ODAC Authentication

Horace · Post by **Horace** » Mon 18 Sep 2006 14:03

We have purchase the ODAC component over 2 months ago and it performs very well with Oracle 10g using the NET option, Thank You !

However, now we would like to add an Active Directory authentication to our Delphi+ODAC application (or any other native Windows authentication) so the application user, is not forced to login twice (once to the Windows workstation and second to the Oracle server in Delphi application) and in order to centralize our user management.

We are on a MS-Server 2003 domain and have Active Directory enabled.

Is there a way we could accomplish Windows external/native authentication with ODAC in NET mode.

If not, why not, and could you elaborate what would be needed to authenticate to Oracle as a Windows domain user ?

Thank you in advance,
Horace

oweis · Post by **oweis** » Tue 19 Sep 2006 09:35

Hi,

I have a problem by setting the options.net:=true in my program...
Can you send me a piece of code, how you're are setting this option?

When I set the option of True in my procedure, I've the exception: "Features is not supported".

(I'm using BDS2006, Oracle 10g and latest ODAC.)

Thank you in advance,
oweis

Horace · Post by **Horace** » Wed 20 Sep 2006 11:27

The following piece of code sets the NET option programmatcaly in. This code is verified to work in Delphi 6.
You should be disconnected before trying to change the NET option.

Regards,
Horace

Code: Select all

procedure TForm1.FormCreate(Sender: TObject);
begin
  OraSession1.Options.Net:=TRUE;
  OraSession1.Connect;
  OraTable1.Active:=TRUE;
end;

Challenger · Post by **Challenger** » Wed 20 Sep 2006 12:38

No, Net option doesn't support Windows authentication.

Horace · Post by **Horace** » Wed 20 Sep 2006 14:32

How hard would it be to add Windows authentication to ODAC ?

Regards,
Horace

Challenger · Post by **Challenger** » Thu 21 Sep 2006 10:30

We are not going to add such functionality in the nearest future. If you want to use Windows authentication you should use OCI mode.

Challenger · Post by **Challenger** » Thu 21 Sep 2006 10:31

We are not going to add such functionality in the nearest future. You can use Windows authentication in OCI mode.

Horace · Post by **Horace** » Fri 22 Sep 2006 01:54

We don't want to use the OCI mode because the we'd have to install the bloated Oracle client on every workstation. The whole idea of ODAC was to distribute our client application without the Oracle bloatware as one elegant skinny exec.

Users couldn't install the Oracle bloatware themselves, anyway...

If you will not add authentication to ODAC then we will have to do it ourselves.
Do we have the right to modify your ODAC source code?

Can you save me some time and at least point me in the right direction what would be needed to add Windows authentication to ODAC.

One of your developers must have thought about it already, maybe he'd be willing to share his plan of action.

I am an experienced Win API programmer (UM & KM), but little experience in Oracle protocols.

Regards,
Horace

Horace · Post by **Horace** » Mon 25 Sep 2006 11:42

I'm not asking you for code, just a PLAN OF ACTION such as the most generic authentication sequence and/or exchange of info between Windows workstation ODAC and Oracle server in most generic form.

Regards,
Horace

Challenger · Post by **Challenger** » Mon 25 Sep 2006 12:57

We have no information about how Oracle client performs this operation. That's why we didn't investigate this task and as a result we have no information to share with you.

josir · Post by **josir** » Thu 05 Oct 2006 21:20

I solved this problem easily.

On WinXP/200x, you can ask SO if you are authenticated on a domain. If you know you are authenticated, you can assume that what user is logged.

type
PTokenUser = ^TTokenUser;
_TOKEN_USER = record
User: TSIDAndAttributes;
end;
TTokenUser = _TOKEN_USER;

procedure UserDomainName(var User, Domain: String);
var hProcess, hAccessToken: THandle;
InfoBuffer: array[0..1000] of Char;
szAccountName, szDomainName: array [0..200] of Char;
dwInfoBufferSize, dwAccountSize, dwDomainSize: DWORD;
pUser: PTokenUser;
snu: SID_NAME_USE;
begin
dwAccountSize:=200;
dwDomainSize:=200;
hProcess:=GetCurrentProcess;
OpenProcessToken(hProcess,TOKEN_READ,hAccessToken);
GetTokenInformation(hAccessToken,TokenUser,@InfoBuffer[0],1000,
dwInfoBufferSize);
pUser:=PTokenUser(@InfoBuffer[0]);
LookupAccountSid(nil, pUser.User.Sid, szAccountName, dwAccountSize, szDomainName, dwDomainSize, snu);
User:=szAccountName;
Domain:=szDomainName;
CloseHandle(hAccessToken);
end;

Good Luck,
Josir

Challenger · Post by **Challenger** » Fri 06 Oct 2006 12:46

To josir:
The procedure can help to use OS authentication in OCI mode, not in Net.

josir · Post by **josir** » Wed 18 Oct 2006 15:10

Hi Challenger,

my mistake: I forgot to say that I use a single Oracle user to connect to all network users and I don't need to connect to Oracle with every single user.

The idea is:

if I can get the Domain Name, I am authenticated.
If I am authenticated, I don't need to ask for username/password.

Just an idea to the guy that want to use Net ODAC option (which is much faster and reliable than Oracle Client version).

Josir.

Horace · Post by **Horace** » Thu 11 Jan 2007 22:39

5 months later...

Has anything changed with authentication in NET mode in Beta v6.00 ?
Do you now have any plans to add windows authentication to the NET mode?

We tried to use Josir's method but is is not workable in net mode...

Regards,
Horace

Challenger · Post by **Challenger** » Mon 15 Jan 2007 13:06

We have not add such functionality to ODAC 6.00.

Devart Forums

ODAC Authentication

ODAC Authentication

Authenticating on WinXP

OS Authentication - my mistake