My Oracle Support Banner

Odp.Net: Connection Pooling + Kerberos Security Flaw In Connection Reuse Of Asp.Net Application (Doc ID 1137164.1)

Last updated on JULY 05, 2017

Applies to:

Oracle Data Provider for .NET - Version: 11.2.0.1 and later   [Release: 11.2 and later ]
Information in this document applies to any platform.

Symptoms

Using ODPNET inside ASPNET application with enabled connection pooling
and configured NTS or KERBEROS opening and closing a end users
connection (MYCOMPUTER\TESTUSER) followed by
 
  OracleConnection.ClearAllPools()
 
will cause subsequent conections to be executed as hosted web service
users - like
 
  NT AUTHORITY\NETWORK SERVICE
    
and NOT as expected as end user
  
  MYCOMPUTER\TESTUSER
  
as in the initial connection.

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
  Symptoms
  Cause
  Solution
  References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.