the database. https://learn.microsoft.com/en-us/shows/data-exposed/how-to-use-windows-auth-with-azure-sql-managed-instance-data-exposed and https://learn.microsoft.com/en-us/azure/azure-sql/managed-instance/winauth-azuread-setup?view=azuresql
Lastly, just to let you know that Azure App Service provides built-in authentication and authorization capabilities, that helps you not to worry but focus on your application logic without worrying about the challenges of authentication. https://www.youtube.com/watch?v=g1Mf34arhU8
I hope this is helpful! Do not hesitate to let me know if you have any other questions.
** Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful ** so that others in the community facing similar issues can easily find the solution.
Best Regards,
Sina Salam