Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Oracle Authentication From Dot Net

Status
Not open for further replies.
ClevelandSteve

ClevelandSteve

Programmer
Apr 22, 2004
22
US
I apologize if this is not the correct board for this question. I have an asp.net (2.0) login page where I want the user to enter their Oracle (10g) user name and password. I want to pass this to the database for authentication, and then return to the web application if the account succeeded or failed. I have been searching the web for a solution, but haven’t found what I am looking for. Could someone point me in the right direction?
 
Sort by date Sort by votes
Nope that article uses a static user name and password in the connection string, which is what I’m trying to get away from. Thanks for the look though.
 
Upvote 0 Downvote
Steve,

Is your requirement to authenticate the user's name and password, without hard-coding them in a connection string (for obvious security reasons), or is it solely to do with ASP?

T

Grinding away at things Oracular
 
Upvote 0 Downvote
The web application I’m building will allow end users of the database to edit some fields in the dimension tables. The end users already have passwords for use with Discoverer. Rather then set up a second set of user accounts on the dot net side we would like to use the accounts already in Oracle. That way we only need to maintain one set of accounts and can log their actions when they are logged in as themselves. Now I know how to pass the user supplied name and password in a connection string, query the user table, count the number of returned records and all that; but the db guy (I’m the web guy) says there is a call to Oracle I can use that will return user account valid, user account failed, user password expired, etc. The db guy can’t get any more specific and I haven’t found any documentation on this. Does anyone know of such a feature or should I just stick with what I know?
 
Upvote 0 Downvote
Steve,

I've done a fair bit of security work with Oracle, and there is a function stub provided by oracle, for vetting passwords, but nothing more that I know of.

If your username and password for discoverer allows you to connect and query the user table, then the account must be unlocked and the password must be valid. Why do you need to check this, if you know that your user's status is good, because they're talking to Oracle already?

connecting to oracle from a web app, or discoverer or anything else, depends on a valid username and password. The password can't be fine for discoverer and fail for a web app, unless something hidden is going on behind the scenes.

Sorry if I'm missing the point.

T

Grinding away at things Oracular
 
Upvote 0 Downvote
Well that’s what I want to do: have the user enter the Discoverer user name and password into a web login page, pass those entries as part of the connections string, test the connection string to see if it can establish a connection, on connection the user is authenticated and on failure the user gets “Sorry…” But the db guy isn’t happy with this. He want me to use the Oracle call described in the above post.
 
Upvote 0 Downvote
Steve,

your oracle guy needs to think again. His requirement is impossible to satisfy. If you pass a user name and password via the connection string, and they're invalid, you won't be able to do anything with the oracle db in question, let alone invoke a stored procedure.

You can't invoke the stored proc unless you validate, but to validate, you have to invoke the stored proc.

This appears to be first class drivel being spouted by someone in the name of security, without having thought it through.

Why don't you ask this genius precisely how you can invoke an oracle authentication procedure of any nature, without first having a valid user name and password to get through to the db?

T

Grinding away at things Oracular
 
Upvote 0 Downvote
That’s what I was thinking, but I don’t do much Oracle development so I thought he knew of a feature I wasn’t familiar with. After many hours of searching and finding nothing I posted the question to this group. Thank you for your time tharg.
 
Upvote 0 Downvote
Steve,

I have a solution for you if you're interested. I (and many others before me) have solved this one long since.

If you're still up against it, let me know.

T

Grinding away at things Oracular
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

TheLazyPig
  • Locked
  • Question
Oracle Data Validation 1
Replies
4
Views
246
TheLazyPig
TheLazyPig
KeyserSoze
  • Locked
  • Question
TOAD for Oracle - Icons
Replies
1
Views
283
Andrzejek
Andrzejek
Andrzejek
  • Locked
  • Question
Show value from DATA_DEFAULT field 1
Replies
2
Views
869
Andrzejek
Andrzejek
gc6294
  • Locked
  • Question
Search for a character in Oracle SQL statement 1
Replies
3
Views
207
Andrzejek
Andrzejek
mibeach7
  • Locked
  • Question
OEM extract ORA- from string text 1
Replies
2
Views
207
mibeach7
mibeach7

Part and Inventory Search

Sponsor

Back
Top