FirebirdSql.Data.FirebirdClient connecting with a user other than Sysdba - username and password are not defined

Question

I use FirebirdSql.Data.FirebirdClient to connect to a Firebird database (WPF desktop app).

Server Version: WI-V3.0.5.33220 Firebird 3.0, and ADO.net provider version is 7.5.0 (NuGet)

I created a user other than SYSDBA that only has read only access to the tables (only SELECT). Connecting with FlameRobin works without problems with this new user. However, when I specify this new user and corresponding read-only role in the FbConnectionStringBuilder class, I get a

"your username and password are not defined"

error. If I replace the new user by SYSDBA and corresponding password, the connection works.

using FirebirdSql.Data.FirebirdClient;

namespace Test
{
    class DBConnection
    {
        FbConnection fbConnection;
        public void CreateConnection() 
        {
            FbConnectionStringBuilder builder = new FbConnectionStringBuilder();
            builder.Charset = "WIN1252";
            builder.Database = "firebird2:DB_NAME";
            builder.Dialect = 3;
            builder.Role = "READ_ONLY_OTN";
            builder.UserID = "TEST";
            builder.Password = "Test";
            builder.ServerType = FbServerType.Default;
            fbConnection = new FbConnection(builder.ConnectionString);
            fbConnection.Open();
        }
    }
}

What could be the cause for this error other than a wrong password (I checked it twice and also with FlameRobin)?

Answer 1

The problem is that, when connecting to Firebird 3, the Firebird ADO.net provider (FirebirdSql.Data.FirebirdClient) only supports the new SRP authentication plugin, not the Legacy_Auth authentication plugin. If your user is created using the Legacy_UserManager, then you cannot authenticate using the Firebird ADO.net provider. You need to create the user using Srp.

Depending on your exact Firebird config, you need to add Srp to the UserManager config list, and then create the user with:

create user <youruser> password '<password>' using plugin srp;

For security reasons, I would recommend that you drop the user create with Legacy_UserManager:

drop user <youruser> using plugin legacy_usermanager;

I would also recommend that you remove Legacy_UserManager from the UserManager list, or make sure that Srp is first in the list, to avoid accidentally creating users with the less secure user manager (executing SQL user management statements without the using plugin <plugin> clause will default to the first user manager in the list).