How to fix code throwing exception : Microsoft.Data.SqlClient.SqlException: 'Login failed for user '

Question

How to fix code throwing exception : Microsoft.Data.SqlClient.SqlException: 'Login failed for user '

Krishna Basavaraj K S 20

Hi All,
I'm encountering an issue while trying to connect to an Azure SQL Database using Microsoft Entra Authentication (formerly Azure AD). I am using DefaultAzureCredential in my .NET application to authenticate and retrieve the access token, but while the token is successfully generated, I am getting the following error during authentication:

Error encountered:
*"Microsoft.Data.SqlClient.SqlException: 'Login failed for user '

NIKHILA NETHIKUNTA 4,600 Reputation points Microsoft External Staff

2025-01-03T07:03:52.0833333+00:00
@Krishna Basavaraj K S
Thank you for the question and for using Microsoft Q&A platform.

As per my understanding you're encountering issues while trying to connect to an Azure SQL Database using Microsoft Entra Authentication.

Based on the information you've provided, it seems that you've done most of the necessary configurations for Microsoft Entra Authentication to work. However, there are a few things that you might want to check:

Make sure that the Azure SQL Server is configured to accept Microsoft Entra Authentication. You can do this by checking the "Authentication method" setting in the Azure portal. It should be set to "Azure Active Directory".

Check that the user you're using to authenticate (#@xxx) has been added to the SQL Server's Active Directory admin list. You can do this by going to the "Active Directory admin" setting in the Azure portal and making sure that the user is listed there.

Check that the user you're using to authenticate has been granted the necessary permissions in the SQL Server. You can do this by checking the user's permissions in the SQL Server's "sys.database_principals" table.

Make sure that the SQL Server's firewall settings are configured to allow traffic from the IP address you're using to connect.

If you've checked all of these things and are still encountering issues, it's possible that there might be an issue with the token itself. In this case, you might want to try generating a new token and see if that resolves the issue.

https://learn.microsoft.com/en-us/azure/azure-sql/database/authentication-aad-configure?view=azuresql&tabs=azure-portal
https://learn.microsoft.com/en-us/sql/connect/odbc/using-azure-active-directory?view=sql-server-ver16
https://learn.microsoft.com/en-us/azure/azure-sql/database/authentication-aad-overview?view=azuresql

I hope this helps! Let us know if you have any other questions.
krishna basavaraj savasuddi 95 Reputation points

2025-01-03T07:41:29.0066667+00:00
@NIKHILA NETHIKUNTA Thank you for your detailed response! I appreciate the suggestions and want to provide evidence for the points mentioned, as well as highlight additional checks I’ve performed.

Microsoft Entra Authentication enabled & Active Directory admin set: I have verified in the Azure portal that the "Authentication method" is configured for Microsoft Entra Authentication and that the user Krishnak_anthology.com#EXT#@CampusNexusCloud.onmicrosoft.com is set as the Active Directory admin. Please find the screenshot attached:

Additional checks performed:

IAM Role Assigned: The user has been assigned the SQL DB Contributor role at the resource level.

Database User Created: The user has been successfully created in the database and is mapped to roles db_datareader and db_datawriter.

Firewall Configured: The Azure SQL Server firewall is configured to allow traffic from my current IPv4 address.

I’ve also ensured that the access token is being generated using DefaultAzureCredential in my application code.

Could you please confirm if, by "Authentication method set to Azure Active Directory," you meant ensuring the "Microsoft Entra Authentication only" option is selected? Also, is there any additional setting or configuration I might have missed for external users?

Looking forward to your guidance!

PS: my official ID got suspended from community therefore using this Mail ID to respond to the thread.
Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
NIKHILA NETHIKUNTA 4,600 Reputation points Microsoft External Staff

2025-01-06T08:27:20.2+00:00

@Krishna Basavaraj K S
I agree that this issue looks strange and I wasn't able to reproduce this issue. If you have a support plan could you please file a support ticket for deeper investigation and do share the SR# with us? In case if you don't have a support plan please let us know here.
NIKHILA NETHIKUNTA 4,600 Reputation points Microsoft External Staff

2025-01-08T07:12:19.52+00:00

@Krishna Basavaraj K S
We haven’t heard from you on the last response and was just checking back to see if you got a chance to create a support ticket. In case if you have any resolution, please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.

Accepted answer

2 additional answers

Your answer

NIKHILA NETHIKUNTA 4,600 Reputation points Microsoft External Staff

2025-01-03T07:03:52.0833333+00:00

@Krishna Basavaraj K S
Thank you for the question and for using Microsoft Q&A platform.

As per my understanding you're encountering issues while trying to connect to an Azure SQL Database using Microsoft Entra Authentication.

Based on the information you've provided, it seems that you've done most of the necessary configurations for Microsoft Entra Authentication to work. However, there are a few things that you might want to check:

Make sure that the Azure SQL Server is configured to accept Microsoft Entra Authentication. You can do this by checking the "Authentication method" setting in the Azure portal. It should be set to "Azure Active Directory".

Check that the user you're using to authenticate (#@xxx) has been added to the SQL Server's Active Directory admin list. You can do this by going to the "Active Directory admin" setting in the Azure portal and making sure that the user is listed there.

Check that the user you're using to authenticate has been granted the necessary permissions in the SQL Server. You can do this by checking the user's permissions in the SQL Server's "sys.database_principals" table.

Make sure that the SQL Server's firewall settings are configured to allow traffic from the IP address you're using to connect.

If you've checked all of these things and are still encountering issues, it's possible that there might be an issue with the token itself. In this case, you might want to try generating a new token and see if that resolves the issue.

https://learn.microsoft.com/en-us/azure/azure-sql/database/authentication-aad-configure?view=azuresql&tabs=azure-portal
https://learn.microsoft.com/en-us/sql/connect/odbc/using-azure-active-directory?view=sql-server-ver16
https://learn.microsoft.com/en-us/azure/azure-sql/database/authentication-aad-overview?view=azuresql

I hope this helps! Let us know if you have any other questions.
krishna basavaraj savasuddi 95 Reputation points

2025-01-03T07:41:29.0066667+00:00

@NIKHILA NETHIKUNTA Thank you for your detailed response! I appreciate the suggestions and want to provide evidence for the points mentioned, as well as highlight additional checks I’ve performed.

Microsoft Entra Authentication enabled & Active Directory admin set: I have verified in the Azure portal that the "Authentication method" is configured for Microsoft Entra Authentication and that the user Krishnak_anthology.com#EXT#@CampusNexusCloud.onmicrosoft.com is set as the Active Directory admin. Please find the screenshot attached:

Additional checks performed:

IAM Role Assigned: The user has been assigned the SQL DB Contributor role at the resource level.

Database User Created: The user has been successfully created in the database and is mapped to roles db_datareader and db_datawriter.

Firewall Configured: The Azure SQL Server firewall is configured to allow traffic from my current IPv4 address.

I’ve also ensured that the access token is being generated using DefaultAzureCredential in my application code.

Could you please confirm if, by "Authentication method set to Azure Active Directory," you meant ensuring the "Microsoft Entra Authentication only" option is selected? Also, is there any additional setting or configuration I might have missed for external users?

Looking forward to your guidance!

PS: my official ID got suspended from community therefore using this Mail ID to respond to the thread.
Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
NIKHILA NETHIKUNTA 4,600 Reputation points Microsoft External Staff

2025-01-06T08:27:20.2+00:00

@Krishna Basavaraj K S
I agree that this issue looks strange and I wasn't able to reproduce this issue. If you have a support plan could you please file a support ticket for deeper investigation and do share the SR# with us? In case if you don't have a support plan please let us know here.
NIKHILA NETHIKUNTA 4,600 Reputation points Microsoft External Staff

2025-01-08T07:12:19.52+00:00

@Krishna Basavaraj K S
We haven’t heard from you on the last response and was just checking back to see if you got a chance to create a support ticket. In case if you have any resolution, please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.

Answer 1

krishna basavaraj savasuddi 95

@NIKHILA NETHIKUNTA , Since I am using dotnet framework 4.8, the solution was to specify the authentication as Active Directory Default within the connection string and also remove the unwanted below code as its taken care internally.

var credential = new DefaultAzureCredential();

var tokenRequestContext = new TokenRequestContext(new[] { "https://database.windows.net/.default" });

var token = credential.GetToken(tokenRequestContext);

connection.AccessToken = token.Token;

Erland Sommarskog 121.4K Reputation points MVP Volunteer Moderator

2025-01-08T21:39:52.59+00:00

I note that you had to create a new profile, since your original was suspended. I have resurrected it, so you could log with that profile and accept the post above as the Answer.

I also note that you have several cases of duplicate posts. This forum is quite often late in showing posts, but they do show up. I post quite a lot, and I don't think I ever encounter that posts are lost entirely. So need to post a second time.

Answer 2

krishna basavaraj savasuddi 95

@NIKHILA NETHIKUNTA Since I am using dotnet framework 4.8, the solution was to specify the authentication as Active Directory Default within the connection string and also remove the unwanted below code as its taken care internally.

var credential = new DefaultAzureCredential();

var tokenRequestContext = new TokenRequestContext(new[] { "https://database.windows.net/.default" });

var token = credential.GetToken(tokenRequestContext);

connection.AccessToken = token.Token;

Answer 3

Deleted

This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

Comments have been turned off. Learn more

Share via

How to fix code throwing exception : Microsoft.Data.SqlClient.SqlException: 'Login failed for user '

2 additional answers

Your answer