3

I am trying to access an Oracle database (version 10.2.0.4.0) using the following code but an "ORA-01005: Null password given; logon denied" exception is raised by the connection when it's open method is called.

        var connBuilder = new OracleConnectionStringBuilder();
        connBuilder.DataSource = "(DESCRIPTION =(ADDRESS_LIST =(ADDRESS = (PROTOCOL = TCP)(HOST = MyHost.Address)(PORT = ####)) )(CONNECT_DATA =(SERVICE_NAME = MyService)))";
        connBuilder.UserID = "validUserId";
        connBuilder.Password = "validPassword";
        connBuilder.PersistSecurityInfo = true;
        var connString = connBuilder.ToString();
        using (var con = new OracleConnection(connString))
        {
            con.Open();
        }

If I change the username then I receive the following instead; "ORA-01017: invalid username/password; logon denied" and this is also the case if I change the open call on the connection with con.OpenWithNewPassword("validPassword");

If I try with the deprecated Oracle client it connects with no problems:

        using (var depCon = new System.Data.OracleClient.OracleConnection
           ("Data Source=MyHost.Address:####/MyService;Persist Security Info=True;
             User ID=validUsername;Password=validPassword;Unicode=True"))
        {
            depCon.Open();
        }

I'd (obviously) like to use the latest Odp.Net drivers but can't seem to get past this issue. Has anybody got any ideas?

KevD
  • 697
  • 9
  • 17
  • What is the complete version of Oracle Database? I believe only the terminal 10.2 release is supported. What happens if you don't use connection string builder at all and just hard code the connect string with the username and password? What happens if you remove Persist Security Info=True; and Unicode=True? – Christian Shay Aug 03 '15 at 19:09
  • Database version is "Oracle Database 10g Enterprise Edition Release 10.2.0.4.0". Removing the Persist Security and Unicode has no change, nor does hardcoding the connection string. I'm thinking now that something needs installing on the server to enable ODP.net access to work but can't find any documentation to support this. In the meantime I'm currently using the legacy (deprecated) driver which connects successfully. – KevD Aug 04 '15 at 08:22
  • Are you actually providing a password? Or are you trying to use something like OS authentication where you leave it blank? – Christian Shay Aug 04 '15 at 12:07
  • 1
    What version of ODP.NET are you using? Is it the Managed or Unmanaged Driver? Take a look at this thread for an issue regarding FIPS compliance: https://community.oracle.com/thread/2557592?start=0&tstart=0 Also: http://stackoverflow.com/questions/26410951/oracle-manageddataaccess-and-ora-01017-invalid-username-password-logon-denied – Christian Shay Aug 04 '15 at 12:15
  • Thanks Christian - the FIPS compliance looks promising - I'll confirm if this is the issue as soon as I get chance – KevD Aug 04 '15 at 15:54
  • 1
    It was indeed the FIPS issue - adding to the runtime element in the config solved the problem - many, many thanks! – KevD Aug 04 '15 at 16:11
  • Actually, I had this issue, and setting the registry key `System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy\Enabled` to `0` was how I fixed it. When I changed it back to `1` and tried adding `` to my web.config, it didn't work - is there somewhere else it's supposed to go, or some other format, or something else I needed to do? – vapcguy Jun 24 '16 at 13:49
  • No, sorry - that's exactly what I have in my app.config for the application which calls the database and that resolve the issue for me. We could turn it off at the registry level too but we didn't want to have to have this as a requirement for the environments where we deployed the application too (all our servers have FIPS enabled by default) – KevD Jul 04 '16 at 09:30

3 Answers3

2

Take a look at this thread for an issue regarding FIPS compliance:

https://community.oracle.com/thread/2557592?start=0&tstart=0

Also: Oracle.ManagedDataAccess and ORA-01017: invalid username/password; logon denied

Community
  • 1
  • 1
Christian Shay
  • 2,570
  • 14
  • 24
  • Next time, expand your answer instead of linking to everyone else's. I bypassed it, initially, because I didn't want to go through a bunch of links. If you do the research, share what you learned so others can get the same answer you did, instead of having to rummage through everything. Plus, links can be moved/become broken/dead/disabled. It's in the SO rules to not provide "linked-only" answers for that very reason. – vapcguy Jun 24 '16 at 14:36
  • The answer could've been summed up simply: try changing `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy\Enabled` from `1` to `0`. This answer was actually what worked for my situation, too - just wish I had seen how to do it sooner, so I didn't end up posting my own question to get to it - http://dba.stackexchange.com/questions/142085/ora-01017-invalid-username-passwordlogon-denied. But it has some other troubleshooting steps to go through to confirm a person's setup, first, which is always good idea to confirm before jumping in to hack the registry. – vapcguy Jun 24 '16 at 14:45
1

Does it work when you do it like this:

var connBuilder = new Common.DbConnectionStringBuilder();
connBuilder.Add("Data Source", "(DESCRIPTION =(ADDRESS_LIST =(ADDRESS = (PROTOCOL = TCP)(HOST = MyHost.Address)(PORT = ####)) )(CONNECT_DATA =(SERVICE_NAME = MyService)))";
connBuilder.Add("User Id", "validUserId");
connBuilder.Add("Password", "validPassword");

Which version of ODP.NET do you use? There are known issues when you connect to a "new" Oracle database with case-sensitive passwords using an "old" ODP.NET provider, see here: https://community.oracle.com/message/2198228

In order to verify run this command on your database:

ALTER SYSTEM SET SEC_CASE_SENSITIVE_LOGON = FALSE;
Wernfried Domscheit
  • 54,457
  • 9
  • 76
  • 110
  • I'm running Oracle 10g which doesn't have case sensitive passwords so this isn't the issue unfortunately.I'm using the Oracle.ManagedDataAccess Nuget package from Oracle - version 12.1.022 – KevD Aug 03 '15 at 12:27
  • Also - using the DbConnectionStringBuilder yields the same results I'm afraid. No joy as yet. – KevD Aug 03 '15 at 12:41
  • @Wernfried Dornscheit You left out that the test also involves needing to reset the password. Until you do, it is still case-sensitive if the account was created with a password under a `SEC_CASE_SENSITIVE_LOGON = TRUE` flag. – vapcguy Jun 24 '16 at 17:06
1

The issue with case sensitivity and the ODP.Net drivers and different DB versions should be a simple fix. Enclose your connectionstring password in quotes(") such as Password=\"password\"; and this should keep the password case

Kevin T
  • 132
  • 1
  • 1
  • 11
  • Something to try, so +1, but far from a definite fix for all cases. It did not work for me, but might with others if they are experiencing case-sensitivity issues and not the FIPS issue/Oracle bug, in the accepted answer. – vapcguy Jun 24 '16 at 14:47
  • Also, if you do this, you are effectively enforcing case-sensitivity. When I did this with a `User Id` parameter in my connection string, and my user was entered/passed-in as `user` and he was really `USER` in my database - he could no longer log in. I had to change it to pass in the name as `USER`, then it worked. Just something to be aware of. – vapcguy Jun 24 '16 at 17:09