Database Reference
In-Depth Information
Notice also that this section provides a URI link that you can use to browse your SQL Azure data in a
web browser. How nice is that? Highlight it and copy and paste it into something like Notepad; you use
that link in several places later in the chapter, and having it handy will make things much easier. Also in
this section is a link to add a user to your list (discussed shortly).
For the sake of this example, select dbo. You have now OData-enabled your SQL Azure database.
Before you proceed, let's spend a few minutes discussing in more detail anonymous access and the ACS
and how it applies to SQL Azure.
Understanding Anonymous Access
Anonymous access means that authentication isn't needed between the HTTP client and SQL Azure
OData Service. Keep in mind, however, that there is no such thing as anonymous access to SQL Azure. If
you want to allow anonymous access, you must specify a SQL Azure user that the SQL Azure OData
Service can use to access SQL Azure. Figure 7-7 shows how you do that.
Figure 7-7.
Adding an OData user
The SQL Azure OData Service access has the same restriction as the SQL Azure user. Therefore, if the
SQL Azure user being used in SQL Azure OData Service anonymous access has read-only permissions to
the SQL Azure database, SQL Azure OData Service can only read the data in the database.
Depending on the requirements of the application, you may consider creating a read-only user for
your SQL Azure database. The syntax to do that is as follows:
EXEC sp_addrolemember 'db_datareader',
username
Let's talk a moment about ACS and how that applies to SQL Azure.
Understanding the Access Control Service
ACS is part of the Windows Azure AppFabric. It's a hosted service that provides federated authentication
and rules-driven, claims-based authorization for REST based web services, allowing these web services
to rely on ACS for simple username/password scenarios.
In the Community Technology Preview (CTP) of SQL Azure OData Service, it's necessary for you to
sign up for the AppFabric and create a service namespace to be used with the SQL Azure OData Service.
This allows a single user to access SQL Azure OData Service through the Windows Azure AppFabric
Access Control. This user must have the same user id as the database user.
