locked
ASP.NET OS authentication Logon Oracle RRS feed

  • 問題

  • I had develope a web service wanted to uses the OS authentication to logon Oracle.

     

    From developemnt machine (XP) is workfine and once setup in win2003/IIS6,

    it always get Logon Denied (invalid username/password) get back from Oracle

     

    however, when I using the command line sqlplus /@SID, it could be success login to Oracle in server with the same account.

     

    Is there any .NET configuration need to be done?

     

    The story is:

     

    A-Server-ASP.NET Web Application using impersonate to connect

    B-Server-VB.NET-WebService, connectionstring="integrated security=yes;Data Source=dbSID;User Id=/;" logon on to

    C-Server-Oracle, already using NTS be auth, can be logon to sqlplus /@dbSID in command prompt and even TOAD ...

     

    We use AD to be the account management ...

     

    Please help ... I would like to reclaim that it is workfine in XP developement machine, but when it setup in W2K3 ...

    2008年10月9日 上午 11:53

解答

所有回覆

  • Hello!

     

    I'm Florin G.

     

    I haven't worked with Oracle connection for this moment but I think that your problem is at connectionstring.

     

    Bye,

     

    2008年10月15日 上午 08:28
  • Due to different IIS worker process handling method, you will result in the following situation in your scenarios:

    1. For A-Server, you will result in using the "ASPNET" local account to access the Oracle database.

    2. For B-Server, you will result in using the client's login account (i.e. AD account) to access the Oracle databse.

     

    In other to make scenario (1) works, you have to add to your web.config inside the <system.web></system.web> section:

     

    <identity impersonate="true" />

     

    Hope it can help.

    2008年10月15日 上午 09:10
  • Thanks all for interest,

    About the connection string, I uses the "User Id=/;" to indicate the impersonate for account and it work fine if doing in application in other project.

    For both A and B server web service, impersonate="true" are both added.

    A server noted as impersonate=true and specific domain user can identify in B server web service (web user identity)

    I think the critical point is: A Server authorize the domain user logon and connect to B server, assume to useing the authorized privilege by A, to access C, the Oracle database through B, just like a pass through of authentication.


    I'm now getting for a work around that hard code another granted domain user account as

    <identity impersonate=true username=domainuser password=password/> in web.config to made it work first ....

    It is not really a solution since the connectivity is broken into two pieces:

    From A to B, then B to C ...


    Any one get idea?
    2008年10月15日 下午 02:05
  • Please have a look on the following link about Oracle integrating with ASP.NET

     

    Oracle Access Manager supports the ASP.NET component of the Microsoft .NET Framework, which developers can use to build, deploy, and run Web applications and distributed applications..........

    http://download.oracle.com/docs/cd/B28196_01/idmanage.1014/b25347/aspdotnet.htm

     

    2009年1月12日 上午 06:14