DEVHIDE
Login Or Sign up

Kerberos Authentication in Oracle 12.2.0.1 with KERBEROS5PRE service and Cred Cache OSMSFT

2.3k Views Asked by At

I am trying to connect a web api that uses EntityFW and Oracle.ManagedDataAccess to an Oracle 12c (12.2.0.1)

I have to use Kerberos Authentication with following parameters

SQLNET.KERBEROS5_CONF=C:\temp\krb5.conf
SQLNET.KERBEROS5_CONF_MIT=TRUE
SQLNET.AUTHENTICATION_KERBEROS5_SERVICE=orakrb
SQLNET.KERBEROS5_CC_NAME=OSMSFT:                 
SQLNET.AUTHENTICATION_SERVICES=(KERBEROS5PRE,KERBEROS5)

Even though I have KERBEROS5 in the AUTHENTICATION_SERVICES

I figured that it actually does not work by using the setup below

SQLNET.KERBEROS5_CONF=C:\temp\krb5.conf
SQLNET.KERBEROS5_CONF_MIT=TRUE
SQLNET.AUTHENTICATION_KERBEROS5_SERVICE=orakrb
SQLNET.KERBEROS5_CC_NAME=MSLSA:                 
SQLNET.AUTHENTICATION_SERVICES=(KERBEROS5)

So my effective configuration is like

SQLNET.KERBEROS5_CONF=C:\temp\krb5.conf
SQLNET.KERBEROS5_CONF_MIT=TRUE
SQLNET.AUTHENTICATION_KERBEROS5_SERVICE=orakrb
SQLNET.KERBEROS5_CC_NAME=OSMSFT:                 
SQLNET.AUTHENTICATION_SERVICES=(KERBEROS5PRE)

I have following embedded in my web.config

<oracle.manageddataaccess.client>
    <version number="*">
      <settings>
        <setting name="sqlnet.kerberos5_conf" value="C:\temp\krb5.conf" />
        <setting name="sqlnet.kerberos5_cc_name" value="OSMSFT://" />
        <setting name="sqlnet.authentication_services" value="(Kerberos5pre)" />
        <setting name="sqlnet.kerberos5_conf_mit" value="TRUE" />
        <setting name="sqlnet.authentication_kerberos5_service" value="orakrb" />
        </settings>
    </version>
  </oracle.manageddataaccess.client>

I am not being authenticated at all (I verified the running user and it is correct)

Stack Dump

{
  "Message": "An error has occurred.",
  "ExceptionMessage": "An error occurred accessing the database. This usually means that the connection to the database failed. Check that the connection string is correct and that the appropriate DbContext constructor is being used to specify it or find it in the application's config file. See http://go.microsoft.com/fwlink/?LinkId=386386 for information on DbContext and connections. See the inner exception for details of the failure.",
  "ExceptionType": "System.Data.Entity.Core.ProviderIncompatibleException",
  "StackTrace": "   at System.Data.Entity.Utilities.DbProviderServicesExtensions.GetProviderManifestTokenChecked(DbProviderServices providerServices, DbConnection connection)\r\n   at System.Data.Entity.Infrastructure.DefaultManifestTokenResolver.<>c__DisplayClass1.<ResolveManifestToken>b__0(Tuple`3 k)\r\n   at System.Collections.Concurrent.ConcurrentDictionary`2.GetOrAdd(TKey key, Func`2 valueFactory)\r\n   at System.Data.Entity.Infrastructure.DefaultManifestTokenResolver.ResolveManifestToken(DbConnection connection)\r\n   at System.Data.Entity.Utilities.DbConnectionExtensions.GetProviderInfo(DbConnection connection, DbProviderManifest& providerManifest)\r\n   at System.Data.Entity.DbModelBuilder.Build(DbConnection providerConnection)\r\n   at System.Data.Entity.Internal.LazyInternalContext.CreateModel(LazyInternalContext internalContext)\r\n   at System.Data.Entity.Internal.RetryLazy`2.GetValue(TInput input)\r\n   at System.Data.Entity.Internal.LazyInternalContext.InitializeContext()\r\n   at System.Data.Entity.Internal.InternalContext.GetEntitySetAndBaseTypeForType(Type entityType)\r\n   at System.Data.Entity.Internal.Linq.InternalSet`1.Initialize()\r\n   at System.Data.Entity.Internal.Linq.InternalSet`1.get_InternalContext()\r\n   at System.Data.Entity.Infrastructure.DbQuery`1.System.Linq.IQueryable.get_Provider()\r\n   at System.Linq.Queryable.Where[TSource](IQueryable`1 source, Expression`1 predicate)\r\n   at ffma.idm.facade.Factset.BenchmarkFacade`1.GetAllActive() in C:\\Development\\ffma.dmp.web\\ffma.idm.facade\\Factset\\BenchmarkFacade.cs:line 23\r\n   at ffma.idm.facade.Factset.BenchmarkFacade`1.Query(String benchmarkIds, String currencies, Nullable`1 effectiveFromDate, Nullable`1 effectiveToDate, Nullable`1 isHedegedReturn) in C:\\Development\\ffma.dmp.web\\ffma.idm.facade\\Factset\\BenchmarkFacade.cs:line 190\r\n   at ffma.idm.facade.Factset.BenchmarkFacade`1.GetByNameMatch(BenchmarkNameWildCardSearchRequest searchReq) in C:\\Development\\ffma.dmp.web\\ffma.idm.facade\\Factset\\BenchmarkFacade.cs:line 86\r\n   at ffma.api.dmp.marketdata.Controllers.MarketDataController.<>c__DisplayClass18_0.<FindByBenchmarkNameAndDates>b__0() in C:\\Development\\ffma.dmp.web\\ffma.api.dmp.marketdata\\Controllers\\IDM\\MarketDataController.cs:line 293\r\n   at System.Threading.Tasks.Task`1.InnerInvoke()\r\n   at System.Threading.Tasks.Task.Execute()\r\n--- End of stack trace from previous location where exception was thrown ---\r\n   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)\r\n   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n   at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult()\r\n   at ffma.api.dmp.marketdata.Controllers.MarketDataController.<FindByBenchmarkNameAndDates>d__18.MoveNext() in C:\\Development\\ffma.dmp.web\\ffma.api.dmp.marketdata\\Controllers\\IDM\\MarketDataController.cs:line 292\r\n--- End of stack trace from previous location where exception was thrown ---\r\n   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)\r\n   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n   at System.Threading.Tasks.TaskHelpersExtensions.<CastToObject>d__3`1.MoveNext()\r\n--- End of stack trace from previous location where exception was thrown ---\r\n   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)\r\n   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n   at System.Web.Http.Controllers.ApiControllerActionInvoker.<InvokeActionAsyncCore>d__0.MoveNext()\r\n--- End of stack trace from previous location where exception was thrown ---\r\n   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)\r\n   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n   at System.Web.Http.Filters.ActionFilterAttribute.<CallOnActionExecutedAsync>d__5.MoveNext()\r\n--- End of stack trace from previous location where exception was thrown ---\r\n   at System.Web.Http.Filters.ActionFilterAttribute.<CallOnActionExecutedAsync>d__5.MoveNext()\r\n--- End of stack trace from previous location where exception was thrown ---\r\n   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)\r\n   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n   at System.Web.Http.Filters.ActionFilterAttribute.<ExecuteActionFilterAsyncCore>d__0.MoveNext()\r\n--- End of stack trace from previous location where exception was thrown ---\r\n   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)\r\n   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n   at System.Web.Http.Controllers.ActionFilterResult.<ExecuteAsync>d__2.MoveNext()\r\n--- End of stack trace from previous location where exception was thrown ---\r\n   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)\r\n   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n   at System.Web.Http.Filters.AuthorizationFilterAttribute.<ExecuteAuthorizationFilterAsyncCore>d__2.MoveNext()\r\n--- End of stack trace from previous location where exception was thrown ---\r\n   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)\r\n   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n   at System.Web.Http.Filters.AuthorizationFilterAttribute.<ExecuteAuthorizationFilterAsyncCore>d__2.MoveNext()\r\n--- End of stack trace from previous location where exception was thrown ---\r\n   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)\r\n   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n   at System.Web.Http.Controllers.ExceptionFilterResult.<ExecuteAsync>d__0.MoveNext()\r\n--- End of stack trace from previous location where exception was thrown ---\r\n   at System.Web.Http.Controllers.ExceptionFilterResult.<ExecuteAsync>d__0.MoveNext()\r\n--- End of stack trace from previous location where exception was thrown ---\r\n   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)\r\n   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n   at System.Web.Http.Dispatcher.HttpControllerDispatcher.<SendAsync>d__1.MoveNext()",
  "InnerException": {
    "Message": "An error has occurred.",
    "ExceptionMessage": "The provider did not return a ProviderManifestToken string.",
    "ExceptionType": "System.Data.Entity.Core.ProviderIncompatibleException",
    "StackTrace": "   at System.Data.Entity.Core.Common.DbProviderServices.GetProviderManifestToken(DbConnection connection)\r\n   at System.Data.Entity.Utilities.DbProviderServicesExtensions.GetProviderManifestTokenChecked(DbProviderServices providerServices, DbConnection connection)",
    "InnerException": {
      "Message": "An error has occurred.",
      "ExceptionMessage": "ORA-01017: invalid username/password; logon denied",
      "ExceptionType": "Oracle.ManagedDataAccess.Client.OracleException",
      "StackTrace": "   at OracleInternal.ConnectionPool.PoolManager`3.Get(ConnectionString csWithDiffOrNewPwd, Boolean bGetForApp, CriteriaCtx criteriaCtx, String affinityInstanceName, Boolean bForceMatch)\r\n   at OracleInternal.ConnectionPool.OraclePoolManager.Get(ConnectionString csWithNewPassword, Boolean bGetForApp, CriteriaCtx criteriaCtx, String affinityInstanceName, Boolean bForceMatch)\r\n   at OracleInternal.ConnectionPool.OracleConnectionDispenser`3.Get(ConnectionString cs, PM conPM, ConnectionString pmCS, SecureString securedPassword, SecureString securedProxyPassword, CriteriaCtx criteriaCtx)\r\n   at Oracle.ManagedDataAccess.Client.OracleConnection.Open()\r\n   at Oracle.ManagedDataAccess.EntityFramework.EFOracleProviderServices.GetDbProviderManifestToken(DbConnection connection)\r\n   at System.Data.Entity.Core.Common.DbProviderServices.GetProviderManifestToken(DbConnection connection)"
    }
  }
}

I managed to work most of my organization's tools work apart from the API

  • sqlplus (command line)
  • python
  • pycharm's datagrip
  • Power BI
  • SSIS
  • etc..

Starting to believe first answer of the following link is correct but has no documented proof of it

Kerberos on C# Oracle Managed connection

Any assistance appreciated

oracle kerberos mit-kerberos oracle.manageddataaccess
Original Q&A
1

There are 1 best solutions below

0
On

According to

https://docs.oracle.com/en/database/oracle/oracle-database/12.2/odpnt/InstallManagedConfig.html#GUID-A9EF5624-1828-46DD-84D1-CC5F40BFB6F5

KERBEROS5PRE is not supported by ODP.NET, Managed Driver

Answer by Anand Krishna in the link below is correct from a different thread

Kerberos on C# Oracle Managed connection

Related Questions in ORACLE

Related Questions in KERBEROS

Related Questions in MIT-KERBEROS

Related Questions in ORACLE.MANAGEDDATAACCESS

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.