Why do I need db_owner to open a connection

I've created a Sql Server database (through Visual Studio) and in it I created a user in the database. I gave that user membership in the db_datareader and db_datawriter roles.

When I try to open a connection I get the below exception. If I add the user to the db_owner role, then it works. Why? Shouldn't db_datareader be sufficient to open a connection?

System.Data.SqlClient.SqlException
  HResult=0x80131904
  Message=A connection was successfully established with the server, but then an error occurred during the login process. (provider: Named Pipes Provider, error: 0 - No process is on the other end of the pipe.)
  Source=.Net SqlClient Data Provider
  StackTrace:
   at LicenseLibrary.Database.AzureDataAccess.<>c__DisplayClass15_0.<ExecuteAction>b__0() in C:\git\Store\LicenseLibrary\Database\AzureDataAccess.cs:line 150

Inner Exception 1:
Win32Exception: No process is on the other end of the pipe

Update: I am creating the DB using a number of .sql scripts that VisualStudio runs to create the database. The ones for this are (lines with "GO;" removed:

CREATE USER [readwrite] WITH PASSWORD = N'**************';
CREATE USER [readonly] WITH PASSWORD = N'************';
ALTER ROLE [db_datareader] ADD MEMBER [readonly];
ALTER ROLE [db_datareader] ADD MEMBER [readwrite];
ALTER ROLE [db_datawriter] ADD MEMBER [readwrite];

Also, it's a weird exception for failing on a role it wants - saying there's no process.

I have an example in TestDatabaseRoles.zip - 3 lines of code tomake it happen (need the database in the zip too).

First, as background that error message is a generic connection failure message whose details are withheld from the client for security reasons. You need to look in the SQL Logs to see the real errors.

readwrite is a contained database user, so lots of things can fail.

The login failure message in the SQL Log will be something like:

Login failed for user 'readwrite'. Reason: Could not find a login matching the name provided. [CLIENT: <named pipe>]

if contained database authentication is not configured, or

Login failed for user 'readwrite'. Reason: Failed to open the specified database. [CLIENT: <local machine>]

if the database name is wrong or the user lacks the CONNECT permission, or

Login failed for user 'readwrite'. Reason: Password did not match that for the user provided. [Database: 'Database1'] [CLIENT: <local machine>]

if the password is incorrect.

In summary, all of the following must be true for the connection to succeed:

1) The instance must have contained database authentication enabled, with

exec sp_configure 'contained database authentication', 1;  
GO  
RECONFIGURE ;  

2) The database must be set to partial containment.

alter database Database1 set containment = partial

3) The user must have the CONNECT permission (which db_owner already has).

grant connect to readwrite