Authenticating with FILESTREAM SQL Server from Azure App Service

Drew C 0 Reputation points
2024-08-26T13:42:14.9333333+00:00

I am currently dealing with an application which is being migrated from on-prem to Azure - this is a .Net Web Application which is planned to be hosted on an Azure Web App resource. Additionally, the application depends on a SQL Server database, which in the cloud will be hosted on an Azure Virtual Machine.

Currently, the application runs under an AD service account and authenticates with SQL Server using Windows integrated security. I am trying to find a definitive answer on the following:

Is it at all possible for an application running from an Azure App Service to use Windows authentication with a SQL Server instance? Or are the only options to use SQL authentication or, provided the server is upgraded to SQL Server 2022, Microsoft Entra ID?

  1. This database makes use of the FILESTREAM feature which, as I understand, will not work with SQL authentication. If a solution were to be implemented using MS Entra ID authentication, would it be possible to continue using FILESTREAM, or is this feature something that is not possible to use from an App Service-hosted application at all?
SQL Server on Azure Virtual Machines
Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
8,040 questions
SQL Server
SQL Server
A family of Microsoft relational database management and analysis systems for e-commerce, line-of-business, and data warehousing solutions.
14,044 questions
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,940 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,237 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Bruce (SqlWork.com) 67,096 Reputation points
    2024-08-26T15:10:38.1233333+00:00

    No, azure app service does not support windows authentication (it can not join the ad domain). File stream does support standard security, so this option is available. Sql server acts as a proxy to the files, and uses Sqlserver security to control access.

    0 comments No comments

  2. Sina Salam 12,651 Reputation points
    2024-08-26T15:12:36.0333333+00:00

    Hello Drew C,

    Welcome to the Microsoft Q&A and thank you for posting your questions here.

    I understand that you need clarification on your Azure App Service, SQL Server authentication, and FILESTREAM.

    SQL Authentication works well with Azure App Service, and it's a good option where you provide a username and password in your connection string. Also, if your SQL Server is upgraded to SQL Server 2022, you can use Microsoft Entra ID authentication, it will allow you to authenticate using Azure AD identities, to provide more secure and manageable authentication. https://learn.microsoft.com/en-us/answers/questions/197436/azure-app-service-windows-ad-authentication-to-on and https://learn.microsoft.com/en-us/azure/app-service/overview-authentication-authorization But, Azure App Service does not natively support Windows Authentication for connecting to an on-premises SQL Server instance.

    Secondly, when using Microsoft Entra ID authentication, FILESTREAM is still possible. You will need to ensure that your Azure SQL Managed Instance is configured correctly to support FILESTREAM. This involves setting up the necessary permissions and enabling FILESTREAM on the database. https://learn.microsoft.com/en-us/shows/data-exposed/how-to-use-windows-auth-with-azure-sql-managed-instance-data-exposed and https://learn.microsoft.com/en-us/azure/azure-sql/managed-instance/winauth-azuread-setup?view=azuresql

    Lastly, just to let you know that Azure App Service provides built-in authentication and authorization capabilities, that helps you not to worry but focus on your application logic without worrying about the challenges of authentication. https://www.youtube.com/watch?v=g1Mf34arhU8

    I hope this is helpful! Do not hesitate to let me know if you have any other questions.

    ** Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful ** so that others in the community facing similar issues can easily find the solution.

    Best Regards,

    Sina Salam


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.