Re: Need OS User from Web Service call

  • From: Job Miller <jobmiller@xxxxxxxxx>
  • To: "tkiernan@xxxxxxxxxxx" <tkiernan@xxxxxxxxxxx>, "JChirco@xxxxxxxxxx" <JChirco@xxxxxxxxxx>, "oracle-l@xxxxxxxxxxxxx" <oracle-l@xxxxxxxxxxxxx>
  • Date: Fri, 11 Jan 2013 10:52:58 -0800 (PST)

The real end user making the call is lost when you go through a mid-tier, 
unless you explicitly propagate the identity of the client to the mid-tier, and 
have the mid-tier propagate it back to the db tier.
The documentation covers the two approaches that are possible:

http://docs.oracle.com/cd/E11882_01/network.112/e16543/authentication.htm#CHDBAHIB



Preserving User Identity in Multitiered Environments
Many organizations want to know who the user is through all tiers of 
an application without sacrificing the benefits of a middle tier. Oracle 
Database supports the following ways to preserve user identity through 
the middle tier of an application:
        * Using a Middle Tier Server for Proxy Authentication
        * Using Client Identifiers to Identify Application Users Not Known to 
the Database


The later of those, using a client identifier is the easiest.   It than shows 
up in CLIENT_IDENTIFIER of V$session, instead of "OS USER"




________________________________
 From: TJ Kiernan <tkiernan@xxxxxxxxxxx>
To: JChirco@xxxxxxxxxx; oracle-l@xxxxxxxxxxxxx 
Cc: TJ Kiernan <tkiernan@xxxxxxxxxxx> 
Sent: Friday, January 11, 2013 1:23 PM
Subject: RE: Need OS User from Web Service call
 
Change the default 
   SQLNET.AUTHENTICATION_SERVICES= (NTS)
to 
   SQLNET.AUTHENTICATION_SERVICES= (NONE)

in the client's sqlnet.ora.  Worked for us (there may be some odp.net 
parameters I'm also unaware of, so sorry if this is an incomplete answer).

Thanks,
T. J.
 

-----Original Message-----
From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx] On 
Behalf Of Jeff Chirco
Sent: Friday, January 11, 2013 10:27 AM
To: oracle-l@xxxxxxxxxxxxx
Subject: Need OS User from Web Service call

Currently for our .Net applications call a web service that runs in IIS which 
then access the Oracle database.  When I query v$session the OS User listed as 
making the call shows as "SYSTEM".  Does anybody know if it is possible to have 
the actual OS User that made the originating call?  I am not sure if this is 
possible because the call is going through a middle tier.
Thanks.

--
//www.freelists.org/webpage/oracle-l


--
//www.freelists.org/webpage/oracle-l

--
//www.freelists.org/webpage/oracle-l


Other related posts: