This project is intended toi help the itinerant developer who need to connect to an Azure SQL Database from multiple locations and/or dynamic IP addresses
The basic idea is to have just one entry for your PC on the firewalls of all the Azure SQL Servers to which you need to connect, and to run a scheduled task frequently to use the API to update the IP address of the firewall rule in necessary.
In the Azure Portal go to the Entra ID blade.
- Create a new App. I called mine Dynamic Firewall Updater.
- Go to Certificates & Secrets, and create one or the other for each user or PC that will run this software. Certificates are better, and there is a PowerShell script in the root of the project to help you create one.
- Grant permissions. I usually go to the individual Azure SQL Server, but you can apply permissions ath the Resopurce Group or even Subscription levels if required. In Access Control (IAM), grant membership of the "SQL Security Manager" role to your new app identity.
I put the binaries in "C:\Program Files\ACS Solutions\DynamicFirewallUpdater\bin".
The app reads configuration from appsettings.json in its own folder, and also from ..\config\appsettings.json, so you can keep your configuration away from the binary deployment folder. Review the template.appsettings.json in the Config folder, and then create your own, plugging in all the guids and names from the Azure Portal.
You'll need the .NET 8.0 Runtime installed. See https://dotnet.microsoft.com/en-us/download
The app writes to a log file, but default in %TEMP%. The configuration is in appSettings.json and uses the Serilog project so you can follow their guidance if you need to change anything.
Run DynamicFirewallUpdater.exe from the command-line.
There's an example scheduled job saved as XML in the root of the project called "Update Azure Firewalls Scheduled Task.xml". Open task scheduler and load that up and it should do the trick.
Raise issues on here if you need help!