Azure: Did You Know? No Integrated Authentication in SQL Azure

The IT Leader's Guide to Multicloud Readiness

This guide provides practical key insights and important factors to consider to make informed decisions in your multicloud journey.

Download the Guide

Microsoft Azure SQL Database is very similar to on-premises SQL Server, but there are a few key differences. One of these difference is that SQL Azure doesn’t support integrated authentication (i.e. when caller is identified by its domain account). I assume this is a technical limitation which could be explained by the lack of domain infrastructure in Azure cloud. Integrated authentication requires client and server to be in the same domain or in trusted domains, which would be complicated in the cloud scenario.
So, the only way to connect to Azure SQL is to provide a user name and password in connection string. This authentication method is traditionally considered to be less secure than integrated authentication because user name and password are exposed as a part of connection string which in most cases resides in application configuration file, unencrypted. The recommended mitigation for this security issue would be to store Azure SQL connection string in some secure place, like, for example, in Azure Web App settings. In this case, when Azure Web App (formerly – Web Site) is deployed to Azure, Azure settings taking precedence over deployed settings, so if Azure Web App have any stored connection strings then these connection strings will be used.