Re: Need OS User from Web Service call
Date: Fri, 11 Jan 2013 10:52:58 -0800 (PST)
Message-ID: <1357930378.42219.YahooMailNeo_at_web126101.mail.ne1.yahoo.com>
The real end user making the call is lost when you go through a mid-tier, unless you explicitly propagate the identity of the client to the mid-tier, and have the mid-tier propagate it back to the db tier. The documentation covers the two approaches that are possible:
http://docs.oracle.com/cd/E11882_01/network.112/e16543/authentication.htm#CHDBAHIB
Preserving User Identity in Multitiered Environments Many organizations want to know who the user is through all tiers of an application without sacrificing the benefits of a middle tier. Oracle Database supports the following ways to preserve user identity through the middle tier of an application:
- Using a Middle Tier Server for Proxy Authentication
- Using Client Identifiers to Identify Application Users Not Known to the Database
The later of those, using a client identifier is the easiest. It than shows up in CLIENT_IDENTIFIER of V$session, instead of "OS USER"
From: TJ Kiernan <tkiernan_at_pti-nps.com> To: JChirco_at_innout.com; oracle-l_at_freelists.org Cc: TJ Kiernan <tkiernan_at_pti-nps.com> Sent: Friday, January 11, 2013 1:23 PM
Subject: RE: Need OS User from Web Service call
Change the default
SQLNET.AUTHENTICATION_SERVICES= (NTS)
to
SQLNET.AUTHENTICATION_SERVICES= (NONE)
in the client's sqlnet.ora. Worked for us (there may be some odp.net parameters I'm also unaware of, so sorry if this is an incomplete answer).
Thanks,
T. J.
-----Original Message-----
From: oracle-l-bounce_at_freelists.org [mailto:oracle-l-bounce_at_freelists.org] On Behalf Of Jeff Chirco
Sent: Friday, January 11, 2013 10:27 AM
To: oracle-l_at_freelists.org
Subject: Need OS User from Web Service call
Currently for our .Net applications call a web service that runs in IIS which then access the Oracle database. When I query v$session the OS User listed as making the call shows as "SYSTEM". Does anybody know if it is possible to have the actual OS User that made the originating call? I am not sure if this is possible because the call is going through a middle tier. Thanks.
--
http://www.freelists.org/webpage/oracle-l
--
http://www.freelists.org/webpage/oracle-l
--
http://www.freelists.org/webpage/oracle-l
Received on Fri Jan 11 2013 - 19:52:58 CET