Saturday, March 28, 2015

OAM 11g .Net Application Integration


 OAM 11g supports OOTB integration with .Net Application including MVC, Sliverlight applications. The OAM Principal and roles can be consumed by the .Net Application using OAM .Net connector aka ObPrincipalHttpModule.

Prerequisite:

  1.  OAM R2PS2 and IIS 11g R2PS2 WebGate.
  2.  IIS 7.X or Higher.
  3. A .NET Application implementing "Context.User.IsInRole("SomeOAMRole")" API.
  4.  .NET 4.0

OAM .Net Application Integration Steps

1.      Create a .net application and deploy it on IIS WebServer.
2.      Create OAM Authz Policy to set OAMHttpModule Role=<SomeRole>&Role=<someRole>.



3.      Add ObPrincipalHttpModule.dll to Global Assembly Cache (GAC) on IIS box. The command is
gacutil -i ObPrincipalHttpModule.dll
Command to verify if ObPrincipalHttpModule is added to GAC.
gacutil -l | grep ObPrincipalHttpModule

           4.       Update the web.config of IIS Site hosting .Net Application. (Note: web.config of the .net application can also be modified to add ObPrincipalHttpModule). Following should be updated in web.config <configuration> tag.
For Integrated( IIS Application ) Mode:
<system.webServer>
<customErrors mode="Off" /> -->
<modules>
<add name="OAMHttpModule" type="Oracle.OAM.Agents.OAMHttpModule,ObPrincipalHttpModule, Version=12.0.0.0, Culture=neutral,PublicKeyToken=99645062befa5197" />
</modules>
</system.webServer>
For Classic (IIS Application ) Mode:
<system.web>
<httpModules>
<add type="Oracle.OAM.Agents.OAMHttpModule,ObPrincipalHttpModule, Version=12.0.0.0, Culture=neutral,PublicKeyToken=99645062befa5197" name="OAMHttpModule" />
</httpModules>

</system.web>
Posted by at
Labels: , , , , , , , , , , , , ,

9 comments:

  1. GaëlApril 16, 2015 at 1:59 AM

    Hi,
    Where do you find this ObPrincipalHttpModule.dll ? I don't have it neither in Webgate 11g nor Webgate 10g for IIS.
    Thank you

    ReplyDelete
  2. AnilApril 16, 2015 at 8:54 AM

    In 10g the ObPrincipalHttpModule.dll can be found at \access\oblix\apps\webgate\ObPrincipalHttpModule\ObPrincipalHttpModule.dll.
    Please make sure the you are using 10.1.4.3 CR2 package for IIS WebGate installation.

    ReplyDelete
  3. GaëlApril 17, 2015 at 5:03 AM

    Thank you. I was not using CR2 package indeed !
    I decompiled the DLL and found out that it won't fit my need because it uses OblixHttpModule header whereas my OAM sends OAM_REMOTE_USER and i ended up writing my own HttpModule which intercept OAM_REMOTE_USER header.

    ReplyDelete
  4. AnilApril 20, 2015 at 9:47 PM

    You can also use 11g R2PS2 IIS WebGate. You will find ObPrincipalHttpModule in the [WebGate Home]/iis/lib directory.

    Internally, the ObPrincipalHttpModulelogic is following. A new OAMPrincipal (IPrincipal) object is intantiated with context.user, Name (defined as OAM Authz Header) and OAM_REMOTE_USER from OAMHttpModule OnAuthenticate event. Name is parsed from Authz header and added to IIdenity. If name (mentioned in Authz success action) is not found then OAM_REMOTE_USER is set as IIdentity. If OAM_REMOTE_USER is not found then UNKNOWN will set as IIDentity.
    So, I believe 11g version will take care of your use-case.

    ReplyDelete
  5. GaëlApril 21, 2015 at 5:08 AM

    This is what I was looking for in the first place. Once again I was not using 11gR2 but 11gR1 of IIS Webgate and I could not find the DLL.
    Thanks !
    I'm not entireli satisfied with the behavior of the ObPrincipalHttpModule logic though. If OAM_REMOTE_USER is not found, I would expect not to have a Principal.

    ReplyDelete
  6. UnknownJuly 26, 2015 at 11:09 AM

    This comment has been removed by the author.

    ReplyDelete
  7. siva pokuriNovember 13, 2017 at 1:13 PM

    Abhijeet,

    I understand that you are protected .NET application using OAM IIS webgate. Do you know if SAML integration is supported by DOT NET applications? Appreciate any information on it.

    Thanks
    Siva Pokuri
    http://idmfun.com

    ReplyDelete
  8. JayalakshmiJune 9, 2020 at 5:57 PM

    Thanks for sharing such informative guide on .Net technology. This post gives me detailed information about the .net technology. I am working as trainer in leading IT training academy offering Dot Net Training in Chennai


    Dot Net Training in Chennai | Dot Net Training in anna nagar | Dot Net Training in omr | Dot Net Training in porur | Dot Net Training in tambaram | Dot Net Training in velachery

    ReplyDelete
  9. AnonymousMay 17, 2022 at 5:20 AM

    Fon Perde Modelleri
    Numara onay
    mobil ödeme bozdurma
    nftnasilalinir.com
    ANKARA EVDEN EVE NAKLİYAT
    trafik sigortası
    dedektör
    web sitesi kurma
    aşk kitapları

    ReplyDelete

Subscribe to: Post Comments (Atom)