ASP.NET Impersonation to access Oracle database...

Discussion in 'ASP .Net' started by Top Poster, Jul 6, 2005.

  1. Top Poster

    Top Poster Guest

    Hi all,

    I am trying to work out how I can use impersonation to connect to an Oracle
    9i database such that I can avoid sending a clear text username and password
    to the Oracle server.

    We are using Windows 2000 and IIS 5.0. Currently the database and the
    Webserver are running on the same machine (which I'll call MyMachineName)
    Until now I have been using a connection string in the web.config file on an
    IIS Web Server as follows:

    <add key="ConnectionString" value="Data Source=mydatabase;User
    Id=scott;Password=tiger;Integrated Security=no;"/>

    This works fine but it is not a satisfactory long term solution.
    I have tried to use Impersonation so that the UserId and Password can be
    stored in the registry on the Web Server to achieve the same result. I have
    performed these steps on the IIS Web Server:

    From the command line:
    aspnet_setreg.exe -k:SOFTWARE\myWebService\identity -u:"scott" -p:"tiger"
    Added to web.config:
    <identity impersonate="true"

    I have kept the appSettings section but removed the username and password:
    <add key="ConnectionString" value="Data Source=mydatabase;Integrated

    Used regedt32.exe to grant permissions for the ASP.NET account on these
    registry keys. ie:
    Click on the HKEY_LOCAL_MACHINE\SOFTWARE\myWebService\ subkey
    On the Security menu, click Permissions
    Click Add
    In the "Look In" combo box (which appears in a Win2K environment) select the
    machine name (not the domain name because the ASPNET user has not been added
    to our domain)

    The user MyMachineName\ASPNET has now been granted permissions on the
    ASP.NET account.

    The web service is configured to use anonymous access.

    At this point I tried to navigate to the Virtual Directory
    (...service1.asmx) using Internet Explorer and received this error message:
    Configuration error ... Error from the operating system ... "A required
    privilege is not held by the client"

    Then I read that a possible workaround is to change the Local Policies as
    Start,Settings,Control Panel,Administrative Tools,Local Security
    Policy,Local Policies,User Rights Assignment,Act as part of the operating

    Unfortunately I am still getting the same error ... "A required privilege is
    not held by the client"
    I also tried modifying the machine.config file processModel section with
    userName="SYSTEM" and password="AutoGenerate"

    Does anyone have any suggestions to either fix the problem or to try an
    alternative approach?

    I am worried about the possibility that using a 3rd party product (Oracle)
    has compromised the likelihood of resolving the problem.
    Do I need to set up ASPNET as a domain user?
    Do I need to further change the appSettings section of the web.config file?
    Does ASPNET have to be defined as a database user ? (currently it is not)

    Many thanks,

    Top Poster, Jul 6, 2005
    1. Advertisements

  2. Top Poster

    Guest Guest

    The error you are getting is because User Id=scott is not an authorized
    UserID to the desktop (or server) where you are running the application. If
    you were to use a userId and password that is allowed on both the desktop and
    Guest, Jul 6, 2005
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.