Thursday, April 25, 2019

Thoth Gateway version 1.4.3 now available

I've updated the Thoth Gateway (a PL/SQL web gateway similar to mod_plsql and ORDS, but written in .NET that allows you to run APEX and PL/SQL Web Toolkit applications using Microsoft IIS web server).



The latest release is version 1.4.3. It fixes a few minor issues, but more importantly it is compiled against the latest ODP.NET Managed Driver.

Among other things, this version of the Managed Driver supports Oracle Advanced Security Option (ASO) encryption; without this certain operations such as APEX file uploads would cause "OracleInternal.Network.NetworkException: ORA-12537: Network Session: End of file" errors against an Oracle 18c database.

When upgrading to Thoth Gateway v1.4.3 or later, please make sure you also copy the Oracle.ManagedDataAccess.dll file in addition to the PLSQLGatewayModule.dll file to make sure you have the correct library.

Enjoy!



10 comments:

Anonymous said...

This is a great product! Have you tested version 1.4.3 with Oracle 18c yet?

I'm posting this tidbit hoping it may help someone else: I upgraded an Oracle 11g database with the Jan 2019 CPU and OJVM. I couldn't get to my APEX admin page anymore. I downloaded Thoth Gateway 1.4.2 (latest at the time) and replaced my older Thoth Gateway files and configured the web.config. Ensure that within IIS that the DefaultAppPool is using .NET 4.00xxxxx and perform an IISRESET. This allowed me to get to my APEX admin page. My DefaultAppPool was using version 2.0. This occurred on two different servers.

Morten Braten said...

@Anonymous: I've tested Thoth Gateway version 1.4.3 against the following configurations:

* Oracle 18c Express Edition (XE) running on Windows Server 2016
* Oracle 11g Express Edition (XE) running on Windows Server 2012

- Morten

Anonymous said...

Thoth Gateway 1.4.3 using the following configuration: Oracle 19c Enterprise Edition running on Windows Server 2016 works. I installed it yesterday. If I have any issues I will post them.

Anonymous said...

I am using Oracle 19c EE with APEX 19.1 on a new Windows 2016 Server with Thoth Gateway 1.4.3.
My current configuration is Oracle 11g EE with APEX 4.2 on a Windows 2008 R2 Server.
On the Windows 2008 R2 Server, I removed the IIS_USRS group from the THOTH folder that I created in IIS. I added
the LOCAL Windows Users group to the security of this folder with Read and Execute permissions. Only users
that are added to the LOCAL Windows Users group can access the APEX application under THOTH. All others receive a 401.
I have tried to do this with the new version of Thoth Gateway using the same permission setup. It somewhat works but
never correctly throws the 401 error. I just receive a reoccurring username/password prompt without the error. The only way to kill
it in Edge or IE is by using task manager. I know this is beyond the purpose of Thoth Gateway but if anyone has ideas I would appreciate it.
I also tried using Authorization in IIS but it seems to be ignored.

Morten Braten said...

@Anonymous: As I understand it, you are using the Thoth Gateway in a local "intranet" deployment (not on the public web) where the users all have Windows accounts and you want to give them access to the APEX applications based on that.

What I would suggest is, instead of fiddling with the Windows-level folder permissions, is that you set up authentication on the application in IIS (that is, the "pls" or "web" folder or whatever you have called it). Disable "Anonymous Authentication" and enable "Windows Authentication".

In APEX, create a new Authentication Scheme of type "HTTP Header Variable" (see https://docs.oracle.com/database/121/HTMDB/sec_authentication.htm#CIHEBJEH) and set the variable name to "LOGON_USER" (this is the name of the currently logged-in user that Windows/IIS will pass to the gateway and then on to APEX).

Hope this helps,

- Morten

Anonymous said...

Hi Morten, You are correct. I am using this in a local intranet (local domain) deployment. I setup IIS authentication on the "web" folder to Windows Authentication enabled and Anonymous disabled. I also set up the LOGON_USER within APEX Authentication. It successfully logs in Windows Authenticated users. The only way I can filter Windows Authenticated users is by using Authorization with APEX.

I can't filter those users with any settings (IIS Authorization Rules) or file permissions on the server to specific domain users before it gets to APEX. All domain users get to APEX but are rejected by APEX's authorization (aka my user filter).

As mentioned I know this is beyond the scope of Thoth Gateway. However I was able to tweak it in the old version of Thoth Gateway. In the meantime I am using APEX Authorization which is sufficient.

Thanks again for a great product. I will continue to use Thoth Gateway!

Anonymous said...

Hi Morten, we are looking at moving back to Thoth from ORDS and are trying out 1.4.3. Deployed it fine under IIS 7.5 no problem but having no joy with IIS 10.

Repeatedly receive a 404 error but can't see anything that gives me a further clue as to the cause. Any pointers?

Thanks

001 said...

Hi Morten,

The issue we had getting Thoth working is resolved, our IIS 10 installation did not have .Net extensibility enabled.

Great product, Thanks.

Anonymous said...

Can anybody help on urgent basis please. We have all required configurations but it is giving username/password error. How to ensure it connects properly to apex_public_user on PDB XEPDB1.

Morten Braten said...

@Anonymous: Please open an issue on the project's GitHub page: https://github.com/mortenbra/thoth-gateway and provide details of configuration (connection string) and output of error log.

- Morten