适用于Azure SQL槽VNet的Azure函数连接字符串 [英] Azure function connectionstring for Azure SQL trough VNet

问题描述

我想知道如何通过Azure Function App以安全的方式访问Azure SQL数据库，这意味着不通过公共Internet.

I would like to know how to access my Azure SQL database in a secure way from my Azure Function App, meaning not via public Internet.

我有一个使用VNET/网关集成的功能应用程序(功能应用程序计划-标准层).我已经为Microsoft.SQL指定了服务EndPoint ...我在Azure SQL数据库上启用了虚拟网络访问....

I have an Function App (Function App Plan - standard tier), using VNET/Gateway integration. I have specified a service EndPoint for Microsoft.SQL ... I enabled the Virtual network access on Azure SQL database ....

当Azure函数尝试连接到sql db时，它使用普通"连接字符串，其中包括sql数据库服务器名称作为dns标签，然后出现错误，提示我的IP地址不允许访问.该IP地址是Azure功能应用程序的出站IP地址.

When the Azure function tries to connect to the sql db, it uses the 'normal' connectionstring, which includes the sql database server name as dns label, then I get the error that my ip address is not allowed access. The ip address is the outbound IP address of the Azure function app.

我认为此错误表明功能应用正在尝试通过公共互联网连接到Azure SQL数据库.想法是，此请求应通过VNet到达Azure SQL数据库.

I think this error implies that the function app is trying to connect to the Azure SQL database via public internet. The idea is that this requests should reach the Azure SQL database through the VNet.

我的猜测是连接字符串应该不同.有什么建议吗?

My guess is that the connection string should be different. Any suggestions?

推荐答案

当Azure函数尝试连接到sql db时，它将使用 普通"连接字符串，其中包括sql数据库服务器名称 作为DNS标签，然后我得到错误，我的IP地址是不允许的 访问.

When the Azure function tries to connect to the sql db, it uses the 'normal' connectionstring, which includes the sql database server name as dns label, then I get the error that my ip address is not allowed access.

当我们尝试连接sql数据库时，网络流量将通过Internet . 因为Azure服务资源可以保护到您的虚拟网络.通过完全删除对资源的公共Internet访问，并且仅允许来自虚拟网络的流量，将服务资源保护到虚拟网络可以提高安全性.

When we try to connect the sql database, the network traffic will go through the Internet. Because Azure service resources can be secured to your virtual network. Securing service resources to a virtual network provide improved security by fully removing public Internet access to resources, and allowing traffic only from your virtual network.

像这样，Internet网络流量将无法访问此服务(SQL数据库):

Like this, Internet network traffic will can't access this service(SQL database):

如果要连接Azure函数应用程序和Azure SQL数据库，我们应该在Azure Vnet中部署Azure函数应用程序，我们应该使用App Service Environment进行部署.

If you want to connect Azure function app and Azure SQL database, we should deploy Azure function app in Azure Vnet, we should use App Service Environment to deploy it.

有关App Service环境的更多信息，请参考此文章.

More information about App Service environments, please refer to this article.

这篇关于适用于Azure SQL槽VNet的Azure函数连接字符串的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！