在ASP.NET中验证Oracle用户

Question

I have database in Oracle and application designed in ASP.NET. I want to check user authentication before they can access application. Users are created in Oracle not in application's table.

Is it possible to authenticate Oracle database users using asp.net?

The application uses WebForms and Oracle .NET Data Provider library.

EDIT

1. First page is login where user enters Oracle username and password
2. System connects to Oracle and authenticates user. Please remember users are created in Oracle not in application tables.
3. If valid user then show application pages.

(I can successfully connect to Oracle but cannot authenticate Oracle users)

Answer 1

This sample web form app follows the steps outlined HERE in order to authenticate users from an Oracle database. The app creates a RestrictedPage in a restricted folder accessible only to authenticated users. Anonymous users trying to access the restricted page are redirected to the Login page. And once an authenticated user logs out, the app redirects it to the Default home page.

RestrictedPage.aspx:

<asp:Content ID="Content1" ContentPlaceHolderID="MainContent" runat="server">
    <h1>Restricted Page</h1>
    <asp:GridView ID="GridView1" runat="server" AllowPaging="True" AutoGenerateColumns="False" DataKeyNames="EMPLOYEE_ID" DataSourceID="SqlDataSource1">
    <Columns>
        <asp:BoundField DataField="EMPLOYEE_ID" HeaderText="EMPLOYEE_ID" ReadOnly="True" SortExpression="EMPLOYEE_ID" />
        <asp:BoundField DataField="FIRST_NAME" HeaderText="FIRST_NAME" SortExpression="FIRST_NAME" />
        <asp:BoundField DataField="LAST_NAME" HeaderText="LAST_NAME" SortExpression="LAST_NAME" />
        <asp:BoundField DataField="EMAIL" HeaderText="EMAIL" SortExpression="EMAIL" />
    </Columns>
</asp:GridView>
<asp:SqlDataSource ID="SqlDataSource1" runat="server" ConnectionString="<%$ ConnectionStrings:ConnectionString %>" ProviderName="<%$ ConnectionStrings:ConnectionString.ProviderName %>" SelectCommand="select employee_id, first_name, last_name, email from hr.employees where employee_id &lt; 150"></asp:SqlDataSource>
</asp:Content>

Site.Master: showing only the div of interest. The rest is the standard boilerplate markup created by VS project template.

<div class="navbar-collapse collapse">
    <ul class="nav navbar-nav">
        <li><a runat="server" href="~/">Home</a></li>
        <li><a runat="server" href="~/About">About</a></li>
        <li><a runat="server" href="~/Contact">Contact</a></li>
        <li><a runat="server" href="~/Restricted/RestrictedPage">Restricted</a></li>
    </ul>
    <asp:LoginView runat="server" ViewStateMode="Disabled">
        <AnonymousTemplate>
            <ul class="nav navbar-nav navbar-right">
                <li><a runat="server" href="~/Account/Register">Register</a></li>
                <li><a runat="server" href="~/Account/Login">Log in</a></li>
            </ul>
        </AnonymousTemplate>
        <LoggedInTemplate>
            <ul class="nav navbar-nav navbar-right">
                <li><a runat="server" href="~/Account/Manage" title="Manage your account">Hello, <%: Context.User.Identity.GetUserName()  %> !</a></li>
                <li>
                    <asp:LoginStatus runat="server" LogoutAction="Redirect" LogoutText="Log off" LogoutPageUrl="~/" OnLoggingOut="Unnamed_LoggingOut" />
                </li>
            </ul>
        </LoggedInTemplate>
    </asp:LoginView>
</div>

IdentityModels.cs: this is the method added for creating/associating entity models to the corresponding Oracle schema tables.

protected override void OnModelCreating(DbModelBuilder modelBuilder)
{
    base.OnModelCreating(modelBuilder); // MUST go first.

    modelBuilder.HasDefaultSchema("YOUR_SCHEMA"); // Use uppercase!

    modelBuilder.Entity<ApplicationUser>().ToTable("AspNetUsers");
    modelBuilder.Entity<IdentityRole>().ToTable("AspNetRoles");
    modelBuilder.Entity<IdentityUserRole>().ToTable("AspNetUserRoles");
    modelBuilder.Entity<IdentityUserClaim>().ToTable("AspNetUserClaims");
    modelBuilder.Entity<IdentityUserLogin>().ToTable("AspNetUserLogins");
}

Web.config: this is the web config file for the Restricted folder.

<?xml version="1.0"?>
<configuration>
  <location path="RestrictedPage.aspx">
    <system.web>
      <authorization>
        <deny users="?"/>
      </authorization>
    </system.web>
  </location>
</configuration>

Web.config: these are the additions of interest made to the global application config file in the application root folder.

  <connectionStrings>
    <add name="DefaultConnection" connectionString="Data Source=your_server_name;User ID=your_user_id;Password=xxxxxxxx;"
      providerName="Oracle.ManagedDataAccess.Client" />
  </connectionStrings>

  <entityFramework>
    <defaultConnectionFactory type="System.Data.Entity.Infrastructure.SqlConnectionFactory, EntityFramework" />
    <providers>
      <provider invariantName="System.Data.SqlClient" type="System.Data.Entity.SqlServer.SqlProviderServices, EntityFramework.SqlServer" />
      <provider invariantName="Oracle.ManagedDataAccess.Client"
        type="Oracle.ManagedDataAccess.EntityFramework.EFOracleProviderServices, Oracle.ManagedDataAccess.EntityFramework" />
    </providers>
  </entityFramework>

Here's the Oracle database schema showing the required AspNet.Identity tables created by the script listed in the referenced article.

This app uses Oracle's sample HR schema that can be downloaded from HERE .

Answer 2

You'll want to use the System.Data.OracleClient namespace for all you're data functions. It behaves more or less like System.Data.SqlClient. Take a look at one of these KB articles depending on whether you are using C# or VB: VB: http://support.microsoft.com/default.aspx?scid=kb;en-us;308157 C#: http://support.microsoft.com/default.aspx?scid=kb;en-us;301240 You'll have to replace the Sql stuff with Oracle calls, but that shouldn't be too hard.