1

I want to connect to an Oracle DB using ODP.Net and C# and using an encrypted connection. The target DB at the moment is set up to accept both, encrypted and unencrypted Connections. Unfortunately even if configured to accept only encrypted Connections my unit test always connects to the DB with no encryption.

My Code Looks as follows:

OracleConnection myConnection = new OracleConnection("Data Source=MyDataSource;User Id=userid; Password = ***");
myConnection.Open();

OracleCommand myStoredProcedureCall = new OracleCommand();
myStoredProcedureCall.Connection = myConnection;

//Some calls to an Oracle DB

I have the following configuration in my app.config

<oracle.manageddataaccess.client>
  <version number="*">
    <dataSources>
      <dataSource alias="MyDataSource" descriptor="(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=hostname)(PORT=port)))(CONNECT_DATA=(SID=SID)(SERVER=DEDICATED))(SECURITY=(SSL_VERSION=1.2)(SSL_SERVER_CERT_DN=&quot;cn=CertDN&quot;)))" />
    </dataSources>
    <settings>
      <setting name="TraceLevel" value="7" />
      <setting name="TraceOption" value="0" />
      <setting name="TraceFileLocation" value="C:\Temp" />

      <setting name="TNS_ADMIN" value="<projectDir>\ExternalRefs\network\admin\productive" />
    </settings>
  </version>
</oracle.manageddataaccess.client>

I also have checked that the other entries in the bapp.config are set as suggested by the Installation guide of Oracle (see Installation Guide)

In my sqlnet.ora I have the following entries:

# sqlnet.ora Network Configuration File
SSL_SERVER_DN_MATCH = yes
SSL_VERSION         = 1.2
sqlnet.encryption_types_client = (AES256)
sqlnet.encryption_client = required 

sqlnet.crypto_checksum_client = required 
sqlnet.crypto_checksum_types_client = (SHA1)

According to my trace log this file and it's config values are read.

As far as I can see I did everything to force an encrypted Connection, but still it doesn't encrypt the Connection. However there is also no error, but the unit test just uses an unencrypted Connection ignoring my config.

There are two things to mention that aren't Standard: a) Due to Network restrictions I was not allowed to install the requires NuGet-Packages from an Online source. I downloaded them from Oracle and then just installed them from file System, but still using NuGet Package Manager b) The Installation guide mentions the following entry that has to be adapted:

<configuration>
  <connectionStrings>
    <add name="OracleDbContext" providerName="Oracle.ManagedDataAccess.Client" connectionString="User Id=oracle_user;Password=oracle_user_password;Data Source=oracle" />
  </connectionStrings>
</configuration>

As I provide my Connection string hardcoded in the unit test I have left this one untouched assuming this is not needed.

Interestingly the config values in sqlnet.ora do not even seem to be validated. If I configure an inexisting cipher (e.g. BlaBla instead of AES256) there is still no error. Furthermore I tried to use different spellings (Upper case instead of lower case) in sqlnet.ora as every sample I found seems to use other spelling.

Any idea what I could check further would be appreciated :-)

wurzlsepp
  • 21
  • 1
  • 3
  • Have a look at documentation: https://docs.oracle.com/cd/E63277_01/win.121/e63268/InstallManagedConfig.htm#ODPNT8161 You can define the encryption algorithm also in .NET config file. It is not required to define it in `sqlnet.ora` file – Wernfried Domscheit Feb 15 '17 at 12:47
  • Thx a lot for your hint. Configuring everything in my app.config was the first thing I tried and I had the same behaviour: no error, but also no encryption. – wurzlsepp Feb 15 '17 at 14:58
  • Was a solution found? – ChW Dec 19 '19 at 15:24

0 Answers0