1. Mike Sinclair
  2. PowerServer
  3. Tuesday, 27 August 2024 20:36 PM UTC

I apologize if this is a basic question, or if I leave out significant details, but this is my first time creating a PowerApp.  I did search the forums and the web, but did not find a good answer. 

I am creating a new PowerApp using Powerserver 2022 r3 on Windows 11.  The app works fine running via Kestral/local server.  I have the powerapp project compiled and deployed to a ZIP file that I have passed to the Azure web server admins for deployment to an Azure web server.  It has been deployed, and we can start the app, but I am having trouble nailing down the database settings. 

This application will be available for internal and external users, all of whom login through AD, although the external customers' domains are not trust-affiliated to the domain where the SQL Server resides.

What is the suggested authentication method for the database in this scenario?  The database is running on MS SQL Server 15.0. 

Please let me know if I need to provide any other details.

Thank you,

Mike Sinclair

Guillermo Tamburo Accepted Answer Pending Moderation
  1. Monday, 4 November 2024 13:16 PM UTC
  2. PowerServer
  3. # 1

Mike buenos días, 

 

Tengo un problema y leyendo tu consulta / problema tal vez puedas ayudarme. En mi caso la aplicación se instaló en server IIS y corre perfectamente cuando es LocalHost, baja perfectamente la aplicación y se conecta al sqlserver ya que lo encuentra dentro del mismo ámbito. Hasta acá lo único que tuve que hacer es habilitar un puerto para http.

Ahora para ingresar desde fuera de la oficina también baja la aplicación, pero no me conecta al sqlserver. Según entiendo debería crear en mi aplicación una webapi de conexión, es así ¿?

Habilitar un puerto seria exponerme a hackers por lo tanto averiguando me dijeron que utilice una webapi, pero la verdad no tengo idea como y no encuentro información que me oriente.

También es mi primera aplicación cloud.

 

Cualquier información será de gran ayuda

Saludos.

Comment
There are no comments made yet.
Mike Sinclair Accepted Answer Pending Moderation
  1. Tuesday, 27 August 2024 23:31 PM UTC
  2. PowerServer
  3. # 2

Yes, I see now that I should not use the individual AD account of the user as that would add a lot of overhead with the constant connecting and disconnecting.  A single service account should do the trick.  thank you.  I will work with our DBA to set that up and give it a try.  I will update this post as appropriate. 

Comment
  1. Armeen Mazda @Appeon
  2. Monday, 4 November 2024 15:17 PM UTC
The most common way and that probably makes sense for most customers is to configure SQL Server authentication or Microsoft Entra password authentication (Microsoft renamed AD to Entra) in the PowerServer project. https://docs.appeon.com/ps2025/Selecting_an_authentication_mode.html

If using SQL Server authentication, you could do a single/master username/password or you could enable the dynamic DB connection where SQL Server will receive the LogID/LogPass values from the DBParm in your PowerScript code. https://docs.appeon.com/ps2025/Using_LogID_and_LogPass_properties.html

Regardless what you do with the DB authentication type, you could always add AD authentication at the Web API layer to ensure if AD has not authenticated the user the user cannot even attempt to be authenticated by the database (since database is after the Web API layer). https://docs.appeon.com/ps2025/Using_Azure_Active_Directory_service.html

  1. Helpful
There are no comments made yet.
Francisco Martinez @Appeon Accepted Answer Pending Moderation
  1. Tuesday, 27 August 2024 21:26 PM UTC
  2. PowerServer
  3. # 3

Hi Mike,

Is logging into the database with each of the user's AD identity what you're after?

I'm not quite sure that is possible right now. I found the following in the documentation:

> In installable cloud apps, the Windows Authentication or Active Directory Integrated Authentication mode would use the Windows user account at the web server for authentication by the SQL Server;  

[Source]

I believe that's not what you desire, so there's another approach:

Using Azure AD for Web API authentication.

You would have to use a single DB credential for the Web API's to connect to the database, and then configure AD authentication for your users to connect to the Web API

 

HTH

Regards,
Francisco

 

 

Comment
There are no comments made yet.
  • Page :
  • 1


There are no replies made for this question yet.
However, you are not allowed to reply to this question.
We use cookies which are necessary for the proper functioning of our websites. We also use cookies to analyze our traffic, improve your experience and provide social media features. If you continue to use this site, you consent to our use of cookies.