3

I have database in Oracle and application designed in ASP.NET. I want to check user authentication before they can access application. Users are created in Oracle not in application's table.

Is it possible to authenticate Oracle database users using asp.net?

The application uses WebForms and Oracle .NET Data Provider library.

EDIT

  1. First page is login where user enters Oracle username and password
  2. System connects to Oracle and authenticates user. Please remember users are created in Oracle not in application tables.
  3. If valid user then show application pages.

(I can successfully connect to Oracle but cannot authenticate Oracle users)

Improve this question
6
  • 3
    It most definitely is...but you will get a much better answer if you include some more information about your application. Eg. What version, what framwork (MVC, WebApi, even Web Forms) and what sort of authentication you would like to use Commented Nov 15, 2017 at 15:25
  • Of course it is. But for this you will need to implement the full authentication functionality in asp.net. Links posted by jstreet are pretty helpful Commented Nov 16, 2017 at 15:22
  • Application I am programming is ASP.NET. Database is Oracle. Of course, the first page every user sees is login page. Type in user name and password. But is that what you are looking for? You say you want to check user authentication before they access application, but does that mean you want them to login first or not? Like @ste-fu says, please provide more information. Commented Nov 17, 2017 at 3:17
  • If the users are created in oracle, how are the passwords hashed? Or do you want to pass each user's credentials through on each request to the db? Commented Nov 17, 2017 at 8:00
  • Added some more info. Hope this helps. Commented Nov 17, 2017 at 9:18

2 Answers 2

Reset to default
5
+50

This sample web form app follows the steps outlined HERE in order to authenticate users from an Oracle database. The app creates a RestrictedPage in a restricted folder accessible only to authenticated users. Anonymous users trying to access the restricted page are redirected to the Login page. And once an authenticated user logs out, the app redirects it to the Default home page.

enter image description here

RestrictedPage.aspx:

<asp:Content ID="Content1" ContentPlaceHolderID="MainContent" runat="server">
    <h1>Restricted Page</h1>
    <asp:GridView ID="GridView1" runat="server" AllowPaging="True" AutoGenerateColumns="False" DataKeyNames="EMPLOYEE_ID" DataSourceID="SqlDataSource1">
    <Columns>
        <asp:BoundField DataField="EMPLOYEE_ID" HeaderText="EMPLOYEE_ID" ReadOnly="True" SortExpression="EMPLOYEE_ID" />
        <asp:BoundField DataField="FIRST_NAME" HeaderText="FIRST_NAME" SortExpression="FIRST_NAME" />
        <asp:BoundField DataField="LAST_NAME" HeaderText="LAST_NAME" SortExpression="LAST_NAME" />
        <asp:BoundField DataField="EMAIL" HeaderText="EMAIL" SortExpression="EMAIL" />
    </Columns>
</asp:GridView>
<asp:SqlDataSource ID="SqlDataSource1" runat="server" ConnectionString="<%$ ConnectionStrings:ConnectionString %>" ProviderName="<%$ ConnectionStrings:ConnectionString.ProviderName %>" SelectCommand="select employee_id, first_name, last_name, email from hr.employees where employee_id &lt; 150"></asp:SqlDataSource>
</asp:Content>

Site.Master: showing only the div of interest. The rest is the standard boilerplate markup created by VS project template.

<div class="navbar-collapse collapse">
    <ul class="nav navbar-nav">
        <li><a runat="server" href="~/">Home</a></li>
        <li><a runat="server" href="~/About">About</a></li>
        <li><a runat="server" href="~/Contact">Contact</a></li>
        <li><a runat="server" href="~/Restricted/RestrictedPage">Restricted</a></li>
    </ul>
    <asp:LoginView runat="server" ViewStateMode="Disabled">
        <AnonymousTemplate>
            <ul class="nav navbar-nav navbar-right">
                <li><a runat="server" href="~/Account/Register">Register</a></li>
                <li><a runat="server" href="~/Account/Login">Log in</a></li>
            </ul>
        </AnonymousTemplate>
        <LoggedInTemplate>
            <ul class="nav navbar-nav navbar-right">
                <li><a runat="server" href="~/Account/Manage" title="Manage your account">Hello, <%: Context.User.Identity.GetUserName()  %> !</a></li>
                <li>
                    <asp:LoginStatus runat="server" LogoutAction="Redirect" LogoutText="Log off" LogoutPageUrl="~/" OnLoggingOut="Unnamed_LoggingOut" />
                </li>
            </ul>
        </LoggedInTemplate>
    </asp:LoginView>
</div>

IdentityModels.cs: this is the method added for creating/associating entity models to the corresponding Oracle schema tables.

protected override void OnModelCreating(DbModelBuilder modelBuilder)
{
    base.OnModelCreating(modelBuilder); // MUST go first.

    modelBuilder.HasDefaultSchema("YOUR_SCHEMA"); // Use uppercase!

    modelBuilder.Entity<ApplicationUser>().ToTable("AspNetUsers");
    modelBuilder.Entity<IdentityRole>().ToTable("AspNetRoles");
    modelBuilder.Entity<IdentityUserRole>().ToTable("AspNetUserRoles");
    modelBuilder.Entity<IdentityUserClaim>().ToTable("AspNetUserClaims");
    modelBuilder.Entity<IdentityUserLogin>().ToTable("AspNetUserLogins");
}

Web.config: this is the web config file for the Restricted folder.

<?xml version="1.0"?>
<configuration>
  <location path="RestrictedPage.aspx">
    <system.web>
      <authorization>
        <deny users="?"/>
      </authorization>
    </system.web>
  </location>
</configuration>

Web.config: these are the additions of interest made to the global application config file in the application root folder.

  <connectionStrings>
    <add name="DefaultConnection" connectionString="Data Source=your_server_name;User ID=your_user_id;Password=xxxxxxxx;"
      providerName="Oracle.ManagedDataAccess.Client" />
  </connectionStrings>

  <entityFramework>
    <defaultConnectionFactory type="System.Data.Entity.Infrastructure.SqlConnectionFactory, EntityFramework" />
    <providers>
      <provider invariantName="System.Data.SqlClient" type="System.Data.Entity.SqlServer.SqlProviderServices, EntityFramework.SqlServer" />
      <provider invariantName="Oracle.ManagedDataAccess.Client"
        type="Oracle.ManagedDataAccess.EntityFramework.EFOracleProviderServices, Oracle.ManagedDataAccess.EntityFramework" />
    </providers>
  </entityFramework>

Here's the Oracle database schema showing the required AspNet.Identity tables created by the script listed in the referenced article.

enter image description here

This app uses Oracle's sample HR schema that can be downloaded from HERE.

enter image description here

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

You'll want to use the System.Data.OracleClient namespace for all you're data functions. It behaves more or less like System.Data.SqlClient. Take a look at one of these KB articles depending on whether you are using C# or VB: VB: http://support.microsoft.com/default.aspx?scid=kb;en-us;308157 C#: http://support.microsoft.com/default.aspx?scid=kb;en-us;301240 You'll have to replace the Sql stuff with Oracle calls, but that shouldn't be too hard.

Improve this answer

1 Comment

Please look HERE : The types in System.Data.OracleClient are deprecated. The types remain supported in the current version of.NET Framework but will be removed in a future release. Microsoft recommends that you use a third-party Oracle provider.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.