Oracle ORA-12154 error on local IIS, but not with

2019-01-25 23:54发布

问题:

I've got an ASP.NET application that can connect to Oracle when it's started by Visual Studio Development Server, but when I deploy it to my local IIS, it does not connect, showing the "ORA-12154: TNS:could not resolve the connect identifier specified" error.

My connection string was:

Data Source=ABC; User Id=USER; Password=PASSWORD;

Tt's using TNS. My tnsnames.ora is located at C:\oracle\instantclient_10_2\network\admin, and my ORACLE_HOME system variable is pointing to C:\oracle\instantclient_10_2.

To make it work, I changed the connection string to:

"SERVER=(DESCRIPTION =(ADDRESS_LIST =(ADDRESS = (PROTOCOL = TCP)(HOST = server1.theplaceiwork.com)(PORT = 1521))(ADDRESS = (PROTOCOL = TCP)(HOST = server2.theplaceiwork.com)(PORT = 1521))(LOAD_BALANCE = yes))(CONNECT_DATA =(SERVER = DEDICATED)(SERVICE_NAME = ABC)(FAILOVER_MODE =(TYPE = SELECT)(METHOD = BASIC))));uid=USER;pwd=PASSWORD;"

So TNS is used no longer.

But I'd like to know why I can connect using TNS while debbuging with Visual Studio, but when using IIS I can't.

Any tips?

PS. I can use SqlDeveloper with TNS showing no connection errors.

Thanks

回答1:

Make sure Network Service has access to your TNS directories or change your App Pool to run as you.



回答2:

Found answer here:

Granting access to IIS 7.5 ApplicationPoolIdentity

When using "ApplicationPoolIdentity" with IIS 7.5 the corresponding user is (a virtual system user):

IIS AppPool\<AppPoolName>

You can grant this user permissions and check security setting by searching for this user. See the full explanation here:

http://www.iis.net/learn/manage/configuring-security/application-pool-identities

So basically just give permission to Oracle folder to the App Pool virtual user.



回答3:

The difference is:

  • When you are debugging in Visual Studio you are in the security of the logged in user (you)
  • When you are running in IIS you are in the security context of the identity of the application pool. Default is Network Service.


回答4:

In my case, I use Windows 7, IIS 7, Visual Studio 2010. For some reason I have installed 2 Oracle clients, 10.2 and 11.2 (I have 2 TNSNAMES.ORA in two differents path). When I use F5, Visual Studio use one TNSNAME and when I use IIS, It use the other TNSNAME!

If I use CMD and write:

tnsping ORCL

It give me the Oracle vertion I use is: 10.2 and not 11.2. I try turn off the Windows Firewall and not work. I try login in IIS->AppPool with my Windows Account and either not work.

Finally to fix (after 2 days reading a lot of solutions in stackoverflow and others):

  • I give read access to both path C:\oracle\product and C:\app\user\product to Everyone account user, because I not found Network Service account.

  • In IIS -> AppPool, I set ApplicationPoolIdentity to my Pool.

  • In IIS I recycle the AppPool and Restart my WebSite.

and It Works!



回答5:

I'd configured my app pool to run in the context of ApplicationPoolIdentity as @Jaanus describes.

The virtual account "IIS AppPool\MyAppPoolName" had been granted read and execute permission on the Oracle folder, however, permissions weren't being inherited from this folder. I had to traverse the Oracle folder structure to see where permissions inheritance was stopping and explicitly enable it from that point.

I found the problem using Process Monitor from SysInternals / Microsoft:

  1. Start capturing
  2. Run the code that accesses the Oracle resources and wait for the exception to be raised by Visual Studio.
  3. Stop capturing.
  4. Filter the Result field for the string "ACCESS DENIED".


回答6:

Posting my case because it took entirely too long to figure out.

I didn't have access to adjusting the folder permissions and setting the Application Pool Identity did nothing.

Ended up having to edit the Anonymous Authentication credentials of the individual site to my own and the application pool to Network Service. Hopefully this will help someone in a similarly frustrating situation one day.



回答7:

If you are using ApplicationPoolIdentity, Make sure ApplicationPoolIdentity has access to your TNS directories.

See here how to authorize: IIS7 Permissions Overview - ApplicationPoolIdentity



回答8:

I had this issue and tried everything above with no luck. So posting one more thing that was overlooked that could be at cause. Your sqlnet.ora file (same directory as the tnsnames.ora) must exist and have TNS properly configured:

#SQLNET.AUTHENTICATION_SERVICES = (NTS)
NAMES.DIRECTORY_PATH = (EZCONNECT,TNSNAMES)

EZCONNECT is optional but it's very useful in some situations, so I included it.

It was this last thing that enabled my app to work. Hope this helps.