Securely Connect a Web App to Azure SQL Database Using Private Link

45 minutes
  • 3 Learning Objectives

About this Hands-on Lab

Azure App Service and Azure SQL Database include features that enable secure and private connectivity across a virtual network.

In this hands-on lab, we’ll use the Azure portal to set up and connect a new Azure SQL Database for an existing web app. Then we’ll configure App Service VNet integration, Private Link, and Azure SQL firewall rules to ensure connectivity is secure.

The company you work for has recently engaged a third-party security consultancy. Management has been provided a report of high-priority security issues that must be addressed.

One identified issue — Azure SQL Databases used by web apps in your organization does not have network security configured.

You’ve been asked to perform a proof of concept to demonstrate how Private Link and App Service VNet integration can be configured to address this risk.

In order to perform this proof of concept, you will need to:

* Deploy a new Azure SQL Database
* Configure and connect the database to an existing web app
* Configure VNet integration for the web app
* Configure Private Link and the firewall for the database
* Confirm the web app is still working

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Create a New Azure SQL Database

The following are general guidelines for the tasks you should complete in the Azure portal:

  1. Create a new Azure SQL Database
    • You will need to create a new SQL Database server and the name must be unique
    • You must configure SQL authentication and you must remember the password for a later objective
    • You must use the Basic tier and set the data max size to the lowest value
Configure the Database for the Web App

The following are general guidelines for the tasks you should complete in the Azure portal:

  1. Ensure the SQL firewall rules allows both Azure services and resources to access this server and Client IP.

  2. Setup the schema for the database by executing the following SQL command:

    CREATE TABLE [Todo] (
          [ID] int NOT NULL IDENTITY,
          [Description] nvarchar(max) NULL,
          [CreatedDate] datetime2 NOT NULL,
  3. Configure a new connection string for the web app

  • You must use the name MyDbConnection
  • You can find the connection string from the settings of your new database
  • You must change the value of {your_password} in the connection string

Step 4. Browse to the web app, and ensure you can create a new To Do Task

Configure Private Connectivity
  1. Configure VNet integration for the web app using one of the existing VNet subnets
  2. Configure Private Link for Azure SQL using the other existing VNet subnet
  3. Block all public access to Azure SQL
  4. Confirm the web app still works

Additional Resources

Log in to the Azure portal by right-clicking Open Azure Portal, and selecting the option to open it in a new private browser window (this option will read differently depending on your browser — e.g., in Chrome, it says "Open Link in Incognito Window"). Then, sign in using the credentials provided on the lab page.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?