Skip to content

Azure SQL Does not allow login for Created Clients

I created several users for Azure SQL using the free acccount in a database in Azure Data Studio following the recommended procedure:

  • add client ip addresses to firewall
  • create login on the master database
  • create users
  • add appropriate roles that at least encompass db_accessadmin

Despite this, my attempts to login with Azure Data Studio and SSMS continue to fail unless I use the admin account created on setup. The only eror information is:

Login Failed

I am trying to connect from my ip address and even added my ip address to the database firewall. Am I missing something?


The command run on master to create a user [username and password changed]:

CREATE LOGIN userlogin WITH PASSWORD='my_password';

The commands run on the database:

CREATE USER myuser FROM LOGIN userlogin;
ALTER ROLE db_datawriter ADD MEMBER myuser;
ALTER ROLE db_datareader ADD MEMBER myuser;
ALTER ROLE db_accessadmin ADD MEMBER myuser;

Details from Azure Data On attempt to access the database:

Microsoft.Data.SqlClient.SqlException (0x80131904): Login failed for user 'myuser'.
   at Microsoft.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)
   at Microsoft.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose)
   at Microsoft.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady)
   at Microsoft.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)
   at Microsoft.Data.SqlClient.SqlInternalConnectionTds.CompleteLogin(Boolean enlistOK)
   at Microsoft.Data.SqlClient.SqlInternalConnectionTds.AttemptOneLogin(ServerInfo serverInfo, String newPassword, SecureString newSecurePassword, Boolean ignoreSniOpenTimeout, TimeoutTimer timeout, Boolean withFailover)
   at Microsoft.Data.SqlClient.SqlInternalConnectionTds.LoginNoFailover(ServerInfo serverInfo, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance, SqlConnectionString connectionOptions, SqlCredential credential, TimeoutTimer timeout)
   at Microsoft.Data.SqlClient.SqlInternalConnectionTds.OpenLoginEnlist(TimeoutTimer timeout, SqlConnectionString connectionOptions, SqlCredential credential, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance)
   at Microsoft.Data.SqlClient.SqlInternalConnectionTds..ctor(DbConnectionPoolIdentity identity, SqlConnectionString connectionOptions, SqlCredential credential, Object providerInfo, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance, SqlConnectionString userConnectionOptions, SessionData reconnectSessionData, Boolean applyTransientFaultHandling, String accessToken, DbConnectionPool pool, SqlAuthenticationProviderManager sqlAuthProviderManager)
   at Microsoft.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions options, DbConnectionPoolKey poolKey, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningConnection, DbConnectionOptions userOptions)
   at Microsoft.Data.ProviderBase.DbConnectionFactory.CreateNonPooledConnection(DbConnection owningConnection, DbConnectionPoolGroup poolGroup, DbConnectionOptions userOptions)
   at Microsoft.Data.ProviderBase.DbConnectionFactory.<>c__DisplayClass40_0.<TryGetConnection>b__1(Task`1 _)
   at System.Threading.Tasks.ContinuationResultTaskFromResultTask`2.InnerInvoke()
   at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state)
--- End of stack trace from previous location where exception was thrown ---
   at System.Threading.Tasks.Task.ExecuteWithThreadLocal(Task& currentTaskSlot)
--- End of stack trace from previous location where exception was thrown ---
   at Microsoft.SqlTools.ServiceLayer.Connection.ReliableConnection.ReliableSqlConnection.<>c__DisplayClass30_0.<<OpenAsync>b__0>d.MoveNext() in D:a1ssrcMicrosoft.SqlTools.ManagedBatchParserReliableConnectionReliableSqlConnection.cs:line 314
--- End of stack trace from previous location where exception was thrown ---
   at Microsoft.SqlTools.ServiceLayer.Connection.ConnectionService.TryOpenConnection(ConnectionInfo connectionInfo, ConnectParams connectionParams) in D:a1ssrcMicrosoft.SqlTools.ServiceLayerConnectionConnectionService.cs:line 549
Error Number:18456,State:1,Class:14


Well, after some head scratching, I found SSMS. It works like a charm using the same commands. Not sure but the default commands had an N before the roles and role user. It also switched FROM LOGIN to FOR LOGIN I just have up on Azure Data Studio for a while though.



The issue was you accidentally used FOR instead of From. Most of the documentation I have seen show that it shouldn’t matter. The only thing I could think of is that if you got the remarks section []

The example explicitly uses from, then there are other references From external providers. I wonder if there is something that maybe AD wants the From.

Could just have been a hiccup in the matrix.

Just glad you got it working, and that I was able to help.

User contributions licensed under: CC BY-SA
3 People found this is helpful