I've followed the answer to this question: In SQL Azure how what script can I use to create a read only user
I've completed all the steps successfully on the correct server. However, when I try to login to the Azure database, I'm getting the following error:
Login failed for user 'readerUser'.
This session has been assigned a tracing ID of '(some guid)'.
Provide this tracing ID to customer support when you need assistance.
I've tried this in both my ASP.NET website and in my LINQPad, they both give the same error (with different GUIDs). I am trying to connect to the exact same server as my primary login, which can connect perfectly.
I've also checked sys.sysusers system view and readerUser is there as a login.
What could be the reason?
After trying many combinations (and learning better about users, logins, and roles on SQL Azure) I've figured out the issue:
I was trying to login with readerUser, which is just a database user, and I should instead have logged in with the login instance, hence reader (as followed by the answer at the question that I've linked). I've tried logging in with reader and it worked perfectly: logging in, SELECTing anything I want, but not able to write/alter/delete anything.
Related
I've been searching everywhere but it seems as nobody has my problem. I recently created an Azure SQL Database and I have not had luck at all with figuring out what to do with the error 18456. I Many times I've seen the "Just right click the database and go to properties and security" but there is no security. In fact there seem to be a lot of things I don't have when I right click. I barely know anything about any of this though, so I've tried quite a few things. At one point I thought I needed to use the sample adventure works. but that wasn't it. So I'd be really grateful if anyone helped.
[SSMS Version: 16.4.1]
[Azure SQL Database: Server Version 12]
Picture of my properties menu in SSMS(SQL Server Management Studio)
]
Picture of my right click
]
Your error is common, but the way you solve it on-premise or using virtual machines (Infrastructure-as-a-Service, IaaS) is different than how you would solve it for Windows Azure SQL Database (WASD). WASD is a Platform-as-a-Service version of SQL Server. The SQL Instance is logical, so you have to change some of your thought processes. One of the chief ways you'll need to change your thought processes is in how you manage your SQL Databases.
When you're in WASD and you create a database, you're asked to create an administrative username and password. Using that account you can deploy the schema of your database as well as SQL Authenticated Users and permissions. You don't have permission to change the instance's authentication types, that's why you don't see an option for security when you right-click on the instance name and choose properties.
The following steps are how you would create a new LOGIN to allow this new user to authenticate to the virtual instance. After you've created a LOGIN, you then need to create a database USER for this LOGIN. With this USER, you can then assign permissions for what this USER can and cannot do.
Adding Logins for your Windows Azure SQL Database
A few notes before we get started. In the following code anything in angle brackets (< and >) mean this is a variable you can change. So would be the username you want to create for your Entity-Framework application. would be the password you want to use for your .
Use your administrative credentials to connect to your instance. This account has permissions to control everything about your database. When you connect, you should find that by default you've connected to the master database on that instance. If not, use the drop-down at the top of SSMS to change to master. "USE master" will not work.
From this connection, the following T-SQL will create your Entity-Framework's username and password.
CREATE LOGIN [<username>] WITH PASSWORD = '<password>';
At this point, if you were to try and connect to the virtual instance with this and , you could connect to your virtual instance, but not any database on this virtual instance. Your error message would say something like:
The server principal "" is not able to access the database
"" under the current security context....
You need to take at least one more step before this user can connect to your user database.
Now, from that same SSMS script window, change the database to the user database () you're granting access to. This will be the database you want your Entity-Framework application to use. Remember, use the drop-down at the top.
First we will create a database user for the login created in the previous step.
CREATE USER [<username>] FOR LOGIN <username>
Then, we will allow this to connect to your user database , the database you want the Entity-Framework application to use.
GRANT CONNECT TO [<username>]
At this point, your new username can log in to the virtual instance and connect to your user database.
Now, you will need to add any other permissions this user will need. For example, if your will only need read permissions, you could get away with adding the user to the db_datareader database role. Add those permissions now.
Special note about connection and connection strings
Your user is now setup to connect to your user database. That means in SSMS if you try and connect with your Entity-Framework user, there is an extra step to your connection dialog box. Before you click Connect, you have to hit the Options button.
Since your user cannot hit master, you have to tell SSMS you want to connect to the user database first and avoid hitting master. By default, SSMS will try to connect to your SQL instance's master database first.
You have to enter the name of the database in the "connect to database" entry. After you've entered the database, you can then hit connect.
I'll guess that in your application it already had the "Default Catalog=" value set to your user database, and you were able to connect. Setting this value in options is like setting that "Default Catalog=" value.
I hope this helps you in breaking into WASD a little more.
EDITS: attempting to add clarity to the differences between IaaS SQL Server instances and PaaS Windows Azure SQL Database. I previously missed the FOR LOGIN clause on the CREATE USER statement.
So when I initially sign in with Google in my test MVC app, I register, my credentials are saved in the SQL database, and I am signed in just fine. But when I sign out and try to sign back in with the same Gmail account, the program doesn't recognize that I'm trying to sign in with a username that is already registered in the database - so it prompts me back in to the register page, where obviously I can't register because the account is already registered.
This only happened when I switched over from the local db to a SQL db. Everything was working fine on the local database.
Could anyone be so kind as to lend a little guidance? It would be greatly appreciated!
Silly me. I missed something in the Create Table query for the AspNetUsers table. All works well!
TITLE: Connect to Server
Cannot connect to tcp:ohimryXusa.database.windows.net,1433.
ADDITIONAL INFORMATION:
Hello,
I have a SQL Azure database. This database has a username / login that I want to use to access it. When I try to connect to the database by SQL Server Database Management Studio, I receive an error that says:
Cannot open database "master" requested by the login. The login failed.
Login failed for user 'mydbusername'.
This session has been assigned a tracing ID of '00000000-0000-0000-0000-000000000000'. Provide this tracing ID to customer support when you need assistance. (Microsoft SQL Server, Error: 4060)
I have other logins that I can successfully connect to the database with. I tried executing the following on my database, to ensure there was a user:
CREATE USER mydbusername
I receive an error that says:
Msg 15023, Level 16, State 1, Line 1
User, group, or role 'mydbusername' already exists in the current database
I verified the user existed by logging into the master database. Once there, I ran:
SELECT * FROM sys.sql_logins;
I wanted to ensure that 'mydbusername' had access on the database. So I logged in, with a more priveleged account, into my database and ran:
EXEC sp_addrolemember 'db_datareader', 'mydbusername'
EXEC sp_addrolemember 'db_datawriter', 'mydbusername'
EXEC sp_addrolemember 'db_owner', 'mydbusername'
The message said: Command(s) completed successfully.
At this point, we know a) There is a user with the name 'mydbusername'. b) There is a login with the name 'mydbusername'. c) We know that 'mydbusername' has 'db_datareader', 'db_datawriter', and 'db_owner' rights to the database.
I tried logging in via the management screen over the web. I was able to successfully login and execute queries. However, when I try to login via SQL Server Management Studio, I receive the message above. I am using
mydbusername#ohimryXusa for the "Login" field. I've verified that the password is correct. I also verified the Server Name is correct. What am I doing wrong? I really need this because I'm getting the error from my code. Thank you!
login failed is most probably cuased by wrong login/password combination.
Please make sure you are using the existing LOGIN, and not the USER while trying to login! Note that when you want to authenticate with SQL Server, you have to use the LOGIN created and not the USER. You have to find out which LOGIN is your "mydbusername" associated with.
It is good that you have the user, and that user is added to different roles, but a USER without associate login is nothing.
You may want to refer this documentation.
I know this is old thread, but I might help others who are facing the same problem...I created the user in master database without granting any special permissions - This resolved the problem. Looks like in Azure, all users that belong to user databases should also present in master database??!!
Because Azure uses database servers for multiple databases you can't just log into Management Studio (connect to the Object Explorer)
This would give you visibility to everyone's database whose on your same server.
To avoid this, simply close-out of the initial login prompt dialogue you're presented with on start-up and click 'New Query' once it closes.
You'll be prompted to connect - but if you go to connection settings and select your database as the initial catalog you'll be able to script your (and only your) database from there.
No object explorer - but at least you'll be able to directly script your DB.
I am developing a web app that connects to a SQL 2000 database. Everything works perfectly on my database (which is actually SQL 2008) but when I try to migrate it onto another server (that's actually running SQL 2000) I get some strange errors.
I'm getting Login Failed for the username that the web app uses, so I did my normal troubleshooting steps...
I reset the password to what it should be, made sure the user was mapped to the database it's trying to connect to. I connected to the database through Enterprise manager using the user name and password and was able to run queries. I reset the SQL server.
I'm fresh out of ideas other than there might be a place in my app that the password is for some reason getting changed. Is there anyway to see what password the SQL server is seeing? I just want to narrow down my search a little.
Either that or does anyone have any other suggestions on how I might be able to fix this?
EDIT: Also, the web app CAN talk to the database, it hits the database to get login credentials and it can login with no problems. The error is coming up later in the app when I try to get more information from the database, like parameters for a report or an export location.
Thanks in advance!
First, the problem is not that the login failed for a user. From your description, the login succeeded. However, you stated that you later got an exception when trying to access certain objects. This sounds like an authorization/permissions issue with the database user to which the login is associated and the objects it's trying to access. Have you tried connecting to the database using Enterprise Manager and the same credentials used by the site and executing the identical query as the web application?
Possibly your SQL server isn't set to allow remote connections?
EDIT: or your firewall doesnt have the right ports opened?
EDIT2:
If your web script is on the same server as the SQL server, the only thing that i can think of is that you have specified an incorrect password, of if you referenced the old server by name (even though it was localhost) and you have not updated it. If the web script is on a different server, check your firewall ports and ensure the sql server is set to allow remote connectioins.
EDIT3:
Appologies, i didn't see your update before i posted the last edit (EDIT2). Thomas is right, give that a go.
Not sure how you're doing your migration but you may want to make sure your sql user is not getting orphaned:
From - http://www.fileformat.info/tip/microsoft/sql_orphan_user.htm
First, make sure that this is the problem. This will lists the orphaned users:
EXEC sp_change_users_login 'Report'
If you already have a login id and password for this user, fix it by doing:
EXEC sp_change_users_login 'Auto_Fix', 'user'
If you want to create a new login id and password for this user, fix it by doing:
EXEC sp_change_users_login 'Auto_Fix', 'user', 'login', 'password'
I found the problem!
It was actually some lingering queries I had in the app. I started populating some down downs differently and the queries were never removed, as soon as I took those out the errors stopped popping up.
Still it's strange that this would not effect the app on my machine but on this other machine would cause all kinds of havok.
Thank you all for your help and suggestions, it really helped narrow down the problem. Thomas gets the accepted answer though because his suggestion pointed me in the right direction.
I have created a cloud database and was able to connect successfully thru SSMS.
Now I want to create a table in that.
Henceforth after the successful connection ( in am doing thru SSMS) when I am trying to connect to the database i.e. MyFirstCloudDB database which is available in the Available Databases section of SSMS, I am getting the error message " The database MyFirstCloudDB" is not accessible.
What to do now?
EDIT:
I have success accomplished my work.
But what I have done is that after I logged in to my SQL AZURE platform thru SSMs, first I created a database(say myFirstDB).
Then I logged out. Again I connected and this time Under Options->Connect to Database->I typed myFirstDB and then connected.
After that I created a table and inserted some values.
I have included this paras by thinking that if someone like me face the same problem then they can go ahead with this solution.
Thanks for the great support of Mr. Rob Farley for being with me in this journey and also to all the SO members. This forum is really really great (:
Pls help.
You need to login to your new db as your admin login and create a user for your new login. Then try connecting as the new login again.