问题
Is there a way to set up a Kerberos authentication using a Managed Data Access?
We have a C# application which connects to our Oracle database for getting/inserting some data.
I have to implement a Kerberos authentication upon each user's connection to the Oracle database.
Following this link I have managed to set up a Kerberos user on our DB. The rest of the steps are already implemented, as Oracle Client is Dropped on most of users' PCs. However, there are some users that don't have Oracle Client Dropped on their PCs, so I need to find a way to somehow set up those settings in the app.config.
sqlnet.ora file:
SQLNET.AUTHENTICATION_SERVICES=(kerberos5pre) SQLNET.KERBEROS5_CC_NAME=**** SQLNET.KERBEROS5_CONF=**** SQLNET.KERBEROS5_CONF_MIT=true SQLNET.AUTHENTICATION_KERBEROS5_SERVICE=oracle SQLNET.FALLBACK_AUTHENTICATION=TRUE
and the krb5.conf file's settings:
[libdefaults]
default_realm = *****
dns_lookup_realm = false dns_lookup_kdc = true
passwd_check_s_address = false udp_preference_limit =
kdc_timesync =
[domain_realm] ***** = ****
I have seen this link but I haven't managed to set up the right settings.
I have imagined it, something like this:
app.config:
<oracle.unmanageddataaccess.client>
<version number="*">
<settings>
<setting name="TraceOption" value="7"/>
<setting name="PerformanceCounters" value="0"/>
<setting name="SQLNET.AUTHENTICATION_SERVICES" value="kerberos5pre"/>
</settings>
<dataSources>
<dataSource alias="SampleDataSource" descriptor="(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=localhost)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=ORCL))) "/>
</dataSources>
</version>
</oracle.unmanageddataaccess.client>
And code:
string ProviderName = "Oracle.ManagedDataAccess.Client";
DbProviderFactory factory = DbProviderFactories.GetFactory(ProviderName);
DbDataSourceEnumerator dsenum = factory.CreateDataSourceEnumerator();
DataTable dt = dsenum.GetDataSources();
OracleConnectionStringBuilder csb = new OracleConnectionStringBuilder
{
DataSource = (string)dt.Rows[1][1],
Pooling = false
};
_connectionString = csb.ToString();
_con = new OracleConnection(_connectionString);
_con.Open();
回答1:
The oracle managed driver expects has dependency with MIT Kerberos. section 3.3.7.2 from the Shared Link. Have you tried installing it on the client machine
回答2:
Managed ODP.NET supports only Kerberos5 and no pre version is supported. Also please make sure it is 12.2 version:
SQLNET.AUTHENTICATION_SERVICES=(kerberos5)
来源:https://stackoverflow.com/questions/45108132/kerberos-on-c-sharp-oracle-managed-connection