My Web API stops responding to requests for no reason on CentOS 7

2024-06-25 15:26:51 浏览数 (1)

To connect a .NET web application to an Azure Database for PostgreSQL Flexible Server using Managed Identity, Azure does indeed support this, though the setup is slightly different from using traditional connection strings with user credentials.

Steps to Connect using Managed Identity

  1. Enable Managed Identity for your Web App:
    • In the Azure Portal, navigate to your Web App.
    • Under the "Settings" section, select "Identity".
    • Turn on the System-assigned managed identity.
  2. Grant Access to PostgreSQL Flexible Server:
    • Navigate to your PostgreSQL Flexible Server.
    • Under "Settings", select "Identity and access management (IAM)".
    • Add a role assignment to your Web App’s managed identity. The role you assign should be "Azure PostgreSQL Flexible Server Contributor" or a custom role that grants sufficient permissions.
  3. Configure PostgreSQL to Accept Connections from Managed Identity:
    • Ensure your PostgreSQL Flexible Server is configured to accept connections from Azure AD.
    • You will need to set up Azure AD authentication for your PostgreSQL server.

Connection String for Managed Identity

For a .NET application to connect using Managed Identity, the connection string won't directly include the username and password. Instead, it will use Azure.Identity to obtain a token.

Here's an example using Npgsql (the .NET data provider for PostgreSQL):

  1. Install Npgsql and Azure.Identity: shell复制代码dotnet add package Npgsql dotnet add package Azure.Identity
  2. Code Example to Connect: csharp复制代码using System; using System.Threading.Tasks; using Azure.Identity; using Npgsql; class Program { static async Task Main(string[] args) { var connectionString = "Host=postgreserverweu-prod.postgres.database.azure.com;Database=postgres;Port=5432;Ssl Mode=Require;"; var tokenCredential = new DefaultAzureCredential(); var tokenRequestContext = new Azure.Core.TokenRequestContext(new[] { "https://ossrdbms-aad.database.windows.net/.default" }); var token = await tokenCredential.GetTokenAsync(tokenRequestContext); var npgsqlConnectionStringBuilder = new NpgsqlConnectionStringBuilder(connectionString) { Username = "<your-postgresql-username>", // Use your AAD username here Password = token.Token }; using var connection = new NpgsqlConnection(npgsqlConnectionStringBuilder.ToString()); connection.Open(); using var command = new NpgsqlCommand("SELECT NOW()", connection); var reader = command.ExecuteReader(); while (reader.Read()) { Console.WriteLine(reader.GetString(0)); } } }

Key Points:

  • Replace <your-postgresql-username> with your Azure AD username.
  • DefaultAzureCredential will automatically use the managed identity of the web app when running in Azure.
  • The token request context should target "https://ossrdbms-aad.database.windows.net/.default", which is the resource ID for Azure Database for PostgreSQL.

Documentation and Further Reading

Unfortunately, the specific documentation for PostgreSQL Flexible Server using Managed Identity might be sparse. The general principle is similar to other Azure services. You can refer to the following resources for more details:

  • Using Managed Identity with Azure Database for PostgreSQL
  • Azure Identity Library for .NET

By following these steps and using the provided code sample, you should be able to connect your .NET web application to Azure Database for PostgreSQL Flexible Server using Managed Identity without hardcoding any credentials.

腾讯技术创作特训营S7

0 人点赞