My Oracle Support Banner

Odp.Net: Connection Pooling + Kerberos Security Flaw In Connection Reuse Of Asp.Net Application (Doc ID 1137164.1)

Last updated on FEBRUARY 26, 2019

Applies to:

Oracle Data Provider for .NET - Version 11.2.0.1 and later
Information in this document applies to any platform.

Symptoms

Using ODPNET inside ASPNET application with enabled connection pooling
and configured NTS or KERBEROS opening and closing a end users
connection (MYCOMPUTER\TESTUSER) followed by
 
  OracleConnection.ClearAllPools()
 
will cause subsequent conections to be executed as hosted web service
users - like
 
  NT AUTHORITY\NETWORK SERVICE
    
and NOT as expected as end user
  
  MYCOMPUTER\TESTUSER
  
as in the initial connection.

Changes

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.