Re: Need OS User from Web Service call

From: Job Miller <jobmiller_at_yahoo.com>
Date: Fri, 11 Jan 2013 10:52:58 -0800 (PST)
Message-ID: <1357930378.42219.YahooMailNeo_at_web126101.mail.ne1.yahoo.com>

The real end user making the call is lost when you go through a mid-tier, unless you explicitly propagate the identity of the client to the mid-tier, and have the mid-tier propagate it back to the db tier. The documentation covers the two approaches that are possible:

http://docs.oracle.com/cd/E11882_01/network.112/e16543/authentication.htm#CHDBAHIB

Preserving User Identity in Multitiered Environments Many organizations want to know who the user is through all tiers of an application without sacrificing the benefits of a middle tier. Oracle Database supports the following ways to preserve user identity through the middle tier of an application:

Using a Middle Tier Server for Proxy Authentication
Using Client Identifiers to Identify Application Users Not Known to the Database

The later of those, using a client identifier is the easiest.�� It than shows up in CLIENT_IDENTIFIER of V$session, instead of "OS USER"

From: TJ Kiernan <tkiernan_at_pti-nps.com> To: JChirco_at_innout.com; oracle-l_at_freelists.org Cc: TJ Kiernan <tkiernan_at_pti-nps.com> Sent: Friday, January 11, 2013 1:23 PM
Subject: RE: Need OS User from Web Service call

Change the default
� SQLNET.AUTHENTICATION_SERVICES= (NTS) to
� SQLNET.AUTHENTICATION_SERVICES= (NONE) in the client's sqlnet.ora.� Worked for us (there may be some odp.net parameters I'm also unaware of, so sorry if this is an incomplete answer).

Thanks,
T. J.
�

-----Original Message-----

From: oracle-l-bounce_at_freelists.org [mailto:oracle-l-bounce_at_freelists.org] On Behalf Of Jeff Chirco Sent: Friday, January 11, 2013 10:27 AM
To: oracle-l_at_freelists.org
Subject: Need OS User from Web Service call

Currently for our .Net applications call a web service that runs in IIS which then access the Oracle database.� When I query v$session the OS User listed as making the call shows as "SYSTEM".� Does anybody know if it is possible to have the actual OS User that made the originating call?� I am not sure if this is possible because the call is going through a middle tier. Thanks.

--

http://www.freelists.org/webpage/oracle-l

--

http://www.freelists.org/webpage/oracle-l Received on Fri Jan 11 2013 - 19:52:58 CET

This message: [ Message body ]
Next message: Rich Jesse: "Re: Need OS User from Web Service call"
Previous message: TJ Kiernan: "RE: Need OS User from Web Service call"
In reply to: TJ Kiernan: "RE: Need OS User from Web Service call"
Next in thread: mohammed bhatti: "Re: Need OS User from Web Service call"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message