How to connect with System.Data.OracleClient to oracle db with windows authentication?

Question

With Oracle SQL Developer I can put / -character to Username and leave password empty and I get connected. I have OP$MYWINDOWSUSERNAME user created in database.

EDIT: SQL Developer does not work if I check OS Authentication-checkbox (empties and disables username + pwd). Moreover Preferences->Database->Advanced->Use Oracle Client is unchecked so I guess what SQL Developer does or doesn't has very little to do with my System.Data.OracleClient.OracleConnection problem.

However when I try to form connection string like this:

string.Format("Data Source={0}; user id=/;password=;Integrated Security=yes", dbName);

I get ORA-01017: invalid username/password: logon denied

with

string.Format("Data Source={0}; user id=/;password=;Integrated Security=no", dbName);

I get ORA-01005.

With

string.Format("Data Source={0};Integrated Security=yes", dbName);

I get ORA-01017: invalid username/password: logon denied

With

string.Format("Data Source={0}; user id=/;", dbName);

I get ORA-01005

With

string.Format("Data Source={0};User Id=/;Integrated Security=yes;", dbName);

I get ORA-01017

Both OracleConnection in my program and Oracle SQL Developer work when I specify Username and password.

EDIT: This works with

string.Format("Data Source={0};Integrated Security=yes", dbName);

when sqlnet.ora line

SQLNET.AUTHENTICATION_SERVICES= (NTS) 

is changed to

SQLNET.AUTHENTICATION_SERVICES= (NONE)

If somebody writes short answer what is happening and why, i'm happy to grant bounty to him/her.

Answer 1

SQL Developer has sometimes ununderstandable behavior. It's not reliable for this "OS authentication" feature.

You should remove id completely from the authentication string:

string.Format("Data Source={0}; Integrated Security=yes;", dbName);

Edit

The fact that it works only when your remove the NTS option could mean the expected service isn't running, or that NTS doesn't support OS authentication for all users, but only for SYS . Found here some explanation:

The NTS service is used in windows environments to make the Sys user authentication based on the o/s level authentication. So if you are not willing to supply the password of the Sys user each time, you should set this .

And here someone who uses something you could try in its sqlnet.ora :

 SQLNET.AUTHENTICATION_SERVICES =(NONE, NTS) 

It may also depend of your Oracle version; here it says NTS is not supported with Oracle 12c

Starting with Oracle Database 12c Release 1 (12.1), the NTS authentication adapter no longer supports the use of NTLM to authenticate Windows domain users . Thus the NTS cannot be used to authenticate users in old Windows NT domains or domains with old Windows NT domain controllers. However, local connections and Oracle Database services running as a Windows Local User continues to be authenticated using NTLM.

Answer 2

你的问题不在连接字符串中，而是在你的Active Directory结构中，以及能够使用AD的LDAP DB的Oracle设置，为什么如果你在本地数据库上尝试你的代码，例如OracleXE，而不使用活动目录你可能会成功，但同时在分布式Oracle服务器上，您可能会收到授权错误，因此请找一位能够正确设置AD和Oracle的强大管理员。

Answer 3

In short, it's the Windows native operating system authentication which is indicated by NTS.

Once NTS is specified, oracle client identifies the username as workgroup\\username or domain\\username which does not match your OP$MYWINDOWSUSERNAME database user

In order to have it working with NTS option, you need to include domain/workgroup name in your db username:

CREATE USER "OPS$<DOMAIN_NAME>\<OS_USERNAME>" IDENTIFIED EXTERNALLY;

oracle support document 750436.1 confirms this with detailed steps.

Answer 4

your problem is that you cannot use / as user id from outside the database machine itself. also in some cases / cannot be used to connect to the database unless it is specified "/ as sysdba". therefore in case you want to connect through a client library like ADO.NET you have to specify a username and password or it will fail to connect.

if you want to have authentication to access the database using an LDAP user you can also use OAM and ORACLE SSO and OUD/EUM