Connecting to Oracle Using OracleCredential

The OracleCredential class allows providing a password for connecting to Oracle in a more secure way that just specifying it in plain text in a connection string or assigning a System.String instance to the OracleConnection.Password property.

OracleCredential class uses the SecureString class for storing and specifying the password. Passing credentials via OracleCredential class is not supported in the Direct mode.

Please note that additional security of the SecureString class is only available on Windows platform. Besides, there is no point in using the SecureString class if you use a usual System.String class to store the password anywhere in between. For best security, you need either use a special control to obtain the password as a SecureString from the start, like System.Windows.Controls.PasswordBox, or construct a SecureString object from a character-at-a-time unmanaged source.

When changing user password, if you specify credentials via OracleCredential class, you need to use the ChangePassword(SecureString) overload of the ChangePassword method.

Here is an example of a console application, connecting to Oracle using the OracleCredential class to connect to Oracle.

using System;
using System.ComponentModel;
using System.Diagnostics;
using System.Security;
using Devart.Data.Oracle;

class Program {
 
    static void Main(string[] args) {
    {
        Console.Write("Enter user name: ");
        String userName = Console.ReadLine();
        
        // Instantiate the secure string.
        SecureString securePwd = new SecureString();
        ConsoleKeyInfo key;

        Console.Write("Enter password: ");
        do {
           key = Console.ReadKey(true);
           
           // Ignore any key out of range.
           if (((int) key.Key) >= 65 && ((int) key.Key <= 90)) {
              // Append the character to the password.
              securePwd.AppendChar(key.KeyChar);
              Console.Write("*");
           }   
        // Exit if Enter key is pressed.
        } while (key.Key != ConsoleKey.Enter);

        Console.WriteLine();
        
        try {
            OracleConnection connection = new OracleConnection("Server = Ora;");
            connection.Credential = new OracleCredential(userName,securePwd);
            connection.Open();

            // use connection...
        }
        catch (Exception e) {
            Console.WriteLine(e.Message);
        }
        finally {
           securePwd.Dispose();
        }
    }
}

Visual Basic

Imports System
Imports System.ComponentModel
Imports System.Diagnostics
Imports System.Security
Imports Devart.Data.Oracle

Class Program
    Private Shared Sub Main(ByVal args As String())
        If True Then
            Console.Write("Enter user name: ")
            Dim userName As String = Console.ReadLine()

            ' Instantiate the secure string.
            Dim securePwd As SecureString = New SecureString()
            Dim key As ConsoleKeyInfo
            Console.Write("Enter password: ")

            Do
                key = Console.ReadKey(True)

                ' Ignore any key out of range
                If (CInt(key.Key)) >= 65 AndAlso (CInt(key.Key) <= 90) Then

                    ' Append the character to the password.
                    securePwd.AppendChar(key.KeyChar)
                    Console.Write("*")
                End If

            ' Exit if Enter key is pressed.
            Loop While key.Key <> ConsoleKey.Enter

            Console.WriteLine()

            Try
                Dim connection As OracleConnection = New OracleConnection("Server = Ora;")
                connection.Credential = New OracleCredential(userName, securePwd)
                connection.Open()

                ' use connection...
            Catch e As Exception
                Console.WriteLine(e.Message)
            Finally
                securePwd.Dispose()
            End Try
        End If
    End Sub
End Class

See Also