Hello,
I encountered an error using the Oracle.ManagedDataAccess and Oracle.DataAccess libraries in an ASP.NET MVC application I wrote. On a Windows Server 2008 R2 server, I would receive an ORA-01017: Invalid UserName and Password. After some research and help online, I discovered the cause of this error was that the setting for enforcing FIPS Policy compliance was enabled. Disabling this setting allowed me to retrieve data from the Oracle database.
We house our server on a government site and they require we have this setting enabled.
Some users have determined that Oracle client encrypts the password sent to the database and that the encryption method used is AES. According to them, this encryption method conflicts with the FIPS policy setting and results in the aforementioned error. I cannot find documentation that specifically states that AES is used to encrypt the password, so I'm taking this "fact" at face value.
Has anyone overcome the problem where they can enforce the FIPS policy setting and connect to the database? I know that some people have recommended adding the enforceFIPSPolicy element to the web.config. I have found that this does not work in a Windows Server 2008 R2 environment (at least for me), and is not desirable because the application would not be in compliance with our security requirements.
Any assistance offered is appreciated.
Sincerely,
Robert Eberhart