Click here to Skip to main content
Click here to Skip to main content

Secure Your .NET Applications and Integrate Them with Active Directory

, 1 Mar 2004
Free .NET Component for managing users and controlling access to your applications. 

Editorial Note

This article is in the Product Showcase section for our sponsors at CodeProject. These reviews are intended to provide you with information on products and services that we consider useful and of value to developers.

This is a showcase review for our sponsors at CodeProject. These reviews are intended to provide you with information on products and services that we consider useful and of value to developers.

Introduction

Do you need one solution for managing users and security in all .NET applications? Or do you need to integrate your applications with Active Directory? PortSight Secure Access can solve most security issues. Even better - you can get it completely free!

Quick Overview

PortSight Secure Access is a .NET component. It provides a database of users, user groups and organizational units and it allows you to control access to your applications. The programming interface can be used in ASP.NET, WinForms and Web Services. The Enterprise Edition allows you to import user accounts from Active Directory, Windows domains and ODBC-enabled databases.

Figure 1 - PortSight Secure Access high-level architecture.

Secure Access Overview

Installation and Application Security Wizard

The installation of PortSight Secure Access is simple - you just go through the wizard and it creates the Secure Access user database and installs the Web-based user interface.

Figure 2 - PortSight Secure Access installation is really smooth.

Secure Access Installation

The Application Configuration Wizard helps you configure security of your ASP.NET application in a few easy steps. You only need to create an empty ASP.NET project and choose the security options in the wizard. You can choose between Forms and Windows authentication. The wizard modifies the virtual directory security settings, copies Secure Access files to your application and modifies the Global.asax file.

Figure 3 - Application Configuration Wizard helps you configure security of your ASP.NET application.


Application Configuration Wizard

Authentication

After completing the wizard and compilation, your application requires authentication and is fully prepared for implementing authorization and auditing features. If you chose Forms authentication, users have to provide their user name and password. In this case, passwords are stored in the database. You can choose to store only hash of the passwords to avoid password exposure.

Figure 4 - The logon form offers rich functionality, including "Send Forgotten Password" and "Change Expired Password" features. It also enforces the password policy when changing the password.


Logon Form

Customizable User Profiles

User profiles are stored in the database along with other information. The profile contains the most common fields, such as user name, full name, e-mail address or shipping address. But the default fields do not limit you - you can add any number of custom properties to the user profile. You can use these fields for storing user preferences and settings.

Figure 5 - User profile can contain any number of your custom properties.


User Details

Authorization - Controlling Access to Application Modules

PortSight Secure Access allows you to control access to particular modules or features. It provides a variety of authorization methods.

Checking Membership in Groups and Organizational Units

The most simple authorization method is checking user's membership in a particular group or organizational unit.

Code 1 - Checking user membership.

[VB.NET]

If ARHelper.IsMember("JohnD", "PMs") Then ... 

[C#]

If (ARHelper.IsMember("JohnD", "PMs") { ... 

Role-based Security

A more advanced and the most common way is using role-based security. You can define any number of roles for each application and assign these roles to users and groups.

Code 2 - Checking if user is member of particular role.

[VB.NET]

If ARHelper.IsInRole("JohnD", "WorkReports.Manager") Then ... 

[C#]

If (ARHelper.IsInRole("JohnD", "WorkReports.Manager") { ... 

Figure 6 - The Web-based user interface allows you to manage security of your applications from one single point.

Roles

Checking User Permissions

Permissions represent the most flexible authorization method. You can define permissions for each application or module and then grant these permissions to users. However, the preferred solution is granting permissions to roles instead of users and assign users (or groups) to these roles. In this way, your customer can easily modify default permissions for particular roles by himself. It also helps you avoid re-writing the application code when a customer decides, "TeamLeaders role members should be allowed to APPROVE in the WORKREPORTS application" instead of "TeamLeaders role members should be only allowed to READ in the WORKREPORTS application".

Code 3 - Checking user permissions.

[VB.NET]

If ARHelper.IsAuthorized("JohnD","WorkReports.ReportViewer","Read") Then ...

[C#]

If (ARHelper.IsAuthorized("JohnD", "WorkReports.ReportViewer", "Read")) {...

Figure 7 - Permissions for particular roles can be easily managed using the Permission Matrix control.

Permission Matrix

Web Content Authorization

So far, we have mentioned only authorization in your applications. However, PortSight Secure Access allows you to control access to downloading any Web content. You can define the content using the path mask, such as "*.doc" or "/PortSight/secret/img*.jpg" and you can check in your code what permissions (in Secure Access) are required for the files.So far, we have mentioned only authorization in your applications. However, PortSight Secure Access allows you to control access to downloading any Web content. You can define the content using the path mask, such as "*.doc" or "/PortSight/secret/img*.jpg" and you can check in your code what permissions (in Secure Access) are required for the files.

Auditing Trail

An important feature of the application security is auditing of user activities. It can help you detect attacks and attempts at unauthorized access to secret data and also keep track of data modifications. Last but not least, some laws, including the HIPAA rules, require the auditing trail.

Code 4 - Logging activities in the auditing trail is extremely simple.

[VB.NET]

ARHelper.Log("JohnD", "User changed amount to USD 5.90", <BR>            "WorkReports.TravelExpenses") 

[C#]

ARHelper.Log("JohnD", "User changed amount to USD 5.90", <BR>             "WorkReports.TravelExpenses"); 

Delegation

In some cases, the security of the system requires immediate and frequent changes. When a manager gets new people on the project, it's often necessary to grant them permissions to various applications. With PortSight Secure Access delegation features, the manager can do this without waiting for an administrator. The administrator can easily delegate the management of groups, organizational units and roles to privileged users.

Figure 8 - You can delegate part of the security management to privileged users and avoid administrator's bottleneck. All you have to do is add this user control to your application.

Delegation Control

Integration with Active Directory, Windows Domains and Existing Databases

Creating, modifying and deleting users and groups in several systems becomes difficult or even impossible as the number of systems grows. Although PortSight Secure Access has its own user database, this doesn't mean that it's another headache for your administrator.

It allows you to set up a regular import from Microsoft Active Directory, Windows domains and existing ODBC-enabled databases. You can import user accounts as well as user groups, organizational units and membership information. When you update the user's e-mail address in Active Directory, the change is automatically copied to your Secure Access database during the periodical import, ensuring that your application works with the latest data.

Figure 9 - You can map source properties to Secure Access fields in the Import Wizard.

Mapping Source and Target Fields

Reusable User Controls

Secure Access is delivered with several ASP.NET user controls, such as:

  • Logon Form
  • Send Forgotten Password
  • Change Password
  • List of Users
  • Control for selection of single or multiple users
  • ... and others.

The WinForms user controls include "Logon Form" and "Change Password" dialogs.

Figure 10 - Selection of multiple users doesn't require any difficult coding.

User Selection Dialog

One Solution for All Platforms

PortSight Secure Access 2.0 supports not only ASP.NET applications, but also WinForms and Web Services. The WinForms applications can use either Secure Access components directly or - preferably - they can consume Secure Access Web Service that provides the most frequent methods to the client applications. Using this Web Service, you can use Secure Access features on virtually any platform or device with Web Services support.

The new Secure Access version comes also with support for securing your own Web Services. It uses Microsoft Web Services Enhancements to implement the WS-Security standard. The users of your Web Service need to provide their user name and password to call Web Service methods and your Web Service can check client's roles and permissions.

Figure 11 - PortSight Secure Access now secures also WinForms and Web Services. It's delivered with "Logon Form" and "Change Password" controls for WinForms.

Set Password Control WinForms Logon Form

Secure Your Applications with Free Community Edition

PortSight has also released a free edition of Secure Access - the Community Edition. It's available for download on http://www.portsight.com/SecureAccess. It's limited to 100 user accounts stored in the database; it doesn't support organizational units and permissions. It's intended for smaller projects and it's free also for commercial use.

Edition Comparison

Table 1 - Available Editions.

Edition

Description

Price

Community Edition

- Limited to 100 user accounts.
- Doesn't support organizational units and permissions.
- Intended for smaller projects.

Free

Standard Edition

USD 249 per server

Enterprise Edition

- All features of the Standard Edition.
- Supports import from Active Directory, Windows domains and ODBC-enabled databases.

USD 399 per server

Table 2 - Feature Comparison...

Feature

Community

Standard Enterprise
Unlimited Number of User Accounts

NO (100)

YES

YES

Management of User Profiles and Passwords

YES

YES

YES

Management of User Groups

YES

YES

YES

Management of Organizational Units

NO

YES

YES

Management of Applications

YES

YES

YES

Management of Application Parts (Modules)

NO

YES

YES

Application Configuration Wizard for ASP.NET

YES

YES

YES

ASP.NET - Web Forms Authentication

YES

YES

YES

ASP.NET - Windows Authentication

YES

YES

YES

ASP.NET - Role-Based Authorization

YES

YES

YES

ASP.NET - Permission-Based Authorization

NO

YES

YES

ASP.NET - Auditing

YES

YES

YES

ASP.NET - Management of Preferences

YES

YES

YES

ASP.NET - Web Farms support

YES

YES

YES

ASP.NET - User Controls

YES

YES

YES

ASP.NET - Delegation of Administration

YES

YES

YES

ASP.NET - Controlling Access to Web Content

YES

YES

YES

.NET WinForms Applications - Forms Authentication

YES

YES

YES

.NET WinForms Applications - Windows Authentication

YES

YES

YES

.NET WinForms Applications - Role-Based Authorization

YES

YES

YES

.NET WinForms Applications - Permission-Based Authorization

NO

YES

YES

.NET WinForms Applications - Auditing

YES

YES

YES

.NET WinForms Applications - Management of Preferences

YES

YES

YES

.NET WinForms Applications - Delegation of Administration

YES

YES

YES

.NET WinForms Applications - Logon Control

YES

YES

YES

ASP.NET Web Services - Authentication using WS-Security

YES

YES

YES

ASP.NET Web Services - Role-Based Authorization

YES

YES

YES

ASP.NET Web Services - Permission-Based Authorization

NO

YES

YES

ASP.NET Web Services - Auditing

YES

YES

YES

ASP.NET Web Services - Management of Preferences

YES

YES

YES

ASP.NET Web Services - Delegation of Administration

YES

YES

YES

Import from Microsoft Active Directory

NO

NO

YES

Import from Microsoft Windows NT Domains

NO

NO

YES

Import from ODBC databases

NO

NO

YES

It's Your Choice

When considering the user management and access control solution for your next project, try to answer the following questions:

  • How do I secure my application?
  • How secure and flexible is my solution?
  • How do I integrate my application with existing user databases?

And - of course: How many hours will I spend designing and implementing these features?

Please visit www.PortSight.com/SecureAccess to find more information, download the free Community Edition or the trial version. You can also see an on-line demo of the Web-based administration interface.

Should you have any questions, please feel free to contact us at support@PortSight.com or use the on-line form at http://www.PortSight.com/questions

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here

Share

About the Author

PortSight

United States United States
No Biography provided
Group type: Organisation

1 members


Comments and Discussions

 
GeneralUnable to debug this application PinsussAnonymous7-Jun-04 0:58 
I have downloaded the appliaction, and when i am trying to debug there is an error saying "unable to debug the web server" ? I have tried all the ways by adding to deguggers users groups and also to admininstrators group? what could be the problem? Please assist me in debugggin this application.
 
Thank you
GeneralRe: Unable to debug this application PinsussPetr Pindur7-Jun-04 2:35 
GeneralRe: Unable to debug this application PinsussPetr Pindur7-Jun-04 3:25 
GeneralRe: Unable to debug this application PinsussAnonymous13-Nov-04 18:24 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Terms of Use | Mobile
Web04 | 2.8.141223.1 | Last Updated 2 Mar 2004
Article Copyright 2004 by PortSight
Everything else Copyright © CodeProject, 1999-2014
Layout: fixed | fluid