FirebirdSql.Data.FirebirdClient connecting with a user other than Sysdba - username and password are not defined

Question

I use FirebirdSql.Data.FirebirdClient to connect to a Firebird database (WPF desktop app).

Server Version: WI-V3.0.5.33220 Firebird 3.0, and ADO.net provider version is 7.5.0 (NuGet)

I created a user other than SYSDBA that only has read only access to the tables (only SELECT). Connecting with FlameRobin works without problems with this new user. However, when I specify this new user and corresponding read-only role in the FbConnectionStringBuilder class, I get a

"your username and password are not defined"

error. If I replace the new user by SYSDBA and corresponding password, the connection works.

using FirebirdSql.Data.FirebirdClient;

namespace Test
{
    class DBConnection
    {
        FbConnection fbConnection;
        public void CreateConnection() 
        {
            FbConnectionStringBuilder builder = new FbConnectionStringBuilder();
            builder.Charset = "WIN1252";
            builder.Database = "firebird2:DB_NAME";
            builder.Dialect = 3;
            builder.Role = "READ_ONLY_OTN";
            builder.UserID = "TEST";
            builder.Password = "Test";
            builder.ServerType = FbServerType.Default;
            fbConnection = new FbConnection(builder.ConnectionString);
            fbConnection.Open();
        }
    }
}

What could be the cause for this error other than a wrong password (I checked it twice and also with FlameRobin)?

What is your Firebird version, and what is your Firebird ADO.net provider version? — Mark Rotteveel, Nov 09 '20 at 10:48
Server Version: WI-V3.0.5.33220 Firebird 3.0, and ADO.net provider version is 7.5.0 (NuGet). — dsungaro, Nov 09 '20 at 11:46
FB3 has several "authentication plugins" - user/password "dictionaries". You probably created used in one of them, and trying to connect with another. Try to either create new user in both or to somehow tune .Net Provider to use same auth plugin that FlameRobin uses. See also http://stackoverflow.com/questions/64696654/ See also support links at https://stackoverflow.com/tags/firebird-.net-provider/info — Arioch 'The, Nov 09 '20 at 14:53
When connected as SYSDBA, what is the output for `select sec$user_name, sec$plugin from sec$users` (specifically for the user you're trying to use with your application)? What is the setting of `AuthServer` and `UserManager` in `firebird.conf`? — Mark Rotteveel, Nov 09 '20 at 15:31
@MarkRotteveel but would .Net provider check firebird.conf for that setting, and if yes, then where would it be looking for it? I guess the thread to pull is different behaviour of .Net app and FlameRobin here — Arioch 'The, Nov 09 '20 at 17:36
Thanks! I've seen by the select query given by Mark that my TEST user is only created for the LEGACY_AUTH plugin and not for SRP. I will create the user for SRP and look if it's working then. — dsungaro, Nov 10 '20 at 10:22
@Arioch'The No, of course the Firebird ADO.net provider doesn't check firebird.conf, but I wanted that information to confirm my theory. — Mark Rotteveel, Nov 11 '20 at 09:06
@MarkRotteveel but the query should be enough for it. Even more, only the query is primary factual information. The config file is a secondary hint. We can *expect* that config file is placed where FB3 looks for it (and that we correctly identified where the running instance of FB3 is located), does not have syntax errors, does not have file access rights errors, and so forth with dozens details. It is a powerful but hint. The ultimate fact, proving that the config was applied to the given connection, would anyway be the query and nothing else. — Arioch 'The, Nov 11 '20 at 13:05
@Arioch'The When I answer I like to be complete (eg is Srp present in UserManager, is it first or second, etc could all influence what you need to add in an answer). I admit, knowing the setting of AuthServer was probably unnecessary. — Mark Rotteveel, Nov 11 '20 at 14:59
@MarkRotteveel sounds like FB lacks a table like `RDB$PLUGINS`... — Arioch 'The, Nov 11 '20 at 15:14

Mark Rotteveel · Accepted Answer · 2020-11-11T14:56:11.987

The problem is that, when connecting to Firebird 3, the Firebird ADO.net provider (FirebirdSql.Data.FirebirdClient) only supports the new SRP authentication plugin, not the Legacy_Auth authentication plugin. If your user is created using the Legacy_UserManager, then you cannot authenticate using the Firebird ADO.net provider. You need to create the user using Srp.

Depending on your exact Firebird config, you need to add Srp to the UserManager config list, and then create the user with:

create user <youruser> password '<password>' using plugin srp;

For security reasons, I would recommend that you drop the user create with Legacy_UserManager:

drop user <youruser> using plugin legacy_usermanager;

I would also recommend that you remove Legacy_UserManager from the UserManager list, or make sure that Srp is first in the list, to avoid accidentally creating users with the less secure user manager (executing SQL user management statements without the using plugin <plugin> clause will default to the first user manager in the list).

FirebirdSql.Data.FirebirdClient connecting with a user other than Sysdba - username and password are not defined

1 Answers1