3

I have database in Oracle and application designed in ASP.NET. I want to check user authentication before they can access application. Users are created in Oracle not in application's table.

Is it possible to authenticate Oracle database users using asp.net?

The application uses WebForms and Oracle .NET Data Provider library.

EDIT

  1. First page is login where user enters Oracle username and password
  2. System connects to Oracle and authenticates user. Please remember users are created in Oracle not in application tables.
  3. If valid user then show application pages.

(I can successfully connect to Oracle but cannot authenticate Oracle users)

mrd
  • 2,095
  • 6
  • 23
  • 48
  • 3
    It most definitely is...but you will get a much better answer if you include some more information about your application. Eg. What version, what framwork (MVC, WebApi, even Web Forms) and what sort of authentication you would like to use – ste-fu Nov 15 '17 at 15:25
  • Of course it is. But for this you will need to implement the full authentication functionality in asp.net. Links posted by jstreet are pretty helpful – suomi-dev Nov 16 '17 at 15:22
  • Application I am programming is ASP.NET. Database is Oracle. Of course, the first page every user sees is login page. Type in user name and password. But is that what you are looking for? You say you want to check user authentication before they access application, but does that mean you want them to login first or not? Like @ste-fu says, please provide more information. – Just a HK developer Nov 17 '17 at 03:17
  • If the users are created in oracle, how are the passwords hashed? Or do you want to pass each user's credentials through on each request to the db? – ste-fu Nov 17 '17 at 08:00
  • Added some more info. Hope this helps. – mrd Nov 17 '17 at 09:18
  • [THIS POST](https://stackoverflow.com/questions/28878718/asp-net-mvc5-keeping-users-in-oracle-database) is all you're going to need. It worked pretty well for me. – jsanalytics Nov 18 '17 at 01:09

2 Answers2

5

This sample web form app follows the steps outlined HERE in order to authenticate users from an Oracle database. The app creates a RestrictedPage in a restricted folder accessible only to authenticated users. Anonymous users trying to access the restricted page are redirected to the Login page. And once an authenticated user logs out, the app redirects it to the Default home page.

enter image description here

RestrictedPage.aspx:

<asp:Content ID="Content1" ContentPlaceHolderID="MainContent" runat="server">
    <h1>Restricted Page</h1>
    <asp:GridView ID="GridView1" runat="server" AllowPaging="True" AutoGenerateColumns="False" DataKeyNames="EMPLOYEE_ID" DataSourceID="SqlDataSource1">
    <Columns>
        <asp:BoundField DataField="EMPLOYEE_ID" HeaderText="EMPLOYEE_ID" ReadOnly="True" SortExpression="EMPLOYEE_ID" />
        <asp:BoundField DataField="FIRST_NAME" HeaderText="FIRST_NAME" SortExpression="FIRST_NAME" />
        <asp:BoundField DataField="LAST_NAME" HeaderText="LAST_NAME" SortExpression="LAST_NAME" />
        <asp:BoundField DataField="EMAIL" HeaderText="EMAIL" SortExpression="EMAIL" />
    </Columns>
</asp:GridView>
<asp:SqlDataSource ID="SqlDataSource1" runat="server" ConnectionString="<%$ ConnectionStrings:ConnectionString %>" ProviderName="<%$ ConnectionStrings:ConnectionString.ProviderName %>" SelectCommand="select employee_id, first_name, last_name, email from hr.employees where employee_id &lt; 150"></asp:SqlDataSource>
</asp:Content>

Site.Master: showing only the div of interest. The rest is the standard boilerplate markup created by VS project template.

<div class="navbar-collapse collapse">
    <ul class="nav navbar-nav">
        <li><a runat="server" href="~/">Home</a></li>
        <li><a runat="server" href="~/About">About</a></li>
        <li><a runat="server" href="~/Contact">Contact</a></li>
        <li><a runat="server" href="~/Restricted/RestrictedPage">Restricted</a></li>
    </ul>
    <asp:LoginView runat="server" ViewStateMode="Disabled">
        <AnonymousTemplate>
            <ul class="nav navbar-nav navbar-right">
                <li><a runat="server" href="~/Account/Register">Register</a></li>
                <li><a runat="server" href="~/Account/Login">Log in</a></li>
            </ul>
        </AnonymousTemplate>
        <LoggedInTemplate>
            <ul class="nav navbar-nav navbar-right">
                <li><a runat="server" href="~/Account/Manage" title="Manage your account">Hello, <%: Context.User.Identity.GetUserName()  %> !</a></li>
                <li>
                    <asp:LoginStatus runat="server" LogoutAction="Redirect" LogoutText="Log off" LogoutPageUrl="~/" OnLoggingOut="Unnamed_LoggingOut" />
                </li>
            </ul>
        </LoggedInTemplate>
    </asp:LoginView>
</div>

IdentityModels.cs: this is the method added for creating/associating entity models to the corresponding Oracle schema tables.

protected override void OnModelCreating(DbModelBuilder modelBuilder)
{
    base.OnModelCreating(modelBuilder); // MUST go first.

    modelBuilder.HasDefaultSchema("YOUR_SCHEMA"); // Use uppercase!

    modelBuilder.Entity<ApplicationUser>().ToTable("AspNetUsers");
    modelBuilder.Entity<IdentityRole>().ToTable("AspNetRoles");
    modelBuilder.Entity<IdentityUserRole>().ToTable("AspNetUserRoles");
    modelBuilder.Entity<IdentityUserClaim>().ToTable("AspNetUserClaims");
    modelBuilder.Entity<IdentityUserLogin>().ToTable("AspNetUserLogins");
}

Web.config: this is the web config file for the Restricted folder.

<?xml version="1.0"?>
<configuration>
  <location path="RestrictedPage.aspx">
    <system.web>
      <authorization>
        <deny users="?"/>
      </authorization>
    </system.web>
  </location>
</configuration>

Web.config: these are the additions of interest made to the global application config file in the application root folder.

  <connectionStrings>
    <add name="DefaultConnection" connectionString="Data Source=your_server_name;User ID=your_user_id;Password=xxxxxxxx;"
      providerName="Oracle.ManagedDataAccess.Client" />
  </connectionStrings>

  <entityFramework>
    <defaultConnectionFactory type="System.Data.Entity.Infrastructure.SqlConnectionFactory, EntityFramework" />
    <providers>
      <provider invariantName="System.Data.SqlClient" type="System.Data.Entity.SqlServer.SqlProviderServices, EntityFramework.SqlServer" />
      <provider invariantName="Oracle.ManagedDataAccess.Client"
        type="Oracle.ManagedDataAccess.EntityFramework.EFOracleProviderServices, Oracle.ManagedDataAccess.EntityFramework" />
    </providers>
  </entityFramework>

Here's the Oracle database schema showing the required AspNet.Identity tables created by the script listed in the referenced article.

enter image description here

This app uses Oracle's sample HR schema that can be downloaded from HERE.

enter image description here

jsanalytics
  • 13,058
  • 4
  • 22
  • 43
0

You'll want to use the System.Data.OracleClient namespace for all you're data functions. It behaves more or less like System.Data.SqlClient. Take a look at one of these KB articles depending on whether you are using C# or VB: VB: http://support.microsoft.com/default.aspx?scid=kb;en-us;308157 C#: http://support.microsoft.com/default.aspx?scid=kb;en-us;301240 You'll have to replace the Sql stuff with Oracle calls, but that shouldn't be too hard.

Aravindhan R
  • 270
  • 5
  • 26
  • 1
    Please look [HERE](https://learn.microsoft.com/en-us/dotnet/framework/data/adonet/oracle-and-adonet) : _The types in `System.Data.OracleClient` are **deprecated**. The types remain supported in the current version of.NET Framework but will be removed in a future release. Microsoft recommends that you use a third-party Oracle provider._ – jsanalytics Nov 18 '17 at 22:36