Odp.Net: Connection Pooling + Kerberos Security Flaw In Connection Reuse Of Asp.Net Application
(Doc ID 1137164.1)
Last updated on FEBRUARY 26, 2019
Applies to:Oracle Data Provider for .NET - Version 22.214.171.124 and later
Information in this document applies to any platform.
Using ODPNET inside ASPNET application with enabled connection pooling
and configured NTS or KERBEROS opening and closing a end users
connection (MYCOMPUTER\TESTUSER) followed by
will cause subsequent conections to be executed as hosted web service
users - like
NT AUTHORITY\NETWORK SERVICE
and NOT as expected as end user
as in the initial connection.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document