Reputation: 29
How can multiple clients connect to a Windows Azure SQL Database without adding firewall rules for each client IP address?
I am developing an application and my database is a Windows Azure SQL Database. Can I connect my application which is running on a local machine with my SQL Database? I have to run this application on a number of computers and I can't add each client's IP address on Azure.
Upvotes: 1
Views: 730
Answers (1)
Reputation: 39625
Windows Azure SQL Databases are not ideal for connecting to multiple client devices directly.
The integrated firewall poses an immediate obstacle - it's trying to keep the attack surface on the database to a minimum and having many clients is going to immediately create a problem.
Databases are managed in such a way which causes a higher-than-normal level of connection-interruptions. Clients have to detect "transient" errors and implement a retry policy to deal with this gracefully.
Authentication is limited to username-password. If you want to do any sort of single-sign-on, or support third-party identity sources of identity, a SQL Database can't support it.
It is expected that your client devices will go through some middle-tier application (often running in Windows Azure as well) rather than make direct access themselves. The middle-tier executes database queries and returns the results to the client applications.
This is a typically preferred design, since you can add any authentication and authorisation schemes you need to include, without having to create any additional logins and users in the SQL Database, or frequently configure SQL user permissions.
If you really want to go down the clients-connect-directly route, you have no choice but to add firewall rules to let the clients connect.
You could dynamically create firewall rules using some kind of registration tool that runs when you install the application on your users machine. You can leverage the Windows Azure PowerShell Cmdlets for the job.
If you know your clients are all going to connect from a very specific IP range, you could create a rule to enable the IP range, but that will expose your database to potentially more clients than you want.
Otherwise, you're looking at a network-level solution, which is outside my scope of knowledge and off-topic for StackOverflow.
Upvotes: 3
Related Questions
- How to disable firewall in Azure SQL database?
- How to access Azure SQL Data without setting IP Address in firewall setting? Just By Simply ConnectionString?
- Allowing IP Address through SQL Server Firewall
- Allowing a specific user of Azure SQL Server Database to connect only through a specific IP
- How would I allow a C# Application to connect to an Azure SQL database without having to add the IP address to the firewall every time
- How to use SSMS to connect to a SQL db without firewall rule?
- azure sql server firewall settings
- Configuring Azure SQL Server firewall - is allowing all IP's to connect a red flag?
- Can Azure SQL Logins be restricted to specific IPs?
- Allowing multiple IP address connections to Windows Azure SQL Server