Npgsql: No password has been provided but the backend requires one (in MD5)

Created on 25 May 2016  路  4Comments  路  Source: npgsql/npgsql

Environment:

  • Npgsql 3.1.2.0
  • EntityFramework6.Npgsql 3.1.0

Code:

public void ExecuteQuery(string sqlQuery, Action<NpgsqlCommand> action)
{
            if (db.Database.Connection.State == ConnectionState.Open)
            {
                NpgsqlCommand command = new NpgsqlCommand(sqlQuery, (NpgsqlConnection)db.Database.Connection);

                action(command);
            }
            else
            {
                using (NpgsqlConnection conn = new NpgsqlConnection(db.Database.Connection.ConnectionString))
                {
                    conn.Open();

                    NpgsqlCommand command = new NpgsqlCommand(sqlQuery, conn);

                    action(command);

                    conn.Close();
                }
            }

 }

var sqlCommand = "SELECT [...]";

ExecuteQuery(sqlCommand, (command) =>
{
                var reader = command.ExecuteReader();

                while (reader.Read())
                {
                    id = reader[0] as long
                }
 });

Stacktrace:

 at Npgsql.NpgsqlConnector.ProcessAuthenticationMessage(String username, AuthenticationRequestMessage msg)

 at Npgsql.NpgsqlConnector.HandleAuthentication(String username, NpgsqlTimeout timeout)

 at Npgsql.NpgsqlConnector.Open(NpgsqlTimeout timeout)

 at Npgsql.ConnectorPool.Allocate(NpgsqlConnection conn, NpgsqlTimeout timeout)

 at Npgsql.NpgsqlConnection.OpenInternal()

 at Horus.Repositories.ContentBaseRepository.ExecuteQuery(String sqlQuery, Action`1 action)

Any ideas?

Thanks,
Cristi

picture cristipufu
😄1

Most helpful comment

This is because of the Persist Security Info feature, which has been implemented in 3.1. Once a conneciton is open, getting its connection string will return it without a password. This is a security feature that allows you to pass around (open) NpgsqlConnection instances without having to worry about someone extracting the password from it.

The easiest way to work around this is simply to set Persist Security Info to true, which will make things work like in 3.0. Otherwise you need some external way to get the password, i.e. not from the connection.

picture roji on 25 May 2016
👍4

All 4 comments

This is because of the Persist Security Info feature, which has been implemented in 3.1. Once a conneciton is open, getting its connection string will return it without a password. This is a security feature that allows you to pass around (open) NpgsqlConnection instances without having to worry about someone extracting the password from it.

The easiest way to work around this is simply to set Persist Security Info to true, which will make things work like in 3.0. Otherwise you need some external way to get the password, i.e. not from the connection.

roji picture roji on 25 May 2016
👍4

@roji that page you linked to. Is there anywhere to contribute to fixing that page? It's not readable.

phillip-haydon picture phillip-haydon on 25 Nov 2016

@phillip-haydon you mean this page http://www.npgsql.org/doc/connection-string-parameters.html? Apart from some table formatting issues it seems OK to me...

If you'd like to submit PRs for the site, it's backed by this repo. There should be "contribute to this page" links but there are some issues with the site generation program (docfx).

roji picture roji on 25 Nov 2016

@roji yeah for formatting. Make it readable. I'm happy to fix it :)

phillip-haydon picture phillip-haydon on 25 Nov 2016
Was this page helpful?
0 / 5 - 0 ratings

Related issues

tghamm picture tghamm  路  4Comments
austindrenski picture austindrenski  路  5Comments
abelykh0 picture abelykh0  路  3Comments
Rodriguevb picture Rodriguevb  路  3Comments
miniBill picture miniBill  路  4Comments