 |
Third Party Products »
Product Showcase »
Components and Libraries
Intermediate
Secure Your .NET Applications and Integrate Them with Active DirectoryBy PortSightFree .NET Component for managing users and controlling access to your applications. |
C#, VB, Windows, .NET 1.0, .NET 1.1, Visual Studio, Dev
|
|
Advanced Search Add to IE Search |
|
|
|
This is a showcase review for our sponsors at CodeProject. These reviews are intended to provide you with information on products and services that we consider useful and of value to developers.
Do you need one solution for managing users and security in all .NET applications? Or do you need to integrate your applications with Active Directory? PortSight Secure Access can solve most security issues. Even better - you can get it completely free!
PortSight Secure Access is a .NET component. It provides a database of users, user groups and organizational units and it allows you to control access to your applications. The programming interface can be used in ASP.NET, WinForms and Web Services. The Enterprise Edition allows you to import user accounts from Active Directory, Windows domains and ODBC-enabled databases.
Figure 1 - PortSight Secure Access high-level architecture.
The installation of PortSight Secure Access is simple - you just go through the wizard and it creates the Secure Access user database and installs the Web-based user interface.
Figure 2 - PortSight Secure Access installation is really smooth.
The Application Configuration Wizard helps you configure security of your ASP.NET application in a few easy steps. You only need to create an empty ASP.NET project and choose the security options in the wizard. You can choose between Forms and Windows authentication. The wizard modifies the virtual directory security settings, copies Secure Access files to your application and modifies the Global.asax file.
Figure 3 - Application Configuration Wizard helps you configure security of your ASP.NET application.
After completing the wizard and compilation, your application requires authentication and is fully prepared for implementing authorization and auditing features. If you chose Forms authentication, users have to provide their user name and password. In this case, passwords are stored in the database. You can choose to store only hash of the passwords to avoid password exposure.
Figure 4 - The logon form offers rich functionality, including "Send Forgotten Password" and "Change Expired Password" features. It also enforces the password policy when changing the password.
User profiles are stored in the database along with other information. The profile contains the most common fields, such as user name, full name, e-mail address or shipping address. But the default fields do not limit you - you can add any number of custom properties to the user profile. You can use these fields for storing user preferences and settings.
Figure 5 - User profile can contain any number of your custom properties.
PortSight Secure Access allows you to control access to particular modules or features. It provides a variety of authorization methods.
[VB.NET]
If ARHelper.IsMember("JohnD", "PMs") Then ...
[C#]
If (ARHelper.IsMember("JohnD", "PMs") { ...
A more advanced and the most common way is using role-based security. You can define any number of roles for each application and assign these roles to users and groups.
Code 2 - Checking if user is member of particular role.
[VB.NET]
If ARHelper.IsInRole("JohnD", "WorkReports.Manager") Then ...
[C#]
If (ARHelper.IsInRole("JohnD", "WorkReports.Manager") { ...
Figure 6 - The Web-based user interface allows you to manage security of your applications from one single point.
Permissions represent the most flexible authorization method. You can define permissions for each application or module and then grant these permissions to users. However, the preferred solution is granting permissions to roles instead of users and assign users (or groups) to these roles. In this way, your customer can easily modify default permissions for particular roles by himself. It also helps you avoid re-writing the application code when a customer decides, "TeamLeaders role members should be allowed to APPROVE in the WORKREPORTS application" instead of "TeamLeaders role members should be only allowed to READ in the WORKREPORTS application".
Code 3 - Checking user permissions.
[VB.NET]
If ARHelper.IsAuthorized("JohnD","WorkReports.ReportViewer","Read") Then ...
[C#]
If (ARHelper.IsAuthorized("JohnD", "WorkReports.ReportViewer", "Read")) {...
Figure 7 - Permissions for particular roles can be easily managed using the Permission Matrix control.
So far, we have mentioned only authorization in your applications. However, PortSight Secure Access allows you to control access to downloading any Web content. You can define the content using the path mask, such as "*.doc" or "/PortSight/secret/img*.jpg" and you can check in your code what permissions (in Secure Access) are required for the files.So far, we have mentioned only authorization in your applications. However, PortSight Secure Access allows you to control access to downloading any Web content. You can define the content using the path mask, such as "*.doc" or "/PortSight/secret/img*.jpg" and you can check in your code what permissions (in Secure Access) are required for the files.
An important feature of the application security is auditing of user activities. It can help you detect attacks and attempts at unauthorized access to secret data and also keep track of data modifications. Last but not least, some laws, including the HIPAA rules, require the auditing trail.
Code 4 - Logging activities in the auditing trail is extremely simple.
[VB.NET]
ARHelper.Log("JohnD", "User changed amount to USD 5.90",
"WorkReports.TravelExpenses")
[C#]
ARHelper.Log("JohnD", "User changed amount to USD 5.90",
"WorkReports.TravelExpenses");
In some cases, the security of the system requires immediate and frequent changes. When a manager gets new people on the project, it's often necessary to grant them permissions to various applications. With PortSight Secure Access delegation features, the manager can do this without waiting for an administrator. The administrator can easily delegate the management of groups, organizational units and roles to privileged users.
Figure 8 - You can delegate part of the security management to privileged users and avoid administrator's bottleneck. All you have to do is add this user control to your application.
Creating, modifying and deleting users and groups in several systems becomes difficult or even impossible as the number of systems grows. Although PortSight Secure Access has its own user database, this doesn't mean that it's another headache for your administrator.
It allows you to set up a regular import from Microsoft Active Directory, Windows domains and existing ODBC-enabled databases. You can import user accounts as well as user groups, organizational units and membership information. When you update the user's e-mail address in Active Directory, the change is automatically copied to your Secure Access database during the periodical import, ensuring that your application works with the latest data.
Figure 9 - You can map source properties to Secure Access fields in the Import Wizard.
Secure Access is delivered with several ASP.NET user controls, such as:
The WinForms user controls include "Logon Form" and "Change Password" dialogs.
Figure 10 - Selection of multiple users doesn't require any difficult coding.
PortSight Secure Access 2.0 supports not only ASP.NET applications, but also WinForms and Web Services. The WinForms applications can use either Secure Access components directly or - preferably - they can consume Secure Access Web Service that provides the most frequent methods to the client applications. Using this Web Service, you can use Secure Access features on virtually any platform or device with Web Services support.
The new Secure Access version comes also with support for securing your own Web Services. It uses Microsoft Web Services Enhancements to implement the WS-Security standard. The users of your Web Service need to provide their user name and password to call Web Service methods and your Web Service can check client's roles and permissions.
Figure 11 - PortSight Secure Access now secures also WinForms and Web Services. It's delivered with "Logon Form" and "Change Password" controls for WinForms.
PortSight has also released a free edition of Secure Access - the Community Edition. It's available for download on http://www.portsight.com/SecureAccess. It's limited to 100 user accounts stored in the database; it doesn't support organizational units and permissions. It's intended for smaller projects and it's free also for commercial use.
Table 1 - Available Editions.
|
Edition |
Description |
Price |
|
Community Edition |
- Limited to 100 user accounts. |
Free |
|
Standard Edition |
USD 249 per server | |
|
Enterprise Edition |
- All features of the Standard Edition. |
USD 399 per server |
Table 2 - Feature Comparison...
| Feature |
Community |
Standard | Enterprise |
| Unlimited Number of User Accounts |
NO (100) |
YES |
YES |
| Management of User Profiles and Passwords |
YES |
YES |
YES |
| Management of User Groups |
YES |
YES |
YES |
| Management of Organizational Units |
NO |
YES |
YES |
| Management of Applications |
YES |
YES |
YES |
| Management of Application Parts (Modules) |
NO |
YES |
YES |
| Application Configuration Wizard for ASP.NET |
YES |
YES |
YES |
| ASP.NET - Web Forms Authentication |
YES |
YES |
YES |
| ASP.NET - Windows Authentication |
YES |
YES |
YES |
| ASP.NET - Role-Based Authorization |
YES |
YES |
YES |
|
ASP.NET - Permission-Based Authorization |
NO |
YES |
YES |
| ASP.NET - Auditing |
YES |
YES |
YES |
| ASP.NET - Management of Preferences |
YES |
YES |
YES |
| ASP.NET - Web Farms support |
YES |
YES |
YES |
| ASP.NET - User Controls |
YES |
YES |
YES |
| ASP.NET - Delegation of Administration |
YES |
YES |
YES |
| ASP.NET - Controlling Access to Web Content |
YES |
YES |
YES |
| .NET WinForms Applications - Forms Authentication |
YES |
YES |
YES |
| .NET WinForms Applications - Windows Authentication |
YES |
YES |
YES |
| .NET WinForms Applications - Role-Based Authorization |
YES |
YES |
YES |
|
.NET WinForms Applications - Permission-Based Authorization |
NO |
YES |
YES |
| .NET WinForms Applications - Auditing |
YES |
YES |
YES |
| .NET WinForms Applications - Management of Preferences |
YES |
YES |
YES |
| .NET WinForms Applications - Delegation of Administration |
YES |
YES |
YES |
| .NET WinForms Applications - Logon Control |
YES |
YES |
YES |
| ASP.NET Web Services - Authentication using WS-Security |
YES |
YES |
YES |
| ASP.NET Web Services - Role-Based Authorization |
YES |
YES |
YES |
|
ASP.NET Web Services - Permission-Based Authorization |
NO |
YES |
YES |
| ASP.NET Web Services - Auditing |
YES |
YES |
YES |
| ASP.NET Web Services - Management of Preferences |
YES |
YES |
YES |
| ASP.NET Web Services - Delegation of Administration |
YES |
YES |
YES |
| Import from Microsoft Active Directory |
NO |
NO |
YES |
| Import from Microsoft Windows NT Domains |
NO |
NO |
YES |
| Import from ODBC databases |
NO |
NO |
YES |
When considering the user management and access control solution for your next project, try to answer the following questions:
And - of course: How many hours will I spend designing and implementing these features?
Please visit www.PortSight.com/SecureAccess to find more information, download the free Community Edition or the trial version. You can also see an on-line demo of the Web-based administration interface.
Should you have any questions, please feel free to contact us at support@PortSight.com or use the on-line form at http://www.PortSight.com/questions
| You must Sign In to use this message board. | |||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
General 
News 
Question 
Answer 
Joke 
Rant 
Admin
|
PermaLink |
Privacy |
Terms of Use
Last Updated: 1 Mar 2004 Editor: Chris Maunder |
Copyright 2004 by PortSight Everything else Copyright © CodeProject, 1999-2009 Web15 | Advertise on the Code Project |
