Login failed for user '<token-identified principal>'.

Question

Login failed for user '<token-identified principal>'.

Diego Cedeño 0

Hello,

I am encountering the following error when trying to connect via Microsoft Entra Service Principal in SSMS. I

-As Username I am using the Application ID. (I tried with dieguitico0007_hotmail.com#EXT#@dieguitico0007hotmail.onmicrosoft.com but it says it is not registered in the default directory. Which is weird since it is.)

-As a password I am using the secret Value

I am getting this

TITLE: Connect to Server

Cannot connect to managementcasesdb.database.windows.net.

ADDITIONAL INFORMATION:

Login failed for user '<token-identified principal>'. (Microsoft SQL Server, Error: 18456)

For help, click: https://docs.microsoft.com/sql/relational-databases/errors-events/mssqlserver-18456-database-engine-error

BUTTONS:

OK

Instead, If I try this

https://login.microsoftonline.com/common/adminconsent?client_id=your_client_id

I am getting this from the browser

Sorry, but we’re having trouble signing you in.

AADSTS500113: No reply address is registered for the application.

Troubleshooting details

If you contact your administrator, send this info to them.

Copy info to clipboard

Request Id: 24231f08-68b4-4190-8c2a-99b8b88f1e00

Correlation Id: 6b987fb2-48cb-4c0a-b885-402746d89eb8

Timestamp: 2024-12-16T02:29:19Z

Message: AADSTS500113: No reply address is registered for the application.

Flag sign-in errors for review: Disable flagging

If you plan on getting help for this problem, enable flagging and try to reproduce the error within 20 minutes. Flagged events make diagnostics available and are raised to admin attention.

Any help would be appreciated.

Thank you,

Diego Cedeno

Nandan Hegde 36,151 Reputation points MVP Volunteer Moderator

2024-12-16T03:44:30.4566667+00:00

Can you share the screenshot of the SSMS configurations by masking sensitive data?

Also did you provide the database name in the Advanced setting in options within SSMS while trying to connect?
Diego Cedeño 0 Reputation points

2024-12-16T16:25:48.2233333+00:00

Thank you for your response Nandan,

Yes, I entered the database name manually in the Connection Properties.
Diego Cedeño 0 Reputation points

2024-12-16T16:29:04.21+00:00

Hello Nandan,

Thank you for your response.

Sure, I added the database manually in the connection properties.
Diego Cedeño 0 Reputation points

2024-12-16T16:53:30.3633333+00:00

In addition to that. I am trying the same configuration in a Web Assembly application. I am getting the same error.

Microsoft.Data.SqlClient.SqlException

HResult=0x80131904

Message=Login failed for user '<token-identified principal>'.

Source=Core Microsoft SqlClient Data Provider

StackTrace:

at Microsoft.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)

at Microsoft.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, SqlCommand command, Boolean callerHasConnectionLock, Boolean asyncClose)

at Microsoft.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady)

at Microsoft.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)

at Microsoft.Data.SqlClient.SqlInternalConnectionTds.CompleteLogin(Boolean enlistOK)

at Microsoft.Data.SqlClient.SqlInternalConnectionTds.AttemptOneLogin(ServerInfo serverInfo, String newPassword, SecureString newSecurePassword, TimeoutTimer timeout, Boolean withFailover)

at Microsoft.Data.SqlClient.SqlInternalConnectionTds.LoginNoFailover(ServerInfo serverInfo, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance, SqlConnectionString connectionOptions, SqlCredential credential, TimeoutTimer timeout)

at Microsoft.Data.SqlClient.SqlInternalConnectionTds.OpenLoginEnlist(TimeoutTimer timeout, SqlConnectionString connectionOptions, SqlCredential credential, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance)

at Microsoft.Data.SqlClient.SqlInternalConnectionTds..ctor(DbConnectionPoolIdentity identity, SqlConnectionString connectionOptions, SqlCredential credential, Object providerInfo, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance, SqlConnectionString userConnectionOptions, SessionData reconnectSessionData, Boolean applyTransientFaultHandling, String accessToken, DbConnectionPool pool, Func`3 accessTokenCallback)

at Microsoft.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions options, DbConnectionPoolKey poolKey, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningConnection, DbConnectionOptions userOptions)

at Microsoft.Data.ProviderBase.DbConnectionFactory.CreatePooledConnection(DbConnectionPool pool, DbConnection owningObject, DbConnectionOptions options, DbConnectionPoolKey poolKey, DbConnectionOptions userOptions)

at Microsoft.Data.ProviderBase.DbConnectionPool.CreateObject(DbConnection owningObject, DbConnectionOptions userOptions, DbConnectionInternal oldConnection)

at Microsoft.Data.ProviderBase.DbConnectionPool.UserCreateRequest(DbConnection owningObject, DbConnectionOptions userOptions, DbConnectionInternal oldConnection)

at Microsoft.Data.ProviderBase.DbConnectionPool.TryGetConnection(DbConnection owningObject, UInt32 waitForMultipleObjectsTimeout, Boolean allowCreate, Boolean onlyOneCheckConnection, DbConnectionOptions userOptions, DbConnectionInternal& connection)

at Microsoft.Data.ProviderBase.DbConnectionPool.WaitForPendingOpen()

--- End of stack trace from previous location ---

at Microsoft.EntityFrameworkCore.Storage.RelationalConnection.<OpenInternalAsync>d__70.MoveNext()

at Microsoft.EntityFrameworkCore.Storage.RelationalConnection.<OpenInternalAsync>d__70.MoveNext()

at Microsoft.EntityFrameworkCore.Storage.RelationalConnection.<OpenAsync>d__66.MoveNext()

at Microsoft.EntityFrameworkCore.Storage.RelationalCommand.<ExecuteReaderAsync>d__18.MoveNext()

at Microsoft.EntityFrameworkCore.Query.Internal.SingleQueryingEnumerable`1.AsyncEnumerator.<InitializeReaderAsync>d__21.MoveNext()

at Microsoft.EntityFrameworkCore.Storage.ExecutionStrategy.<>c__DisplayClass30_0`2.<<ExecuteAsync>b__0>d.MoveNext()

at Microsoft.EntityFrameworkCore.Storage.ExecutionStrategy.<ExecuteImplementationAsync>d__31`2.MoveNext()

at Microsoft.EntityFrameworkCore.Storage.ExecutionStrategy.<ExecuteImplementationAsync>d__31`2.MoveNext()

at Microsoft.EntityFrameworkCore.Storage.ExecutionStrategy.<ExecuteAsync>d__30`2.MoveNext()

at Microsoft.EntityFrameworkCore.Query.Internal.SingleQueryingEnumerable`1.AsyncEnumerator.<MoveNextAsync>d__20.MoveNext()

at System.Runtime.CompilerServices.ConfiguredValueTaskAwaitable`1.ConfiguredValueTaskAwaiter.GetResult()

at Microsoft.EntityFrameworkCore.EntityFrameworkQueryableExtensions.<ToListAsync>d__67`1.MoveNext()

at Microsoft.EntityFrameworkCore.EntityFrameworkQueryableExtensions.<ToListAsync>d__67`1.MoveNext()

at Management_Cases.Api.Services.ApiUserService.<GetUsersAsync>d__3.MoveNext() in C:\Users\diegu\source\repos\Dieguitico\ManagementCases\1\Management Cases\Management_Cases.Api\Services\ApiUserService.cs:line 38

at Management_Cases.Api.Controllers.UsersController.<GetUsers>d__4.MoveNext() in C:\Users\diegu\source\repos\Dieguitico\ManagementCases\1\Management Cases\Management_Cases.Api\Controllers\UsersController.cs:line 52

at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.AwaitableObjectResultExecutor.<Execute>d__0.MoveNext()

at System.Runtime.CompilerServices.ValueTaskAwaiter`1.GetResult()

at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<<InvokeActionMethodAsync>g__Awaited|12_0>d.MoveNext()

at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<<InvokeNextActionFilterAsync>g__Awaited|10_0>d.MoveNext()
Vijayalaxmi Kattimani 3,410 Reputation points Microsoft External Staff Moderator

2024-12-19T10:06:14.84+00:00

Hi @Diego Cedeño,

We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.

1 answer

Your answer

Nandan Hegde 36,151 Reputation points MVP Volunteer Moderator

2024-12-16T03:44:30.4566667+00:00

Can you share the screenshot of the SSMS configurations by masking sensitive data?

Also did you provide the database name in the Advanced setting in options within SSMS while trying to connect?
Diego Cedeño 0 Reputation points

2024-12-16T16:25:48.2233333+00:00

Thank you for your response Nandan,

Yes, I entered the database name manually in the Connection Properties.
Diego Cedeño 0 Reputation points

2024-12-16T16:29:04.21+00:00

Hello Nandan,

Thank you for your response.

Sure, I added the database manually in the connection properties.
Vijayalaxmi Kattimani 3,410 Reputation points Microsoft External Staff Moderator

2024-12-19T10:06:14.84+00:00

Hi @Diego Cedeño,

We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.

Answer 1

Hi @Diego Cedeño,

Welcome to the Microsoft Q&A Platform! Thank you for asking your question here.

The error "Login failed for user '' (Microsoft SQL Server, Error: 18456)" when attempting to use a Microsoft Entra Service Principal in SQL Server Management Studio (SSMS) typically indicates a misconfiguration in the Microsoft Entra or SQL Server authentication setup.

To resolve this, you need to add an AAD user to the Azure SQL Database. you may also need to change the default database option. By default, SSMS attempts to connect to the Master database, where this AAD user may not exist since AAD users are contained within individual user databases.

Below are links to some parallel threads that may assist you in troubleshooting your issue.

https://learn.microsoft.com/en-us/answers/questions/133709/login-failed-for-user

https://learn.microsoft.com/en-us/answers/questions/1281113/login-failed-for-user-(token-identified-principal)

https://learn.microsoft.com/en-us/answers/questions/1001824/login-failed-for-user-(token-identified-principal)

https://stackoverflow.com/questions/71494736/login-failed-for-user-token-identified-principal/77161216#77161216

Please refer to the below mentioned links for more information.

https://techcommunity.microsoft.com/blog/azuresqlblog/troubleshooting-problems-related-to-azure-ad-authentication-with-azure-sql-db-an/1062991

https://learn.microsoft.com/en-us/azure/azure-sql/database/authentication-aad-configure?view=azuresql&tabs=azure-powershell#create-contained-database-users-in-your-database-mapped-to-azure-ad-identities

I hope, This response will address your query and helped you to overcome on your challenges.

If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

Vijayalaxmi Kattimani 3,410 Reputation points Microsoft External Staff Moderator

2024-12-23T02:18:57.0766667+00:00

Hi @Diego Cedeño,

Just checking in to see if the above answer helped.

If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.
Oury Ba-MSFT 20,926 Reputation points Microsoft Employee Moderator

2025-01-30T00:15:49.7966667+00:00

Diego Cedeño Thank you for reaching out.

Please go through this doc https://learn.microsoft.com/en-us/azure/azure-sql/database/authentication-aad-configure?view=azuresql&tabs=azure-portal#create-contained-database-users-in-your-database-mapped-to-azure-ad-identities to verify if you have properly configured Microsoft entra authentication for your SQL server Database. If the issue is resolve with the help of the community, please don't forget to mark as accept answer wherever information provided were helpful.

Regards,

Oury

Share via

Login failed for user '<token-identified principal>'.

1 answer

Your answer