3

I've been searching everywhere but it seems as nobody has my problem. I recently created an Azure SQL Database and I have not had luck at all with figuring out what to do with the error 18456. I Many times I've seen the "Just right click the database and go to properties and security" but there is no security. In fact there seem to be a lot of things I don't have when I right click. I barely know anything about any of this though, so I've tried quite a few things. At one point I thought I needed to use the sample adventure works. but that wasn't it. So I'd be really grateful if anyone helped.

[SSMS Version: 16.4.1]

[Azure SQL Database: Server Version 12]

Picture of my properties menu in SSMS(SQL Server Management Studio) http://prnt.sc/cpwe3c ]

Picture of my right click http://prnt.sc/cpwh7y ]

Glorfindel
  • 21,988
  • 13
  • 81
  • 109
BrianD
  • 31
  • 1
  • 5
  • So what exactly are you trying to accomplish -- when do you receive that error? I thought that was an authentication error. Does this help to create users: http://stackoverflow.com/questions/19094970/how-do-i-create-a-new-user-in-a-sql-azure-database – sgeddes Oct 04 '16 at 22:25
  • @sgeddes Uh it is I'm learning Entity Framework from this course and when I try to connect it just says login for user '' failed {I'm trying to update database} anyway I tried creating a new user under the same credential but I just got this http://prntscr.com/cpwqnc when I had a problem like this it had to deal with the connection string but I don't really know how to work with these and I try my best to make sense of it, but even so I still am missing a lot of the features other people seem to have. – BrianD Oct 04 '16 at 22:35
  • So I was able to fix the failed login for user problem by copy pasting the connection string from my VS Server Explorer and editing the Password (I really don't know too much about connection strings but that wasn't the main issue)... So I was doing an example of code first workflow so when I was creating a new database it first said timeout but it was created shortly after that but any new databases I add aren't showing up no the object explorer in SSMS, I keep refreshing but no luck. – BrianD Oct 04 '16 at 23:20
  • 1
    you won't see security tab in right clicking the database' – TheGameiswar Oct 05 '16 at 12:32
  • Check the full explanation below, but the thing to keep in mind with user accounts in Windows Azure SQL Database is they are scoped to user databases, not to the server as a whole. Think about it, how many people named Danny may be on the same virtual host as you are? – Shannon Lowder Oct 05 '16 at 18:51
  • Also, something to keep in mind when learning to build applications against databases, and ESPECIALLY when those databases are cloud based, is to use a retry policy. Always assume the connection to your database is going to be down the first time you hit it, or maybe every other time. If you plan for failure in the code, you won't be surprised when your user database migrates from one node to the next! – Shannon Lowder Oct 05 '16 at 18:52
  • @TheGameiswar I know that but what I was getting at is that when people right click it they usually have more options then what I see. (At least that's what I've seen from screenshots) – BrianD Oct 05 '16 at 21:57

1 Answers1

7

Your error is common, but the way you solve it on-premise or using virtual machines (Infrastructure-as-a-Service, IaaS) is different than how you would solve it for Windows Azure SQL Database (WASD). WASD is a Platform-as-a-Service version of SQL Server. The SQL Instance is logical, so you have to change some of your thought processes. One of the chief ways you'll need to change your thought processes is in how you manage your SQL Databases.

When you're in WASD and you create a database, you're asked to create an administrative username and password. Using that account you can deploy the schema of your database as well as SQL Authenticated Users and permissions. You don't have permission to change the instance's authentication types, that's why you don't see an option for security when you right-click on the instance name and choose properties.

The following steps are how you would create a new LOGIN to allow this new user to authenticate to the virtual instance. After you've created a LOGIN, you then need to create a database USER for this LOGIN. With this USER, you can then assign permissions for what this USER can and cannot do.

Adding Logins for your Windows Azure SQL Database

A few notes before we get started. In the following code anything in angle brackets (< and >) mean this is a variable you can change. So would be the username you want to create for your Entity-Framework application. would be the password you want to use for your .

Use your administrative credentials to connect to your instance. This account has permissions to control everything about your database. When you connect, you should find that by default you've connected to the master database on that instance. If not, use the drop-down at the top of SSMS to change to master. "USE master" will not work.

From this connection, the following T-SQL will create your Entity-Framework's username and password.

CREATE LOGIN [<username>] WITH PASSWORD = '<password>';

At this point, if you were to try and connect to the virtual instance with this and , you could connect to your virtual instance, but not any database on this virtual instance. Your error message would say something like:

The server principal "" is not able to access the database "" under the current security context....

You need to take at least one more step before this user can connect to your user database.

Now, from that same SSMS script window, change the database to the user database () you're granting access to. This will be the database you want your Entity-Framework application to use. Remember, use the drop-down at the top.

First we will create a database user for the login created in the previous step.

CREATE USER [<username>] FOR LOGIN <username>

Then, we will allow this to connect to your user database , the database you want the Entity-Framework application to use.

GRANT CONNECT TO [<username>]

At this point, your new username can log in to the virtual instance and connect to your user database.

Now, you will need to add any other permissions this user will need. For example, if your will only need read permissions, you could get away with adding the user to the db_datareader database role. Add those permissions now.

Special note about connection and connection strings

Your user is now setup to connect to your user database. That means in SSMS if you try and connect with your Entity-Framework user, there is an extra step to your connection dialog box. Before you click Connect, you have to hit the Options button.

enter image description here

Since your user cannot hit master, you have to tell SSMS you want to connect to the user database first and avoid hitting master. By default, SSMS will try to connect to your SQL instance's master database first.

enter image description here

You have to enter the name of the database in the "connect to database" entry. After you've entered the database, you can then hit connect.

I'll guess that in your application it already had the "Default Catalog=" value set to your user database, and you were able to connect. Setting this value in options is like setting that "Default Catalog=" value.

I hope this helps you in breaking into WASD a little more.

EDITS: attempting to add clarity to the differences between IaaS SQL Server instances and PaaS Windows Azure SQL Database. I previously missed the FOR LOGIN clause on the CREATE USER statement.

Shannon Lowder
  • 482
  • 3
  • 12
  • I'm sorry for the late reply but I don't think this was very uh specific? at first you tell me to create a login, I do (I don't know necessarily the purpose) you then say go to the actual database and when I do that I try to create a user? But then I grant connect to what? The same username? the login name? I don't get it I tried both and it says I don't have permission or it doesn't exist. I'm not sure what I'm trying to put in grant connect to. :< nothings working. I don't understand. Can you maybe use layman's terms and what exactly is this meaning? – BrianD Oct 07 '16 at 19:05
  • Further reply I ended up creating a user uh somehow by using something called contained user? I did something like this Create user user_name with password = ‘Password’ ALTER ROLE [db_owner] ADD MEMBER [ContainedUser] I also did this: ALTER AUTHORIZATION ON SCHEMA::[db_owner] TO [ContainedUser] still didn't do anything :< I still cannot see security or anything – BrianD Oct 07 '16 at 19:39
  • I was trying to give you all the steps for setting up security for your new user. In the first step, you're setting up a login for the new user. This step will allow your new user to login to the instance. The second step gives that login a database user that can interact with your user database. Let me add in a few more details to the answer and see if I can explain better. – Shannon Lowder Oct 08 '16 at 16:56
  • These steps are a replacement for the security screens you're expecting to see. – Shannon Lowder Oct 08 '16 at 16:57
  • Is [ContainedUser] the you're trying to create and use for your Entity-Framework application? If so, don't use the two ALTER statements you listed above, you would just add the user to the role: sp_addrolemember 'db_owner', 'ContainedUser'; – Shannon Lowder Oct 08 '16 at 17:39
  • Hey Shannon could I maybe ask you a few questions I have about databases because I've been having trouble recently figuring things out and you seem to know your stuff? But it'd be easier to do this like in a pm rather than comment section.. I'm assuming you have an email? Email me at smithlydan5@gmail.com – BrianD Oct 17 '16 at 17:20