search

microsoft / azuredatastudio

Azure Data Studio is a data management and development tool with connectivity to popular cloud and on-premises databases. Azure Data Studio supports Windows, macOS, and Linux, with immediate capability to connect to Azure SQL and SQL Server. Browse the extension library for more database support options including MySQL, PostgreSQL, and MongoDB.
https://learn.microsoft.com/sql/azure-data-studio
MIT License
7.57k stars 901 forks source link

Azure AD Guest User Access (B2B) failes to Authenticate #10314

Closed rohrerb closed 1 year ago

rohrerb commented 4 years ago

Steps to Reproduce:

Setup:

  1. Created a guest user in alternate AD Tenant AD.
  2. Invited the guest user into the primary AD.
  3. Ensure the Guest user accepted the invitation and configured MFA.
  4. Created a AD Group in the primary AD tenant called Guest_Group_Test and added the Guest User.
  5. Ensure AD Integration is on with the Azure SQL Server Azure AD by associating your AD User as owner or a group your a member of.
  6. Log into SQL Server using your user (not the guest)
  7. The following TSQL was ran in the SQL Database successfully. 
    CREATE USER [Guest_Group_Test] FROM EXTERNAL PROVIDER;
EXEC sp_addrolemember 'db_datareader', 'Guest_Group_Test';
  8. Open Azure Data Studio, make a new connection to the target Azure SQL Server.
  9. Choose Azure Active Directory - Universal with MFA Support
  10. Ensure the Account is the Guest user email who was added into the primary tenant via b2b.
  11. Click Connect

Error's:

Retrieving the Azure token failed. Please Sign in again. Login failed for user '<token-identified principal>'.

Note: Tested on SSMS version 18 and the above scenario works with authenticating B2B users provided they are in a AD Group.

kburtram commented 4 years ago

@aaomidi do you have any context on this scenario?

aaomidi commented 4 years ago

I don't, the only thing I could think of is if the wrong account is selected.

I'll try to investigate this some more.

swilkodev commented 4 years ago

I'm encountering the same issue today as #10207 on Windows. I've tried 1.17.1 and the insiders build but still the issue persists. Below is the console log.

c:\Program Files\Azure Data Studio - Insiders\resources\app\node_modules.asar\zone.js\dist\zone-node.js:2280 Retrieving the Azure token failed. Please sign in again. console. @ c:\Program Files\Azure Data Studio - Insiders\resources\app\node_modules.asar\zone.js\dist\zone-node.js:2280 onDidChangeNotification @ workbench.desktop.main.js:3799 (anonymous) @ workbench.desktop.main.js:3799 fire @ workbench.desktop.main.js:194 addNotification @ workbench.desktop.main.js:3834 notify @ workbench.desktop.main.js:5368 (anonymous) @ workbench.desktop.main.js:5090 ZoneAwarePromise @ c:\Program Files\Azure Data Studio - Insiders\resources\app\node_modules.asar\zone.js\dist\zone-node.js:891 _showMessage @ workbench.desktop.main.js:5090 $showMessage @ workbench.desktop.main.js:5089 _doInvokeHandler @ workbench.desktop.main.js:5126 _invokeHandler @ workbench.desktop.main.js:5126 _receiveRequest @ workbench.desktop.main.js:5124 _receiveOneMessage @ workbench.desktop.main.js:5123 (anonymous) @ workbench.desktop.main.js:5121 fire @ workbench.desktop.main.js:194 fire @ workbench.desktop.main.js:601 _receiveMessage @ workbench.desktop.main.js:605 (anonymous) @ workbench.desktop.main.js:603 fire @ workbench.desktop.main.js:194 acceptChunk @ workbench.desktop.main.js:599 (anonymous) @ workbench.desktop.main.js:598 t @ workbench.desktop.main.js:609 ZoneDelegate.invokeTask @ c:\Program Files\Azure Data Studio - Insiders\resources\app\node_modules.asar\zone.js\dist\zone-node.js:421 Zone.runTask @ c:\Program Files\Azure Data Studio - Insiders\resources\app\node_modules.asar\zone.js\dist\zone-node.js:188 ZoneTask.invokeTask @ c:\Program Files\Azure Data Studio - Insiders\resources\app\node_modules.asar\zone.js\dist\zone-node.js:496 ZoneTask.invoke @ c:\Program Files\Azure Data Studio - Insiders\resources\app\node_modules.asar\zone.js\dist\zone-node.js:485 emit @ events.js:203 addChunk @ _stream_readable.js:295 readableAddChunk @ _stream_readable.js:276 Readable.push @ _stream_readable.js:210 onStreamRead @ internal/stream_base_commons.js:166 Show 2 more frames c:\Program Files\Azure Data Studio - Insiders\resources\app\node_modules.asar\zone.js\dist\zone-node.js:2280 [Extension Host] Error: Error: Unable to read token claims: {} at e.getToken (c:\Program Files\Azure Data Studio - Insiders\resources\app\extensions\azurecore\dist\extension.js:16:129376) at processTicksAndRejections (internal/process/task_queues.js:85:5) at async e.login (c:\Program Files\Azure Data Studio - Insiders\resources\app\extensions\azurecore\dist\extension.js:166:34919) (at e.login (c:\Program Files\Azure Data Studio - Insiders\resources\app\extensions\azurecore\dist\extension.js:166:35064)) c:\Program Files\Azure Data Studio - Insiders\resources\app\node_modules.asar\zone.js\dist\zone-node.js:2280 ERR Error while adding account: Error: Failure when retreiving tokens

aaomidi commented 4 years ago

Hi to all in this thread, we have a new insiders build with more error messages.

The error messages have been enhanced both when signing in to Azure, and when logging into a server with Azure MFA. Could you please try both scenarios, and post your Developer tool logs and other logs in this issue.

Thank you!

Downloading Insiders: https://github.com/microsoft/azuredatastudio#try-out-the-latest-insiders-build-from-master

adsbot[bot] commented 4 years ago

We need more info to debug your particular issue. If you could attach your logs to the issue (ensure no private data is in them), it would help us fix the issue much faster.

To find your logs:

This will open the log file locally. Please include renderer.log

swilkodev commented 4 years ago

The output looks the same to me. Below is the version info of the insiders build I was running.

Version: 1.18.0-insider (system setup) Commit: ab374e362a8b9199d1ed37f2e13abcebd594d99b Date: 2020-05-12T22:57:17.994Z VS Code: 1.45.0 Electron: 7.2.4 Chrome: 78.0.3904.130 Node.js: 12.8.1 V8: 7.8.279.23-electron.0 OS: Windows_NT x64 10.0.17763

The renderer file just had the following log. [2020-05-13 15:51:32.118] [renderer1] [error] Error while adding account: Error: Failure when retreiving tokens

The console log is the same

Show 2 more frames c:\Program Files\Azure Data Studio - Insiders\resources\app\node_modules.asar\zone.js\dist\zone-node.js:2280 [Extension Host] Error: Error: Unable to read token claims: {} at e.getToken (c:\Program Files\Azure Data Studio - Insiders\resources\app\extensions\azurecore\dist\extension.js:16:129600) at processTicksAndRejections (internal/process/task_queues.js:85:5) at async e.login (c:\Program Files\Azure Data Studio - Insiders\resources\app\extensions\azurecore\dist\extension.js:166:34919) (at e.login (c:\Program Files\Azure Data Studio - Insiders\resources\app\extensions\azurecore\dist\extension.js:166:35064)) c:\Program Files\Azure Data Studio - Insiders\resources\app\node_modules.asar\zone.js\dist\zone-node.js:2280 ERR Error while adding account: Error: Failure when retreiving tokens

I tried with both a non-MFA and MFA account and the same issue occurs.

aaomidi commented 4 years ago

Hmm, your issue is definitely odd. The error seems to be here:

https://github.com/microsoft/azuredatastudio/blob/923272f9893f0cd470ad3829a96c666d87938d5e/extensions/azurecore/src/account-provider/auths/azureAuth.ts#L381-L382

Where the access_token is seemingly not properly defined. Which means there was likely an error getting an access token entirely. Unfortunately it seems that the POST request is still responding with status 200, and I don't want to add any logging to the response because that could leak access tokens.

Would you feel comfortable replacing the c:\Program Files\Azure Data Studio - Insiders\resources\app\extensions\azurecore\dist\extension.js file with a custom one I can quickly provide that will add logging to the response from the AzureMFA? Just make sure you don't share your access token here.

Alternatively if you build ADS from source in your environment and place a breakpoint/logging there we can get more information on why it's failing in your environment as I've been unable to reproduce this locally.

marcin-vt commented 4 years ago

With the new version (Version: 1.18.0-insider Commit: ab374e362a8b9199d1ed37f2e13abcebd594d99b Date: 2020-05-12T22:51:22.359Z (9 hrs ago)) I can see some useful logs.

/data/home/mlpoc/Dow…t/zone-node.js:2280 [Extension Host] Unexpected error making Azure auth request azureCore.postRequest ... 502 Bad Gateway ... The webserver reported that an error occurred while trying to access the website. Client IP: _MYIP Server IP: 40.126.7.101 (at e.makePostRequest (/data/home/mlpoc/Downloads/azuredatastudio-linux-x64/resources/app/extensions/azurecore/dist/extension.js:16:127507))

As mentioned before I am running behind proxy. When I set no_proxy to include also 40.126.7.101 I could move further, but what is that ip?
When using Auth Code Gran method I am getting then following error in the console:

[Extension Host] Unexpected error making Azure auth request azureCore.postRequest { "error": "interaction_required", "error_description": "AADSTS53003: Access has been blocked by Conditional Access policies. The access policy does not allow token issuance.\r\nTrace ID: 281dda43-800d-48f1-ae62-ea9589a30c00\r\nCorrelation ID: 39888be4-aae1-47a2-abe0-dece46bda0a9\r\nTimestamp: 2020-05-13 07:48:26Z", "error_codes": [ 53003 ], "timestamp": "2020-05-13 07:48:26Z", "trace_id": "281dda43-800d-48f1-ae62-ea9589a30c00", "correlation_id": "39888be4-aae1-47a2-abe0-dece46bda0a9", "error_uri": "https://login.microsoftonline.com/error?code=53003", "suberror": "message_only" }

When I try Device Code method I am getting following error in the webbrowser:

You cannot access this right now Your sign-in was successful but does not meet the criteria to access this resource. For example, you might be signing in from a browser, app, or location that is restricted by your admin.

This method of authentication still works ok on the same server with version 1.12.

Also another minor issue, when authorization fails "Adding accounts..." popups seems to be stacking up for a while: image

aaomidi commented 4 years ago

@marcin-vt The old authentication system didn't honor your organizational settings. Unfortunately, this is something that you need to bring up to your organization.

aaomidi commented 4 years ago

So after getting logs on GitHub and externally, this seems to be related to error AADSTS50076.

This is a conditional access error, and "interaction required" is printed.

We need to deal with errors like this and prompt the user for action.

aaomidi commented 4 years ago

https://login.microsoftonline.com/error?code=50076

swilkodev commented 4 years ago

I'm seeing a 400 bad request when it calls back to ADS on http://127.0.0.1:56642/callback?code=[redacted]&state=[redacted]&session_state=[redacted]

Request Method: GET Status Code: 400 Bad Request Remote Address: 127.0.0.1:56642 Referrer Policy: strict-origin-when-cross-origin

Response is just "Failure when retreiving tokens."

I downgraded to 1.16.1 and it all works fine. Just not sure why the later release does not work.

aaomidi commented 4 years ago

What's the URL does it redirect to right before this one?

You can see this using the developer tools on your browser.

swilkodev commented 4 years ago

I'm seeing these URLs in the developer tools.

https://login.microsoftonline.com/common/reprocess https://vscode-redirect.azurewebsites.net

aaomidi commented 4 years ago

The query parameters are important, so if you can get those that would help a lot!

Please do change any personally identifiable information and token to some random characters.

swilkodev commented 4 years ago

https://login.microsoftonline.com/common/reprocess?ctx=XYZ&sessionid=0A61777e-5214-410f-9adb-b6f1f2de0f29

https://vscode-redirect.azurewebsites.net/?code=ABC&state=52356%2AAcTkudSvhK3Y54yvsopI09IA%253D%253D&session_state=0A61777e-5214-410f-9adb-b6f1f2de0f29

Comparing the query strings between 1.16.1 (working) and insiders (not working), the ctx and code parameters have extra data in the insiders build.

marcin-vt commented 4 years ago

@aaomidi - regarding my problem with authorization - it was denied because of policies checking the source ip. As is added login.microsoftonline.com to no_proxy settings the traffic was going directly from my ip, not from my proxy ip. So I have to use the proxy and I wonder why it does not work. Why if I do not bypass the proxy for any connection, the bad gateway error still prints out my ip not proxy's? I have all environmental variables set (HTTP_PROXY, HTTPS_PROXY, https_proxy, http_proxy), also tried setting proxy explicitly in data studio, but it did not help.

Strangely enough I tried running azure data studio on a Windows server in the same virtual network, using the same proxy (not bypassing it for any server) and it worked fine. Any clue what might be difference between running datastudio on ubuntu and windows?

aaomidi commented 4 years ago

@swilkodev, The latest insiders is supposed to give you more information on what failed I believe. Those URLs look fine to me.

I'll try to get even more error logging to see if we can root cause it.

aaomidi commented 4 years ago

@marcin-vt That's a super interesting scenario. I wonder if there is some settings in AAD that I'm not aware of from your organization.

Could you check and see if logging into your personal Microsoft account and see if this still happens?

You can alternatively use device code authentication (just change it in the settings for ADS, if you search device code it'll pop up) but that method may be disabled by your organization.

marcin-vt commented 4 years ago

Signing in with device code fails for the same reason as authentication code.

With my Microsoft account:

arvindshmicrosoft commented 4 years ago

Thank you all for looking into this. As a gentle reminder, @rohrerb was able to use SQL Management Studio (from a Windows machine) to login to workaround. I bring this up because there are references to AD organization settings, which ideally should have also affected SSMS if they were the root cause.

aaomidi commented 4 years ago

Going to keep this open until I can confirm the PR at least fixed some of the issues.

aaomidi commented 4 years ago

There seems to be another issue with this on the SqlClient side. Not 100% sure yet, and need to do more investigations with @rohrerb

peter-rangelov commented 4 years ago

Updated Azure Data Studio, same issue (on Mac). On a Windows VM, it works fine.

Microsoft.Data.SqlClient.SqlException (0x80131904): Login failed for user '<token-identified principal>'.
   at Microsoft.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)
   at Microsoft.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose)
   at Microsoft.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady)
   at Microsoft.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)
   at Microsoft.Data.SqlClient.SqlInternalConnectionTds.CompleteLogin(Boolean enlistOK)
   at Microsoft.Data.SqlClient.SqlInternalConnectionTds.AttemptOneLogin(ServerInfo serverInfo, String newPassword, SecureString newSecurePassword, Boolean ignoreSniOpenTimeout, TimeoutTimer timeout, Boolean withFailover)
   at Microsoft.Data.SqlClient.SqlInternalConnectionTds.LoginNoFailover(ServerInfo serverInfo, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance, SqlConnectionString connectionOptions, SqlCredential credential, TimeoutTimer timeout)
   at Microsoft.Data.SqlClient.SqlInternalConnectionTds.OpenLoginEnlist(TimeoutTimer timeout, SqlConnectionString connectionOptions, SqlCredential credential, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance)
   at Microsoft.Data.SqlClient.SqlInternalConnectionTds..ctor(DbConnectionPoolIdentity identity, SqlConnectionString connectionOptions, SqlCredential credential, Object providerInfo, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance, SqlConnectionString userConnectionOptions, SessionData reconnectSessionData, Boolean applyTransientFaultHandling, String accessToken, DbConnectionPool pool, SqlAuthenticationProviderManager sqlAuthProviderManager)
   at Microsoft.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions options, DbConnectionPoolKey poolKey, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningConnection, DbConnectionOptions userOptions)
   at Microsoft.Data.ProviderBase.DbConnectionFactory.CreateNonPooledConnection(DbConnection owningConnection, DbConnectionPoolGroup poolGroup, DbConnectionOptions userOptions)
   at Microsoft.Data.ProviderBase.DbConnectionFactory.<>c__DisplayClass40_0.<TryGetConnection>b__1(Task`1 _)
   at System.Threading.Tasks.ContinuationResultTaskFromResultTask`2.InnerInvoke()
   at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state)
--- End of stack trace from previous location where exception was thrown ---
   at System.Threading.Tasks.Task.ExecuteWithThreadLocal(Task& currentTaskSlot)
--- End of stack trace from previous location where exception was thrown ---
   at Microsoft.SqlTools.ServiceLayer.Connection.ReliableConnection.ReliableSqlConnection.<>c__DisplayClass30_0.<<OpenAsync>b__0>d.MoveNext() in D:\a\1\s\src\Microsoft.SqlTools.ManagedBatchParser\ReliableConnection\ReliableSqlConnection.cs:line 314
--- End of stack trace from previous location where exception was thrown ---
   at Microsoft.SqlTools.ServiceLayer.Connection.ConnectionService.TryOpenConnection(ConnectionInfo connectionInfo, ConnectParams connectionParams) in D:\a\1\s\src\Microsoft.SqlTools.ServiceLayer\Connection\ConnectionService.cs:line 549
ClientConnectionId:46ae1b97-f0f6-48f0-b0c9-c5e5f1f95bcf
Error Number:18456,State:1,Class:14
aaomidi commented 4 years ago

Oh interesting that this is only happening on mac for you. Even more evidence that this might be a SqlClient issue.

Thanks!

aaomidi commented 4 years ago

@peter-rangelov I noticed that the error number was Error Number:18456,State:1,Class:14

https://docs.microsoft.com/en-us/sql/relational-databases/errors-events/mssqlserver-18456-database-engine-error?view=sql-server-ver15

According to this there is something going on but with State = 1, we don't have the information on what actually went wrong. Any way you can get that information?

ravikd744 commented 4 years ago

Did anyone find the solution for this issue? https://github.com/microsoft/azuredatastudio/issues/10314#issuecomment-628498834

I am on windows 10.

My ADS is broken suddenly, I am behind proxy and was working fine, downgrading to previous versions don’t help. I am currently on 1.19 with no extension, have removed profile settings multiple times and reinstalled 1.19 and 1.18 multiple times.

Fails with auth code grant as failed to callback 127.0.0.1. With device code, authentication is successful but could not see the account added. It’s an empty entry in the accounts list dialog.

My account is not assigned to multiple tenants and is not a guest user. SSMS is not an option, trying to leverage pyspark.

aaomidi commented 4 years ago

@ravikd744 What do you mean it failed to callback 127.0.0.1? What error did you get in your browser?

@kburtram I think the problem here might be solved if we upgrade to SqlClient 2.0, they've added an AuthenticationProvider that gets context from the service we're connecting to about what token (which tenant, etc) the server is expecting.

https://docs.microsoft.com/en-us/dotnet/api/microsoft.data.sqlclient.sqlauthenticationprovider?view=sqlclient-dotnet-core-2.0

ravikd744 commented 4 years ago

Hi Amir,

The sign-in is happening but the azure connection is not visible post signin.

This issue happens only from 1.17+ version. If I rollback to 1.16 I am able to connect to Azure. Strangely, my colleague with the same environment settings is able to connect with v1.19.

Thanks!

On Tue, Jun 30, 2020 at 21:01 Amir Omidi notifications@github.com wrote:

@ravikd744 https://github.com/ravikd744 What do you mean it failed to callback 127.0.0.1? What error did you get in your browser?

@kburtram https://github.com/kburtram I think the problem here might be solved if we upgrade to SqlClient 2.0, they've added an AuthenticationProvider that gets context from the service we're connecting to about what token (which tenant, etc) the server is expecting.

https://docs.microsoft.com/en-us/dotnet/api/microsoft.data.sqlclient.sqlauthenticationprovider?view=sqlclient-dotnet-core-2.0

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/microsoft/azuredatastudio/issues/10314#issuecomment-652125708, or unsubscribe https://github.com/notifications/unsubscribe-auth/AG32RL76X2NY426RWNJSGMTRZKDG7ANCNFSM4M4DU3SA .

-- Sent from Gmail Mobile

aaomidi commented 4 years ago

The sign-in is happening but the azure connection is not visible post signin.

By azure connection, do you mean your account isn't visible on the azure pane?

Can you go to Help -> Toggle Developer Tools when logging in to see if there is any additional context to the signin failing.

ravikd744 commented 4 years ago

It shows error in the same zone-node Js at line 2280 error as pointed out by other members. 🙁

On Mon, Jul 6, 2020 at 14:16 Amir Omidi notifications@github.com wrote:

The sign-in is happening but the azure connection is not visible post signin.

By azure connection, do you mean your account isn't visible on the azure pane?

Can you go to Help -> Toggle Developer Tools when logging in to see if there is any additional context to the signin failing.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/microsoft/azuredatastudio/issues/10314#issuecomment-654390916, or unsubscribe https://github.com/notifications/unsubscribe-auth/AG32RL6AO5R7MOG4XUPPRILR2III5ANCNFSM4M4DU3SA .

-- Sent from Gmail Mobile

aaomidi commented 4 years ago

With the developer tools open, and on the console tab. Could you press the + sign and try to sign into Azure (not a SQL DB, just to Azure).

There should be more context on whats failing.

ravikd744 commented 4 years ago

image image image image

workbench.desktop.main.js:205 [Violation] Added non-passive event listener to a scroll-blocking 'touchstart' event. Consider marking event handler as 'passive' to make the page more responsive. See https://www.chromestatus.com/feature/5745543795965952
onFirstListenerAdd @ workbench.desktop.main.js:205
_event._event @ workbench.desktop.main.js:193
(anonymous) @ workbench.desktop.main.js:189
onFirstListenerAdd @ workbench.desktop.main.js:190
_event._event @ workbench.desktop.main.js:193
P @ workbench.desktop.main.js:1249
createMouseController @ workbench.desktop.main.js:1263
e @ workbench.desktop.main.js:1261
renderBody @ workbench.desktop.main.js:8031
render @ workbench.desktop.main.js:1443
render @ workbench.desktop.main.js:7924
addProvider @ workbench.desktop.main.js:8035
(anonymous) @ workbench.desktop.main.js:8032
ZoneDelegate.invoke @ c:\Users\sampleuser\AppData\Local\Programs\Azure Data Studio\resources\app\node_modules.asar\zone.js\dist\zone-node.js:388
Zone.run @ c:\Users\sampleuser\AppData\Local\Programs\Azure Data Studio\resources\app\node_modules.asar\zone.js\dist\zone-node.js:138
(anonymous) @ c:\Users\sampleuser\AppData\Local\Programs\Azure Data Studio\resources\app\node_modules.asar\zone.js\dist\zone-node.js:872
ZoneDelegate.invokeTask @ c:\Users\sampleuser\AppData\Local\Programs\Azure Data Studio\resources\app\node_modules.asar\zone.js\dist\zone-node.js:421
Zone.runTask @ c:\Users\sampleuser\AppData\Local\Programs\Azure Data Studio\resources\app\node_modules.asar\zone.js\dist\zone-node.js:188
drainMicroTaskQueue @ c:\Users\sampleuser\AppData\Local\Programs\Azure Data Studio\resources\app\node_modules.asar\zone.js\dist\zone-node.js:595
ZoneTask.invokeTask @ c:\Users\sampleuser\AppData\Local\Programs\Azure Data Studio\resources\app\node_modules.asar\zone.js\dist\zone-node.js:500
ZoneTask.invoke @ c:\Users\sampleuser\AppData\Local\Programs\Azure Data Studio\resources\app\node_modules.asar\zone.js\dist\zone-node.js:485
emit @ events.js:203
addChunk @ _stream_readable.js:295
readableAddChunk @ _stream_readable.js:276
Readable.push @ _stream_readable.js:210
onStreamRead @ internal/stream_base_commons.js:166
workbench.desktop.main.js:205 [Violation] Added non-passive event listener to a scroll-blocking 'touchstart' event. Consider marking event handler as 'passive' to make the page more responsive. See https://www.chromestatus.com/feature/5745543795965952
onFirstListenerAdd @ workbench.desktop.main.js:205
_event._event @ workbench.desktop.main.js:193
(anonymous) @ workbench.desktop.main.js:189
onFirstListenerAdd @ workbench.desktop.main.js:190
_event._event @ workbench.desktop.main.js:193
P @ workbench.desktop.main.js:1249
createMouseController @ workbench.desktop.main.js:1263
e @ workbench.desktop.main.js:1261
e @ workbench.desktop.main.js:3426
_createInstance @ workbench.desktop.main.js:2157
createInstance @ workbench.desktop.main.js:2157
createNotificationsList @ workbench.desktop.main.js:4025
show @ workbench.desktop.main.js:4024
addToast @ workbench.desktop.main.js:5309
onDidChangeNotification @ workbench.desktop.main.js:5308
(anonymous) @ workbench.desktop.main.js:5307
fire @ workbench.desktop.main.js:194
addNotification @ workbench.desktop.main.js:3854
notify @ workbench.desktop.main.js:5400
(anonymous) @ workbench.desktop.main.js:8040
doWithProvider @ workbench.desktop.main.js:8043
addAccount @ workbench.desktop.main.js:8040
run @ workbench.desktop.main.js:2274
(anonymous) @ workbench.desktop.main.js:8034
fire @ workbench.desktop.main.js:194
(anonymous) @ workbench.desktop.main.js:673
c:\Users\sampleuser\AppData\Local\Programs\Azure Data Studio\resources\app\node_modules.asar\zone.js\dist\zone-node.js:2280 [Extension Host] Unexpected error making Azure auth request azureCore.getRequest "<html>\r\n<HEAD>\r\n\r\n<TITLE>Access Denied</TITLE>\r\n<META http-equiv=Content-Type content=\"text/html; charset=utf-8\">\r\n<META content=ML name=author version=\"1.1\">\r\n<META content=\"Error Template\" name=description>\r\n<STYLE type=text/css>\r\nHTML {\r\n\tPADDING-RIGHT: 0px;\r\n\tPADDING-LEFT: 0px;\r\n\tFONT-SIZE: 100%;\r\n\tPADDING-BOTTOM: 0px;\r\n\tMARGIN: 0px;\r\n\tPADDING-TOP: 0px;\r\n\tHEIGHT: 100%\r\n}\r\nBODY {\r\n\tPADDING-RIGHT: 0px;\r\n\tPADDING-LEFT: 0px;\r\n\tFONT-SIZE: 14px;\r\n\tBACKGROUND: #ffffff;\r\n\tPADDING-BOTTOM: 0px;\r\n\tMARGIN: 0px;\r\n\tPADDING-TOP: 0px;\r\n\tHEIGHT: 100%\r\n}\r\nP {\r\n\tMARGIN-TOP: 2px;\r\n\tMARGIN-BOTTOM: 10px;\r\n\tLINE-height: 135%;\r\n\tFONT: 12px Verdana, Arial, Helvetica, sans-serif;\r\n\tCOLOR: #000000;\r\n}\r\nTD {\r\n\tLINE-height: 135%\r\n}\r\nH1 {\r\n\tMARGIN-TOP: 5px;\r\n\tMARGIN-BOTTOM: 10px;\r\n\tFONT: lighter 18px/120% Verdana, Arial, Helvetica, sans-serif;\r\n\tCOLOR: #af0b1c\r\n}\r\nH2 {\r\n\tMARGIN-TOP: 2px;\r\n\tMARGIN-BOTTOM: 5px;\r\n\tFONT: bold 15px Verdana, Arial, Helvetica, sans-serif;\r\n\tCOLOR: #000000\r\n}\r\nH3 {\r\n\tMARGIN-TOP: 2px;\r\n\tMARGIN-BOTTOM: 0px;\r\n\tFONT: bold 12px Verdana, Arial, Helvetica, sans-serif;\r\n\tCOLOR: #333333\r\n}\r\nH4 {\r\n\tFONT: bold 11px Verdana, Arial, Helvetica, sans-serif;\r\n\tCOLOR: #333333\r\n}\r\nA {\r\n\tCOLOR: #af0b1c;\r\n\tTEXT-DECORATION: underline\r\n}\r\nA:visited {\r\n\tCOLOR: #540264\r\n}\r\nA:hover {\r\n\tCOLOR: #540264;\r\n\tTEXT-DECORATION: underline\r\n}\r\n#logo {\r\n\tZ-INDEX: 1;\r\n\tLEFT: 5px;\r\n\tWIDTH: 146px;\r\n\tPOSITION: absolute;\r\n\tTOP: 31px;\r\n\tHEIGHT: 64px\r\n}\r\n#header {\r\n\tCLEAR: right;\r\n\tBACKGROUND: #ae0020;\r\n\tMARGIN: 0px;\r\n\tHEIGHT: 50px;\r\n\twidth: 970px;\r\n\tpadding: 0px;\r\n}\r\n#headtext {\r\n\tFONT-SIZE: 28px;\r\n\tLEFT: 827px;\r\n\tCOLOR: white;\r\n\tFONT-FAMILY: Verdana, Arial, Helvetica, sans-serif;\r\n\tPOSITION: absolute;\r\n\tTOP: 12px;\r\n\tHEIGHT: 50px;\r\n\tfont-smooth: always\r\n}\r\n#warning {\r\n\tFONT-SIZE: 11px;\r\n\tLEFT: 10px;\r\n\tCOLOR: white;\r\n\tFONT-FAMILY: Verdana, Arial, Helvetica, sans-serif;\r\n\tPOSITION: absolute;\r\n\tTOP: 5px;\r\n\tHEIGHT: 5px;\r\n\tfont-smooth: always;\r\n\tfont-weight: bold;\r\n}\r\n#debug {\r\n\tDISPLAY: none\r\n}\r\n\r\n\t</STYLE>\r\n\t<SCRIPT language=javascript type=text/javascript>\r\n\t\tfunction ToggleDebug(){\r\n\t\t\tif(document.getElementById(\"debug\").style.display == \"\"){\r\n\t\t\t\tdocument.getElementById(\"debug\").style.display = \"block\";\r\n\t\t\t}else{\r\n\t\t\t\tdocument.getElementById(\"debug\").style.display = \"\";\r\n\t\t\t}\r\n\t\t}\r\n\t</SCRIPT>\r\n</HEAD>\r\n\r\n\r\n\r\n\r\n<body>\r\n\t<DIV><A name=top></A>\r\n\t\t<span id=warning><img src=\"warning.gif\">Access blocked | Acc&egrave;s blocqu&eacute;</span><SPAN id=headtext>Attention</SPAN>\r\n\r\n\r\n\r\n\r\n\r\n  \t\t<DIV id=header></DIV>\r\n\t</DIV>\r\n\t<table width=\"971\" border=\"0\" cellpadding=\"10\" cellspacing=\"0\">\r\n\t\t<tr>\r\n\t\t\t<td>&nbsp;</td>\r\n\t\t\t<td><p align=\"right\"><A href=\"javascript:ToggleDebug()\">Debug Info</A></p></td>\r\n  \t\t</tr>\r\n\t\t<tr>\r\n\t\t\t<td>&nbsp;</td>\r\n\t\t\t<td><h2 align=\"left\">Request Error</h2></td>\r\n\t\t</tr>\r\n\t\t<tr>\r\n\t\t\t<td>&nbsp;</td>\r\n\t\t\t<td>Your request could not be processed. Request could not be handled</td>\r\n\t\t</tr>\r\n\t\t<tr>\r\n\t\t\t<td>&nbsp;</td>\r\n\t\t\t<td>This could be caused by a misconfiguration, or possibly a malformed request.</td>\r\n\t\t</tr>\r\n\t\t<tr>\r\n\r\n\t\t\t<td>&nbsp;</td>\r\n\t\t\t<td>For assistance contact the Technology Support Centre at </td>\r\n\t\t</tr>\r\n\r\n\t</table>\r\n\r\n\t<DIV id=debug>\r\n\t\t<br><I>--------- If emailing, select/copy everything below this line ---------</I><BR><br>\r\n\r\n\t\t<B><U>Detailed Information (debug):</U></B><BR>\r\n\t\t<DIV style=\"DISPLAY: block; WIDTH: 60%\">\r\n\t\t\t<DIV style=\"BORDER-RIGHT: blue 1px dashed; PADDING-RIGHT: 20px; BORDER-TOP: blue 1px dashed; PADDING-LEFT: 20px; PADDING-BOTTOM: 10px; BORDER-LEFT: blue 1px dashed; PADDING-TOP: 10px; BORDER-BOTTOM: blue 1px dashed\">\r\n\t\t\t\t<table border=\"0\">\r\n\t\t\t\t\t<TBODY>\r\n\t\t\t\t\t\t<tr><td colspan=\"2\"><u>Error Specifics</u></td></tr>\r\n\t\t\t\t\t\t<tr><td>Date:</td><td>07/06/2020 @ 17:32:34</td></tr>\r\n\t\t\t\t\t\t<tr><td>Proxy ID:</td><td>Someproxy</td></tr>\r\n\t\t\t\t\t\t<tr><td>Conn Type:</td><td>Explicit</td></tr>\r\n\t\t\t\t\t\t<tr><td>Error ID:</td><td>invalid_request</td></tr>\r\n\t\t\t\t\t\t<tr><td>Summary:</td><td>Request Error</td></tr>\r\n\t\t\t\t\t\t<tr><td>Details:</td><td>Your request could not be processed. Request could not be handled</td></tr>\r\n\r\n\t\t\t\t\t\t<tr><td>Help:</td><td>This could be caused by a misconfiguration, or possibly a malformed request.</td></tr>\r\n\t\t\t\t\t\t<tr><td>Last Error:</td><td></td></tr>\r\n\r\n\t\t\t\t\t\t<tr><td>Dest IP:</td><td>some IP</td></tr>\r\n\t\t\t\t\t\t<tr><td>Method:</td><td>GET</td></tr>\r\n\t\t\t\t\t\t<tr><td>URL:</td><td>https://management.azure.com/tenants?api-version=2019-11-01</td></tr>\r\n\t\t\t\t\t\t<tr><td>HTTP Code:</td><td>400</td></tr>\r\n\t\t\t\t\t\t<tr><td>Reason:</td><td>Request could not be handled</td></tr>\r\n\r\n\t\t\t\t\t\t<tr><td>Category:</td><td>Technology/Internet</td></tr>\r\n\t\t\t\t\t\t<tr><td>Redirect:</td><td></td></tr>\r\n\r\n\t\t\t\t\t\t<tr><td colspan=\"2\"><br><u>User Information</u></td></tr>\r\n\t\t\t\t\t\t<tr><td>Source IP:</td><td>1.8.8.8</td></tr>\r\n\t\t\t\t\t\t<tr><td>Username:</td><td>Sampleuser</td></tr>\r\n\t\t\t\t\t\t<tr><td>Username (DN):</td><td>AD\\Sampleuser</td></tr>\r\n\t\t\t\t\t\t<tr><td>Auth Type:</td><td>Digest</td></tr>\r\n\t\t\t\t\t\t<tr><td>Realm:</td><td>AD_IWA_Direct</td></tr>\r\n\t\t\t\t\t\t<!-- <tr><td>User Host:</td><td></td></tr> -->\r\n\t\t\t\t\t\t<tr><td>User Domain:</td><td>AD</td></tr>\r\n\t\t\t\t\t\t<tr><td>Login Count:</td><td>1</td></tr>\r\n\t\t\t\t\t\t<tr><td colspan=\"2\"><br><u>SSL Information (if applicable)</u></td></tr>\r\n\t\t\t\t\t\t<tr><td>S-SSL Hostname:</td><td></td></tr>\r\n\r\n\r\n\t\t\t\t\t\t<tr><td>S-SSL Cipher:</td><td>none</td></tr>\r\n\t\t\t\t\t\t<tr><td>S-SSL Cipher Strength:</td><td> none</td></tr>\r\n\t\t\t\t\t\t<tr><td>S-SSL Version:</td><td></td></tr>\r\n\t\t\t\t\t\t<tr><td>S-Socket Error:</td><td></td></tr>\r\n\t\t\t\t\t\t<tr><td>C-SSL Fail Reason:</td><td></td></tr>\r\n\t\t\t\t\t\t<tr><td>C-SSL Cipher:</td><td>none</td></tr>\r\n\t\t\t\t\t\t<tr><td>C-SSL Cipher Strength:</td><td>none</td></tr>\r\n\t\t\t\t\t\t<tr><td colspan=\"2\"><br><u>DNS Information</u></td></tr>\r\n\t\t\t\t\t\t<tr><td>DNS Lookup Time:</td><td></td></tr>\r\n\t\t\t\t\t</TBODY>\r\n\r\n\t\t\t\t</table>\r\n\t\t\t</DIV>\r\n\r\n\r\n\t\t</DIV>\r\n\t\t<br><br>\r\n\t\t<i>--------------------------- End select/copy ---------------------------</i>\r\n\t</DIV>\r\n</body>\r\n</html>\r\n"
c:\Users\sampleuser\AppData\Local\Programs\Azure Data Studio\resources\app\node_modules.asar\zone.js\dist\zone-node.js:2280 [Extension Host] Error: Request failed with status code 400 at e.exports (c:\Users\sampleuser\AppData\Local\Programs\Azure Data Studio\resources\app\extensions\azurecore\dist\extension.js:16:99188)   at e.exports (c:\Users\sampleuser\AppData\Local\Programs\Azure Data Studio\resources\app\extensions\azurecore\dist\extension.js:16:134408)  at IncomingMessage.<anonymous> (c:\Users\sampleuser\AppData\Local\Programs\Azure Data Studio\resources\app\extensions\azurecore\dist\extension.js:166:54425)    at IncomingMessage.emit (events.js:208:15)  at endReadableNT (_stream_readable.js:1168:12)  at processTicksAndRejections (internal/process/task_queues.js:77:11)
c:\Users\sampleuser\AppData\Local\Programs\Azure Data Studio\resources\app\node_modules.asar\zone.js\dist\zone-node.js:2280 [Extension Host] Error: Error retrieving tenant information at e.getTenants (c:\Users\sampleuser\AppData\Local\Programs\Azure Data Studio\resources\app\extensions\azurecore\dist\extension.js:16:128464)   at processTicksAndRejections (internal/process/task_queues.js:85:5)
c:\Users\sampleuser\AppData\Local\Programs\Azure Data Studio\resources\app\node_modules.asar\zone.js\dist\zone-node.js:2280   ERR Error while adding account: TypeError: Cannot read property 'accountAdded' of undefined
aaomidi commented 4 years ago

Thank you! That's a bug I've not seen before!

aaomidi commented 4 years ago

@ravikd744, can you go to Settings -> Azure Authentication Method and turn on Code Grant Method and turn off Device Code Method?

I'm interested to see what happens with the code grant method - and we have more debugging there.

aaomidi commented 4 years ago

@ravikd744 Are you behind some sort of proxy? This error you have doesn't seem like a standard error?

ravikd744 commented 4 years ago

Yes it’s behind a corporate proxy. Strange enough, it works for another colleague behind the same proxy.

If I downgrade to v1.16 it works fine for me too.

On Mon, Jul 6, 2020 at 22:44 Amir Omidi notifications@github.com wrote:

@ravikd744 https://github.com/ravikd744 Are you behind some sort of proxy? This error you have doesn't seem like a standard error?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/microsoft/azuredatastudio/issues/10314#issuecomment-654565142, or unsubscribe https://github.com/notifications/unsubscribe-auth/AG32RLYJBP2HDQR4MFP4XX3R2KDYBANCNFSM4M4DU3SA .

-- Sent from Gmail Mobile

aaomidi commented 4 years ago

For folks who still have issues with azure sign in, could you please test this scenario on the latest insiders version again?

ravikd744 commented 4 years ago

Hi Amir,

I am still getting the same error, but with a different tag.

image

aaomidi commented 4 years ago

Could you please try this with code grant method @ravikd744

ravikd744 commented 4 years ago

Hi Amir,

its the same error :(

[Extension Host] logFile for SqlToolsResourceProviderService.exe is c:\Users\user\AppData\Roaming\azuredatastudio\logs\20200731T092421\exthost1\Microsoft.mssql\resourceprovider.log (at Object.t.getCommonLaunchArgsAndCleanupOldLogFiles (c:\Users\user\AppData\Local\Programs\Azure Data Studio - Insiders\resources\app\extensions\mssql\dist\main.js:1:16801)) C:\Users\user\AppData\Local\Programs\Azure Data Studio - Insiders\resources\app\node_modules.asar\zone.js\dist\zone-node.js:2280 [Extension Host] This process (ui Extenstion Host) is pid: 29032 (at Object.t.getCommonLaunchArgsAndCleanupOldLogFiles (c:\Users\user\AppData\Local\Programs\Azure Data Studio - Insiders\resources\app\extensions\mssql\dist\main.js:1:16853)) C:\Users\user\AppData\Local\Programs\Azure Data Studio - Insiders\resources\app\node_modules.asar\zone.js\dist\zone-node.js:2280 [Extension Host] Old log files deletion report: {} (at Object.t.getCommonLaunchArgsAndCleanupOldLogFiles (c:\Users\user\AppData\Local\Programs\Azure Data Studio - Insiders\resources\app\extensions\mssql\dist\main.js:1:16941)) C:\Users\user\AppData\Local\Programs\Azure Data Studio - Insiders\resources\app\node_modules.asar\zone.js\dist\zone-node.js:2280 [Extension Host] Starting WebSocket: ws://localhost:9662/api/kernels/f973332c-fd14-49a6-91f9-63691f44d726 (at g._createSocket (c:\Users\user\AppData\Local\Programs\Azure Data Studio - Insiders\resources\app\extensions\notebook\dist\extension.js:217:362151)) C:\Users\user\AppData\Local\Programs\Azure Data Studio - Insiders\resources\app\node_modules.asar\zone.js\dist\zone-node.js:2280 [Extension Host] TypeError: Cannot read property 'map' of undefined - (at Function.log (c:\Users\user\AppData\Local\Programs\Azure Data Studio - Insiders\resources\app\extensions\azurecore\dist\extension.js:16:65576)) C:\Users\user\AppData\Local\Programs\Azure Data Studio - Insiders\resources\app\node_modules.asar\zone.js\dist\zone-node.js:2280 [Extension Host] Error: Error retrieving tenant information - (at Function.error (c:\Users\user\AppData\Local\Programs\Azure Data Studio - Insiders\resources\app\extensions\azurecore\dist\extension.js:16:65672)) console. @ C:\Users\user\AppData\Local\Programs\Azure Data Studio - Insiders\resources\app\node_modules.asar\zone.js\dist\zone-node.js:2280 C:\Users\user\AppData\Local\Programs\Azure Data Studio - Insiders\resources\app\node_modules.asar\zone.js\dist\zone-node.js:2280 ERR Error while adding account: TypeError: Cannot read property 'canceled' of undefined

cssuh commented 1 year ago

closed with #18296