When a user log in into my application, the credentials are the data for the database (user and password in a doctrine connection configuration). I wrote a AuthenticationProvider. He checks if the user can login with the data. If so, the token with the credentials is stored in the TokenStorage.
Now I overwrote the doctrine ConnectionFactory to add the credentials to the connection data, but the TokenStorage has always no token.
You can find the source code example here: https://github.com/fadoe/playground-dbauth
The login works fine, but when I create the database connection the TokenStorage is empty. I'am logged in as user. Can it be the firewall?
Related
In our application, every user have it's own schema. So what I am doing is creating subdomain for every user. so every user will have unique subdomain.
whenever user try to login with their subdomain url, i will identify subdomain and based on subdomain, i will fetch the database and will do the database accordingly on the way and store in session.
to do this, i am keeping database.php credentails blank.
but problem is that auth doesn't load and it say that can't connect to database.
how can i do it ?
A Database Error Occurred
Unable to connect to your database server using the provided settings.
Filename: controllers/Auth.php
Line Number: 14
hostname=jdbc:snowflake://y.ap-south-1.aws.snowflakecomputing.com/
user=
password=
account=y.ap-south-1
database=DEMO_DB
warehouse=COMPUTE_WH
schema=PUBLIC
this is my connection.properties
Every time i got incorrect username or password was specified
The reason for this error is that you are passing the username coming from Azure AD to Snowflake and expecting it to be authenticated with "snowflake" auth mechanism.
In the connection string, pass the following parameter as well:
authenticator=externalbrowser
What this will do is to open a browser session where you can then authenticate the user from AAD and session will pass the auth check.
We are using SQL server 2014, we update a password for a user login here
we click properties on a given login account and change the password here
we are certain we entering it correctly when we then try to login to the server using the login and password we get the following error
I don't know where else to look and what else to change -- when we do the same process on a different server it works without issue. But here its failing.
Where should we look and what else do we need to troubleshoot. Could it be we don't have access to certain databases, how do we fix this.
These are some of the errors coming through in the system logs
Message
Login failed for user ‘abc’. Reason: Failed to open the explicitly specified database ‘AMS'. [CLIENT---]
Message
Login failed for user 'abc’. Reason: Failed to open the database ‘Budget’ specified in the login properties. [CLIENT: ---]
Message
Login failed for user ‘abc’. Reason: Password did not match that for the login provided. [CLIENT: ----]
You must set a default database where the user AND relative login can access.
Logins are objects with a password
Users are objects, mapped to Logins, added to SQL Server entities.
Under Server -> Security -> Logins
Unser Database -> Security -> Users
Check also if the user is correctly mapped to the login.
To solve your problem you can set the master database as the default for your login.
You can find out more about the error in the SQLServer logs as described here https://learn.microsoft.com/en-us/sql/relational-databases/performance/view-the-sql-server-error-log-sql-server-management-studio?view=sql-server-ver16.
If you are looking for a quick fix to your problem, you can either:
assign more server roles to your login
or grant it an individual permission
use master;
grant CONNECT ANY DATABASE TO <login>;
When I log in to azure portal select my SQL Database -> Tools -> QueryEditor and enter:
ALTER USER MyUser WITH Password = '**********'
I get the error:
Failed to execute query. Error: The parameter PASSWORD cannot be
provided for users that cannot authenticate in a database.
I've created the user in Visual Studio Database Project in MyUser.sql (Build Action=Build):
CREATE USER [My_User] WITHOUT LOGIN WITH DEFAULT_SCHEMA=[dbo];
Why I'm getting the message?
Is it possible to create the User in Database Project so that I will specify the password later (not is source code)?
Your user is not a contained database user that can be authenticated by database. This is because you did not create it with syntax
CREATE USER user_name WITH PASSWORD = 'strong_password';
What you've created is a "traditional" user without login, in "traditional" model user cannot have a password, only the corresponding login can. But your user has no corresponding login as it was created without login, so you cannot change a password at all.
Here you can find more detailes about contained database urers: Contained Database Users
I have a WCF web service that should always use a specific AD account, which has been granted access to the database, to execute SQL transactions. I read a couple of articles, but I'm obviously doing/understanding something wrong because I'm not getting it to work the way I want.
I figured that that web service should impersonate the AD user, so I enabled impersonation in the web service web.config:
<identity userName="dmn\wsusr" password="p#55w0rd" impersonate="true"/>
Then, since I'm technically using a Windows user to connect to SQL, I set the connection string as follows ("Integrated security=true;" for Windows authentication, right?):
Data Source=SQLSVR\INSTNC; Failover Partner=SQLSVR\INSTNC2; Initial Catalog=DB; Integrated Security=true;
For testing the connection I insert some values into a table. One of the columns of the table I'm inserting to has the following definition:
[LogUser] VARCHAR(75) NOT NULL DEFAULT USER
So, theoretically, the AD username of the user who opened the connection will automatically be inserted into the column. Unfortunately, however, the column contains my own AD username every time.
I'm testing the web service via a web site that uses Windows authentication, so I'm assuming that this plays a role in the cause of the problem. But the website authentication should be disregarded since this will be an externally accessible web service and SQL transactions should never rely on authentication between the client and the web service.
Thanks!
EDIT
I also tried:
Adding Trusted_connection to the connection string, but it yielded the same result as above.
Using User ID and Password in the connection string, but since the connection string only accepts SQL users, this resulted in a Login failure error
EDIT2
I suggested to my superiors that we should try the approach where you create a separate application pool for the service, set it up to run as the AD user, and allow the AD user to log on as a service (something I read somewhere) but they're not keen on that and reckon it should be a "last resort"