Use case: I have to create a web app (ASP.NET MVC) whose RDBMS is Oracle. The DB already exist with a set of users/roles which are granted to perform certain actions over tables, view an so on. Therefore, there is Security implemented already. The scope of the web app is for internal usage, thus should be an Intranet. In that, I should not provide a login page since I could get the user from the browser. Considering I already have security implemented on the Oracle side, how do I inherit it and apply it into my app? In other words:
If I have in Oracle:
- Database (D)
- User (U)
- Role (R), where U has role R
- Table (T), where R is granted to SELECT and INSERT on T
And I have in ASP.NET MVC
- DbContext (DContext) for (D)
- Model (TModel) for (T)
- Controller (TController) with CRUD action methods for (TModel).
How do I add the existing Oracle security to actions mentioned above?
Initially I thought I could decorate the actions with [Authorize] attribute. However, I don't know how to negotiate a Windows credential with Oracle, so that Windows user (X) => Oracle user (U). Therefore, if you try to Update or Delete a TModel, it should return an insufficient privilege exception, as U is not allowed to either update or delete.
I wish someone can help. Thanks in advance.