Microsoft Azure SQL Database is very similar to on-premises SQL Server, but there are a few key differences. One of these difference is that SQL Azure doesn’t support integrated authentication (i.e. when caller is identified by its domain account). I assume this is a technical limitation which could be explained by the lack of domain infrastructure in Azure cloud. Integrated authentication requires client and server to be in the same domain or in trusted domains, which would be complicated in the cloud scenario.
So, the only way to connect to Azure SQL is to provide a user name and password in connection string. This authentication method is traditionally considered to be less secure than integrated authentication because user name and password are exposed as a part of connection string which in most cases resides in application configuration file, unencrypted. The recommended mitigation for this security issue would be to store Azure SQL connection string in some secure place, like, for example, in Azure Web App settings. In this case, when Azure Web App (formerly – Web Site) is deployed to Azure, Azure settings taking precedence over deployed settings, so if Azure Web App have any stored connection strings then these connection strings will be used.
With AD Join just becoming available I’m sure we’ll be seeing Integrated Security as an option sometime soon.
Great catch! I agree, it may be coming.
“sometime soon”, he said 2.5 years ago