Managing SQL Azure Logins and Users
To this point, for the sake of simplicity I've used the administrator connection string for both creating the database and reading/writing data in production, but this isn't the best practice. As in other real-world scenarios, you should create a login in SQL Azure that has only permissions for reading/writing data, and then let the application connect to the database via those limited permissions.
Managing users and logins isn't as immediate here as it is for SQL Server. In fact, for SQL Server you just need SQL Server Management Studio, and with a few clicks you can manage users. You can use the same tool for SQL Azure, but you have to manage users manually by writing T-SQL instructions.
I recently discovered an interesting tool called Azure User Management Console, which is an open source project available from CodePlex. With this tool you can easily manage logins and users on your SQL Azure server via a convenient user interface—without writing a single line of T-SQL! Once you've installed the tool, you need to connect to the SQL Azure server. Then you create a login, as shown in Figure 12.
Figure 12 Creating a new login on SQL Azure.
Next, you can create a user with specific permissions for using a database. On the home screen, select Users. When the list of available databases appears, double-click the one you want. The application will ask you to specify a new user name, the login associated with that new user, and the user's permissions (see Figure 13).
Figure 13 Creating a new user on SQL Azure.
Now you need to launch the LightSwitch Publish Application Wizard. In the Data Connections dialog, specify a new connection based on the newly created user. Of course, you also need to republish the application. If you don't want to publish an application with administrator credentials first, you must have an existing database on your SQL Azure server and assign users to it before publishing with LightSwitch.