Share via

Connecting to an on-premise SQL Server from a Function App.

Jonathan Farmer 96 Reputation points
2025-08-27T07:54:35.69+00:00

I am working on a project that requires me to connect to an on-premise SQL server. When in production we will have private Azure connection but for development I am connecting to the local LAN via a VPN connection.

I am using this connection string in the code.

string connectionString = "Server=<servername\AAAAAA>;Database=<database>;User Id=<username>;Password=<password>;Trusted_Connection=True;TrustServerCertificate=True;";

When I try to connect I get the following error.

Exception: System.Data.SqlClient.SqlException (0x80131904): Failed to generate SSPI context.

I can authenticate successfully using SQL Service Management Console locally on my machine using the same details. Anyone what is going wrong with connecting in the code?

Azure Functions
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Pashikanti Kumar 5 Reputation points Microsoft External Staff Moderator
    2025-08-28T09:32:05.73+00:00

    Hi Jonathan Farmer,

    Thank you for posting your question in the Microsoft Q&A forum

    Here are the reasons why the “Failed to generate SSPI context” error might occur -

    Your connection string includes Trusted_Connection=True.

    That means you’re asking SQL Server to use Windows Authentication (Kerberos/NTLM) instead of SQL Authentication.

    When you run locally (on your machine + VPN + domain login), it works, because your machine has a valid domain identity that SQL Server can trust.

    But when your Azure Function App runs, it does not have a domain identity. Azure can’t impersonate your AD user → so Kerberos handshake fails → SSPI context error.

    Updated connection string:

    string connectionString = "Server=<servername>\AAAAAA;Database=<database>;User Id=<sql_username>;Password=<sql_password>;TrustServerCertificate=True;";

     

    Update your connection string to remove Trusted_Connection=True and just use the SQL credentials

    Yes, it is possible to connect to onprem SQL from the azure function. You can refer to (Hybrid Connections in Azure App Service - Azure App Service | Microsoft Learn) document to create the hybrid connection and how it works.

    The hybrid connection is not supported in Consumption Plan and works with Windows OS for azure function with other plans as mentioned in (Azure Functions networking options | Microsoft Learn) article.

    You need to create the function app under the app service plan.

    Reference URL

    https://learn.microsoft.com/en-us/azure/azure-functions/functions-networking-options#matrix-of-networking-features

    Cannot generate SSPI context when connecting to SQL Server - SQL Server | Microsoft Learn

    Remove Trusted_Connection=True and use SQL Authentication instead. That will eliminate the SSPI error.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.