I am trying to authenticate Azure SQL Database using access token, Problem is, the access token(and refresh token) is generated on the different machine and SQL server authentication java code is on another machine. My application on 2nd machine picks the refresh token from the properties file. I am able to get the access token using refresh token but not able to authenticate the Azure SQL DB using that. However, everything works fine if I do the whole process on the same machine.
Are access token generated IP bound or machine bound?
Error: Database connection failed: Error message: Login failed for user ''. ClientConnectionId:321ad51b-77d5-4681-a162-d6c8afd477aa
The issue has been resolved, it was due to wrong (pretty old) version of MSSQL JDBC jar.
Each user has a default database. When you connect to computer that's running Microsoft SQL Server, and you do not specify a login database, the default database is used. However, if the default database is unavailable at the time of the connection, you may not be able to connect
Related
Working on simple use case of transferring a file from S3 to Azure Blob Storage container using Azure SDK in Java based AWS Lambda. But before going to file transfer, I wanted to test the connectivity itself from my Lambda so I decided to first try and list the blobs in a container.
I am using "Shared Access Signature" token for authenticating access to Azure Blob Storage container. Faced lot of challenges to establish the connection on the local but at last I was able to make successful connection and finally I was able to list all the blobs in a given container.
Now, when I merged the same code to my Lambda and run it. It is giving me Authorization error as below.
Lambda Exception Trace
Since I am new to Azure, can someone help me in understanding if there is any authentication, network configuration missing to establish this connection or am I fundamentally missing something.
Code this is working on Eclipse IDE on Local
It appears to be an Authentication Failure. This includes the possibility that the SAS (Shared access signature) token you are using to connect is missing one or more permissions to execute a particular action that is needed by the BlobContainerClient. The actions are: Read, Write, Delete, List, Add, Create, Process, Immutable storage, Permanent delete. You also have different types of services you can interact with: blob, file, queue, table. Finally, when the SAS token is created, it can be configured with an expiration date, a set of allowed IP addresses, limited to use only a certain protocol and choose a signing key. Perhaps one of these conditions is not allowing the same code to behave in the same way when it is executed from two different locations?
I am using VS Code to develop an Azure function with Java 11. I am able to authenticate using VisualStudioCodeCredential but when I try to use the DefaultAzureCredential class I get the below error. It is my understanding that for this app to run locally and in the Azure hosted environment that I need the DefaultAzureCredential. Why does this happen and how do I fix it? Is there a better/preferred way to do the authentication?
Caused by: com.azure.core.exception.ClientAuthenticationException: DefaultAzureCredential
authentication failed. ---> IntelliJCredential authentication failed. Error Details:
Unrecognized field "tenantId" (class
com.azure.identity.implementation.IntelliJAuthMethodDetails), not marked as ignorable (4 known
properties: "authMethod", "azureEnv", "accountEmail", "credFilePath"])
Here is my code. The error occurs when I try to get the secret from the vault.
secretClient = new SecretClientBuilder().vaultUrl(System.getenv("KeyVaultURL"))
.credential(new DefaultAzureCredentialBuilder().build()).buildClient();
String secretValue= secretClient.getSecret("secretValue").getValue();
Using VisualStudioCodeCredential works:
secretClient = new SecretClientBuilder().vaultUrl(System.getenv("KeyVaultURL"))
.credential(new VisualStudioCodeCredential().build()).buildClient();
String secretValue= secretClient.getSecret("secretValue").getValue();
Links to some of the docs that I have used for reference.
https://learn.microsoft.com/en-us/java/api/overview/azure/identity-readme?view=azure-java-stable
https://learn.microsoft.com/en-us/azure/developer/java/sdk/identity#key-concepts
https://learn.microsoft.com/en-us/azure/developer/java/sdk/identity-azure-hosted-auth#default-azure-credential
The issue was occurring due to how DefaultAzureCredential chooses the authentication method. During runtime an error occurred because the app was unable to authenticate using IntelliJ authentication even though the app was running from Visual Studio Code.
Default Azure credential
The DefaultAzureCredential is appropriate for most scenarios where the application ultimately runs in the Azure Cloud. DefaultAzureCredential combines credentials that are commonly used to authenticate when deployed, with credentials that are used to authenticate in a development environment. The DefaultAzureCredential will attempt to authenticate via the following mechanisms in order.
Microsoft provides a way to get around this with the ChainedTokenCredential class.
The ChainedTokenCredential class provides the ability to link together multiple credential instances to be tried sequentially when authenticating. The following example demonstrates creating a credential which will attempt to authenticate using managed identity, and fall back to certificate authentication if a managed identity is unavailable in the current environment. This example authenticates an EventHubClient from the azure-eventhubs client library using the ChainedTokenCredential. There's also a compilable sample to create a Key Vault secret client you can copy-paste.
Using the ChainedTokenCredential I was able to change the order to check ManagedIdentityCredential and then VisualStudioCodeCredential.
I have an application developed in MS Access, and I'm currently switching it to a web application with Apache Tomcat.
The Access application has our SQL Server database fully linked, so it has entire control of the data.
The application is running a hidden process by passing the ActiveDirectory authentication to the SQL Server, so the users never type their passwords.
But from Tomcat, I tried to connect on the SQL Server using JDBC driver and Windows authentication (jdbc:sqlserver://SERVERADDRESS;integratedSecurity=true;) in just one jsp file to test the database connection.
The problem here is instead of passing the user login which launched the app through his web browser, it passes the Server identifier (Which is DOMAIN\SERVERNAME).
Can I get the username with this way, or do I need to completely change my connection system?
Impossible without credential delegation/S4U services for Kerberos. Especially, if you don't use Java's Kerberos implementation, but the one from Windows SSPI.
Start your users to authenticate via SPNEGO first, then come back.
How should I write my connection string in jdbc when I want to connect to a SQL server where windows authentication is needed and I am connecting to a named instance?
So I have my connection string like
jdbc:sqlserver://sqlserver4\Test;datebaseName=TestDB;user=g\John;password=hello123
I have also tried with sqlserver4;namedInstance=Testinstead of sqlserver4\Test
I have tried under
Control Panel -> Administrative Tools -> ODBC Data Source
Shift Right-Click -> Run as different user
login as user=g\John password=hello123 with this test I can connect successfuly, but in my jdbc connection string I get Login failed for user g\John.
Do I have to setup my connection string in a specific way when using Windows User Authentication and named instance in the DB?
According to: https://msdn.microsoft.com/en-us/library/bsz5788z.aspx
If your application runs on a Windows-based intranet, you might be able to use Windows integrated authentication for database access. Integrated security uses the current Windows identity established on the operating system thread to access the SQL Server database. You can then map the Windows identity to a SQL Server database and permissions.
To connect to SQL Server using Windows integrated authentication, you must identify the Windows identity under which your ASP.NET application is running. You must also be sure that the identity has been granted access to the SQL Server database. This topic includes a code example that displays the current Windows identity of the ASP.NET application.
So try maybe adding this:
integratedSecurity=true;
At the end of your connection string and removing username and password
In Production system, all the database servers/hosts will have application specific user ids like report_app_user, dev_app_user,dev_env_user,test_env_user,uat_env_user and the JDBC api will connect it promptly.
Please talk to ITsupport team/db admin to get a application specific user id.
Otherwise, you will not be able to use db user which is tied with windows authentication.
I have tried all that, but it seems that I have to implement some spring security and setup an LDAP server to be able to connect through an AD user, with MuleESB. But thanks anyway :).
I have written a java servlet in app engine that i am trying to connect to a cloud sql, i am working in eclipse kepler on windows. in the google cloud console i have authorized by app to access the database, they are both stored in the US.
To enable cloud sql for my app in eclipse i am going to google>app engine settings...
i try to configure the cloud sql instance, i am using the appropriate instance name : and i have specified the correct database name username and password, i have also tried with a blank password, and both a blank password and user niether have worked. additionally, i am using the same email account across my database and app engine and eclipse. the error i receive is:
Could not connect to Profile (<project>.GoogleCloudSQL.AppEngineInstance).
Error creating SQL Model Connection connection to
Profile(<project>.GoogleCloudSQL.AppEngineInstance). (Error: Not authorized to access
instance: <instance:database>)
Not authorized to access instance: <instance:database>
Error creating Google Cloud SQL Connection factory connection to Profile
(<project>.GoogleCloudSQL.AppEngineInstance). (Error: Not authorized to access
instance: <instance:database>)
Not authorized to access instance: <instance:database>
i then tried to test the database using the google_sql.sh script provided in the bin folder of the appengine sdk. i sent me to a url to get an authorization code, after entering the authorization code i was just given the script fails stating "the provided authorization grant is invalid, expired, revoked etc.".
i just want my app engine java servlet to be able to access my cloud sql database...does anyone have any advice? a solution? a similar problem?
Please take a look at the following link for the recommended way to connect to your CloudSQL instance from dev purposes.
https://developers.google.com/appengine/docs/java/cloud-sql/#connect_and_post
In short, just get an IP address for the CloudSQL instance using admin API or cloud console, authorize your network to access the CloudSQL instance through Cloud console, and point your application to it.