Best Practices from Oracle Development's A‑Team

Do we have an OAM Web Gate for Microsoft .NET 4.0?

A question came in on one of the Oracle internal mailing lists with the following question:

One of their partners achieves a single sign-on with them by means of our CoreId/web gate product. Do we have a CoreID/web gate product that works with Microsoft .Net 4.0?

The short answer is that you don't need a .NET WebGate so no, there isn't one.

The long answer is a bit more complicated.

When people talk about .NET in the web world they're usually talking about ASP.NET which runs inside IIS. So the question really becomes something more like "is IIS and ASP.NET with the .NET runtime version 4.0 supported?"

The answer is that IIS is supported and the ASP.NET app can be protected by the WebGate. If that's all you need then your ASP.NET app should work just fine.

The only additional point is that ASP.NET apps sometimes (often?) expect to be run in the security context of a user. Meaning they don't get the username out of an HTTP header but instead get it by making a call back to Windows and asking for the user identity. In this case asp.net is configured with

<identity impersonate="true" />

If you want that to work then you need to use OAM's Windows Impersonation feature documented here.

Twiddle those knobs and you should be able to protect any ASP.NET app you've got lying around.

Hope this helps!

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.Captcha