Menu
I have a database where I created a contained user and I needed to connect to my web app using that user. I have always been able to connect to the web app with a standard user having Persist Security Info=False.
However, the only way I was able to connect with the contained user was changing my connection string to Persist Security Info=True, otherwise I'd get a login failed sql exception even though I was able to connect using SSMS. I'm not sure why it worked, does anybody know why a contained user needs the property set to True?
668
Setting Persist Security Info to true or yes allows security-sensitive information, including the user ID and password, to be obtained from a connection after it has been opened.
Use contained database users to authenticate SQL Server and SQL Database connections at the database level. A contained database is a database that is isolated from other databases and from the instance of SQL Server/ SQL Database (and the master database) that hosts the database.
Persistence in cybersecurity occurs when a threat actor discreetly maintains long-term access to systems despite disruptions such as restarts or changed credentials. Bad actors can place an implant or a “stub” that both evades automated antivirus solutions and kickstarts more malware.
A contained database includes all database settings and metadata required to define the database and has no configuration dependencies on the instance of the Database Engine where the database is installed. Users can connect to the database without authenticating a login at the Database Engine level.
For you web app, are you using Entity Framework ?
And for your DbContext are you using IdentityDbContext ?
If so, I had the same problem. I was able to connect directly with SqlConnection but encountered an "Access Deny" error when connecting with Entity Framework. When I gave enough permissions to my user, all queries were very slow.
When instantiating the Context (with IdentityDbContext) you should set the second parameter to false.
public AdeleDbContext(string connectionString) : base(connectionString, false)
{
}
The second parameter is throwIfV1Schema and when set to true (which is the default value), it will validate schema against the database by calling SELECT COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS where TABLE_NAME=@Table for many columns.
That was the reason why the connection was slow and user needed more permissions when connecting to DB with Entity Framework and IdentityDbContext.
73
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
