I have a C# .Net Web API deployed to an Azure App Service, I also have an Azure SQL Database.
In the API I am using Entity Framework to insert into the database, but I keep getting the error message: "The underlying provider failed on open".
(When running the API locally (in debug mode) connecting to a local database it works fine).
Could this be a permissions/firewall configuration problem with the Azure database, or something else?
I have added my current IP address in the "Azure Set Server Firewall", do I need to add the Azure Web API's IP address to the database firewall settings?
This is my API:
public class ProfileController : ApiController
{
[EnableCors(origins: "*", headers: "*", methods: "*")]
[WebMethod]
[HttpPost]
public HttpResponseMessage PostProfile([FromBody] Profile details)
{
var context = new XXXDBEntities();
var query = from c in context.Users
where c.Email.Equals(details.email, StringComparison.CurrentCultureIgnoreCase)
select c;
var emailFound = query.Count();
if (emailFound != 0)
{
return Request.CreateResponse(HttpStatusCode.OK, "There is already an account associated with this email address");
}
else
{
Guid token = Guid.NewGuid();
Users newRow = new Users();
newRow.Token = token;
newRow.FirstName = details.firstName;
newRow.LastName = details.lastName;
newRow.Email = details.email;
newRow.Password = details.password;
context.Users.Add(newRow);
context.SaveChanges();
return Request.CreateResponse(HttpStatusCode.OK, token);
}
}
This is my connection string:
This is the default format for connection strings in .Net Entity Framework, I have only added username, password and changed the data source and catalog fields. Is this correct?
<add name="XXXDBEntities" connectionString="metadata=res://*/XXXDB.csdl|res://*/XXXDB.ssdl|res://*/XXXDB.msl;provider=System.Data.SqlClient;provider connection string="data source=tcp:XXX.database.windows.net,1433;initial catalog=XXXDB;integrated security=True;User ID=XXXXX;Password=XXXXX;MultipleActiveResultSets=True;App=EntityFramework"" providerName="System.Data.EntityClient" />
I have checked your connection string, it seems to be right. So I think your issue may be caused by the model of the SQL Azure is changed, but your project does not update it. Here is the same issue I reproduced on my side:
I would suggest you update your model.
do I need to add the Azure Web API's IP address to the database firewall settings?
We can set Allow access to Azure services as ON in SQL Azure firewall settings. So that we need not to add Azure web API's address.
You need to remove Integrated Security=True from the connection string since you are specifying a username and password.
Related
I have a tabular Azure Analysis Services database with compatibility level 1400. When I connect and try to retrieve the roles using the AMO package the Roles property is always null, the same for the DatabasePermissions property that is mentioned in this answer.
I am using the Tabular.Server and Tabular.Database objects as recommended in the official docs.
I have based my code off this answer and I am connecting using an administrator account.
Proof that roles are setup on the DB that I am accessing:
Inspecting the database object:
Interestingly enough I have two other databases inside the same Azure Analysis Services server and they have the same issue.
My code:
using (Server server = new Server())
{
string serverDomain = "australiasoutheast.asazure.windows.net";
string serverName = "redacteddevpilotv1";
string databaseModel = "PilotV1";
string serverAddress = $"asazure://{serverDomain}/{serverName}";
//string token = await GetAccessToken($"https://{serverDomain}");
//string connectionString = $"Provider=MSOLAP;Data Source={serverAddress};Initial Catalog={databaseModel};User ID=;Password={token};Persist Security Info=True;Impersonation Level=Impersonate";
string connectionString = $"Provider=MSOLAP;Data Source={serverAddress};Initial Catalog={databaseModel};User ID=redacted;Password=redacted;Persist Security Info=True;Impersonation Level=Impersonate";
var t = server.SupportedCompatibilityLevels;
var x = server.Roles;
server.Connect(connectionString);
t = server.SupportedCompatibilityLevels;
x = server.Roles;
Database d = server.Databases.FindByName(databaseModel);
}
The documentation goes into how to add roles not how to retrieve them...
It turns out that instead of accessing roles through database.Roles I need to access them via database.Model.Roles. I'm not sure why this is or if it is documented anywhere but I was put onto this fact by another question.
After doing this I now have access to the ModelRole objects that I want.
I have a WCF service hosted in IIS that is retrieving data from multiple sources (all SQL Server). With each data source, I have to impersonate a different Active Directory user to connect to the database. I am using Entity Framework v6.1.1 for two of the data sources. Integrated Security is set to True in the connection strings, too.
I use the example below to set the impersonated user, where the impersonated user is a System.Security.Principal.WindowsImpersonationContext that I set from configuration:
internal async Task<List<string>> GetItemsByLookupItemsAsync(List<string> lookupItems)
{
var result = new List<string>();
using (var db = new EntityFrameworkDb())
{
var query = from item in db.Table
where lookupItems.Contains(item.LookupColumn)
select item.StringColumn;
var queryResult = new List<string>();
using (GetImpersonatedUser())
{
queryResult.AddRange(await query.ToListAsync());
}
result.AddRange(queryResult.OrderBy(e => e));
}
return result;
}
The problem is that the previous code throws a SqlException saying that the account running the web service can not log on to the database. It appears that when I hit the await I lose the impersonation context.
What are some suggestions to solve this problem?
Set the legacyImpersonationPolicy to false and alwaysFlowImpersonationPolicy to true inside your web.config and restart IIS
<configuration>
<runtime>
<legacyImpersonationPolicy enabled="false"/>
<alwaysFlowImpersonationPolicy enabled="true"/>
</runtime>
</configuration>
I'm using the entity framework in a winforms application.
When i set scsb.DataSource ="localhost" every thing works fine but when i try to connect to onother DB server i got an exception:
"The underlying provider failed on Open."
public DistributionSSEntities1 Connection()
{
var scsb = new SqlConnectionStringBuilder();
scsb.DataSource = "192.168.1.100";
scsb.InitialCatalog = "DistributionSS";
scsb.IntegratedSecurity = true;
//------------------------
EntityConnectionStringBuilder builder = new EntityConnectionStringBuilder();
builder.Metadata ="res://*/Model.Model.csdl|res://*/Model.Model.ssdl|res://*/Model.Model.msl";
builder.Provider = "System.Data.SqlClient";
builder.ProviderConnectionString = scsb.ConnectionString;
DistributionSSEntities1 db = new DistributionSSEntities1(builder.ToString());
return db;
}
Has the remote Sql been setup to allow remote connections? Has the remote Sql been allowed access through the windows firewall... there's so many reasons why it wouldn't connect.
You're using Integrated Security - which may work great for a local Sql; but the network user that your WinForm app is running under must have the correct rights to access the remote box.
I'd suggest to start eliminating possibilities do the following:
Check the Sql logs on the target server. That always has the exact reason why an attemp failed - not the watered down version you get through the exception. (eg. C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Log)
Connect to it using a sql username password - not integrated security to make sure it's not that
Firewall
EDIT
It's important to remember that the error messages return to the client regarding login attempt failures are purposefully obscure or without information - to limit an attacker gaining enough information to improve the attack (see the technet article for proof). So checking the Sql Server logs is a necessity - if your login/connection attempt actually made it to the server.
From Article:
To increase security, the error message that is returned to the client
deliberately hides the nature of the authentication error. However, in
the SQL Server error log, a corresponding error contains an error
state that maps to an authentication failure condition. Compare the
error state to the following list to determine the reason for the
login failure.
public DistributionSSEntities Connection()
{
string ConString = "SERVER=192.168.1.100;DATABASE=DistributionSS;UID=sa;PASSWORD=125;";
SqlConnectionStringBuilder SCB= new SqlConnectionStringBuilder(ConString);
//------------------------
EntityConnectionStringBuilder builder = new EntityConnectionStringBuilder();
builder.Metadata = "res://*/Model.Model.csdl|res://*/Model.Model.ssdl|res://*/Model.Model.msl";
builder.Provider = "System.Data.SqlClient";
builder.ProviderConnectionString = SCB.ConnectionString;
DistributionSSEntities db = new DistributionSSEntities(builder.ToString());
return db;
}
I am trying to connect to a Oracle database by using the Windows Identity Token,
it worked yesterday but today it doesn't and I dont know why.
This is my code:
string ssoConnectionString;
var user = CreateSSOConnectionString(connectionStringBuilder, out ssoConnectionString);
oracleConnectionStringBuilder = new OracleConnectionStringBuilder
{
UserID = user.Identity.Name,
ConnectionString = ssoConnectionString
};
private WindowsPrincipal CreateSSOConnectionString(IConnectionStringBuilder connectionStringBuilder, out string ssoConnectionString)
{
var user = new WindowsPrincipal(WindowsIdentity.GetCurrent());
ssoConnectionString = ConfigurationManager.AppSettings["SSOConnectionString"];
ssoConnectionString = string.Format(ssoConnectionString, connectionStringBuilder.Host);
return user;
}
Connection = new Oracle.DataAccess.Client.OracleConnection();
Connection.ConnectionString = oracleConnectionString.ConnectionString;
Connection.Open(); //Fails on this line
The Code doesn't exactly look like this, but it's the essentials.
The SSO ConnectionString is located in app.config and looks like this:
<add key="SSOConnectionString" value="DATA SOURCE={0};User Id=/;" />
Here is a link showing how Oracle them selves explain how to do it: http://docs.oracle.com/cd/E11882_01/win.112/e18754/featConnecting.htm#i1006432
This is the error message I get:
ORA-1017: invalid username/password; logon denied
I have checked with breakpoints and everything looks fine. I've also searched alot around for this error and most people say it's because of password becoming case sensitive in Oracle version 11g, but I'm not providing any password.
What caused this error was actually a mismatch between the Oracle.DataAccess.dll version and the Oracle Client installed on my machine.
So the error is actually not at all related to the code or connection string in the configuration file.
Check your Oracle Client version by writing "sqlplus" in a command window, check that the Oracle.DataAccess.dll version and target .NET framework version matches.
I am creating 2 projects that have the same database (it's an MDF database). The first one is the map editor, and I use XNA 4 and Web Services to connect to it. The second one is the game itself and uses XNA 3.1 and Entity Data Model to connect database.
When I run the map editor and access the database, it runs properly. Bbut when I run the game and access the database, it shows an error "The underlying provider failed on Open"
I think the connection from the web service is not closed yet. But I don't know where I should close the connection.
Here is my code from the web service:
public Map AddNewMap(string username, string mapName, int sizeX, int sizeY)
{
using (BaseModelDataContext context = new BaseModelDataContext())
{
Map newMap = new Map()
{
Username = username,
Name = mapName,
SizeX = sizeX,
SizeY = sizeY,
Upload_Date = DateTime.Now,
Status = 0
};
context.Maps.InsertOnSubmit(newMap);
context.SubmitChanges(System.Data.Linq.ConflictMode.FailOnFirstConflict);
context.Dispose();
return newMap;
}
}
EDIT:
Here is the entity data model code :
using (MazeEntities ent = new MazeEntities())
{
ent.Connection.Open();
return (from map in ent.Map
select map).ToList<Map>();
}
This code runs properly if I did not use the web service before. If I use the web service first, it shows an error at ent.Connection.Open();
Here is the inner exception:
Cannot open user default database. Login failed.\r\nLogin failed for user 'erkape-PC\erkape'.
Connection string for web service :
connectionString="Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\3DMapDatabase.mdf;Integrated Security=True;Connect Timeout=30;User Instance=True"
Connection string for the game:
"metadata=res:///MazeDataModel.csdl|res:///MazeDataModel.ssdl|res://*/MazeDataModel.msl;provider=System.Data.SqlClient;provider connection string="Data Source=.\SQLEXPRESS;AttachDbFilename=D:\eRKaPe\DropBox\TA\Program\3D_Map_Editor\3DMapEditorServices\App_Data\3DMapDatabase.mdf;Integrated Security=True;Connect Timeout=30;User Instance=True;MultipleActiveResultSets=True"" providerName="System.Data.EntityClient" />
For a quick check, can you try adding the following line after the using:
using (BaseModelDataContext context = new BaseModelDataContext())
{
context.Connection.Open();
OR
context.Database.Connection.Open();
// your code here
Finally I found a way to solve my problem after reading some articles.
The connection from the web service doesn't close automatically after I close the map editor. That is why I can't access my database from the game.
I have to change the connection string from both application, I set the User Instance to False. The game can access the database this way.
Please check the following post
http://th2tran.blogspot.ae/2009/06/underlying-provider-failed-on-open.html
Also please Enable for 32 Bit application in the APplication Pool of that application.
This may resolve.
You are trying to return an object (Map) which is associated with the Context. This object has the context information which can't be returned to the client.
You will need to create your own DataContract (a type having necessary properties) that you want to expose to the client.
Or you can use the POCO implementation As described here