Devart Forums

Discussion forums for open issues and questions concerning database tools, data access components and developer tools from Devart
https://forums.devart.com/

ODAC Authentication

https://forums.devart.com/viewtopic.php?f=5&t=7440

Page 1 of 2

ODAC Authentication

Posted: Mon 18 Sep 2006 14:03
by Horace
We have purchase the ODAC component over 2 months ago and it performs very well with Oracle 10g using the NET option, Thank You !

However, now we would like to add an Active Directory authentication to our Delphi+ODAC application (or any other native Windows authentication) so the application user, is not forced to login twice (once to the Windows workstation and second to the Oracle server in Delphi application) and in order to centralize our user management.

We are on a MS-Server 2003 domain and have Active Directory enabled.

Is there a way we could accomplish Windows external/native authentication with ODAC in NET mode.

If not, why not, and could you elaborate what would be needed to authenticate to Oracle as a Windows domain user ?


Thank you in advance,
Horace

Posted: Tue 19 Sep 2006 09:35
by oweis
Hi,

I have a problem by setting the options.net:=true in my program...
Can you send me a piece of code, how you're are setting this option? :oops:

When I set the option of True in my procedure, I've the exception: "Features is not supported".

(I'm using BDS2006, Oracle 10g and latest ODAC.)


Thank you in advance,
oweis

Posted: Wed 20 Sep 2006 11:27
by Horace
The following piece of code sets the NET option programmatcaly in. This code is verified to work in Delphi 6.
You should be disconnected before trying to change the NET option.

Regards,
Horace

Code: Select all

procedure TForm1.FormCreate(Sender: TObject);
begin
  OraSession1.Options.Net:=TRUE;
  OraSession1.Connect;
  OraTable1.Active:=TRUE;
end;

Posted: Wed 20 Sep 2006 12:38
by Challenger
No, Net option doesn't support Windows authentication.

Posted: Wed 20 Sep 2006 14:32
by Horace
How hard would it be to add Windows authentication to ODAC ?


Regards,
Horace

Posted: Thu 21 Sep 2006 10:30
by Challenger
We are not going to add such functionality in the nearest future. If you want to use Windows authentication you should use OCI mode.

Posted: Thu 21 Sep 2006 10:31
by Challenger
We are not going to add such functionality in the nearest future. You can use Windows authentication in OCI mode.

Posted: Fri 22 Sep 2006 01:54
by Horace
We don't want to use the OCI mode because the we'd have to install the bloated Oracle client on every workstation. The whole idea of ODAC was to distribute our client application without the Oracle bloatware as one elegant skinny exec.

Users couldn't install the Oracle bloatware themselves, anyway...

If you will not add authentication to ODAC then we will have to do it ourselves.
Do we have the right to modify your ODAC source code?

Can you save me some time and at least point me in the right direction what would be needed to add Windows authentication to ODAC.

One of your developers must have thought about it already, maybe he'd be willing to share his plan of action.

I am an experienced Win API programmer (UM & KM), but little experience in Oracle protocols.


Regards,
Horace

Posted: Mon 25 Sep 2006 11:42
by Horace
I'm not asking you for code, just a PLAN OF ACTION such as the most generic authentication sequence and/or exchange of info between Windows workstation ODAC and Oracle server in most generic form.

Regards,
Horace

Posted: Mon 25 Sep 2006 12:57
by Challenger
We have no information about how Oracle client performs this operation. That's why we didn't investigate this task and as a result we have no information to share with you.

Authenticating on WinXP

Posted: Thu 05 Oct 2006 21:20
by josir
I solved this problem easily.

On WinXP/200x, you can ask SO if you are authenticated on a domain. If you know you are authenticated, you can assume that what user is logged.

type
PTokenUser = ^TTokenUser;
_TOKEN_USER = record
User: TSIDAndAttributes;
end;
TTokenUser = _TOKEN_USER;

procedure UserDomainName(var User, Domain: String);
var hProcess, hAccessToken: THandle;
InfoBuffer: array[0..1000] of Char;
szAccountName, szDomainName: array [0..200] of Char;
dwInfoBufferSize, dwAccountSize, dwDomainSize: DWORD;
pUser: PTokenUser;
snu: SID_NAME_USE;
begin
dwAccountSize:=200;
dwDomainSize:=200;
hProcess:=GetCurrentProcess;
OpenProcessToken(hProcess,TOKEN_READ,hAccessToken);
GetTokenInformation(hAccessToken,TokenUser,@InfoBuffer[0],1000,
dwInfoBufferSize);
pUser:=PTokenUser(@InfoBuffer[0]);
LookupAccountSid(nil, pUser.User.Sid, szAccountName, dwAccountSize, szDomainName, dwDomainSize, snu);
User:=szAccountName;
Domain:=szDomainName;
CloseHandle(hAccessToken);
end;

Good Luck,
Josir

Posted: Fri 06 Oct 2006 12:46
by Challenger
To josir:
The procedure can help to use OS authentication in OCI mode, not in Net.

OS Authentication - my mistake

Posted: Wed 18 Oct 2006 15:10
by josir
Hi Challenger,

my mistake: I forgot to say that I use a single Oracle user to connect to all network users and I don't need to connect to Oracle with every single user.

The idea is:

if I can get the Domain Name, I am authenticated.
If I am authenticated, I don't need to ask for username/password.

Just an idea to the guy that want to use Net ODAC option (which is much faster and reliable than Oracle Client version).

Josir.

Posted: Thu 11 Jan 2007 22:39
by Horace
5 months later...

Has anything changed with authentication in NET mode in Beta v6.00 ?
Do you now have any plans to add windows authentication to the NET mode?

We tried to use Josir's method but is is not workable in net mode...


Regards,
Horace

Posted: Mon 15 Jan 2007 13:06
by Challenger
We have not add such functionality to ODAC 6.00.
All times are UTC
Page 1 of 2
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/