DevForce Community Forum : [SOLVED] Security http://www.ideablade.com/forum/ This is an XML content feed of; DevForce Community Forum : DevForce Classic : [SOLVED] Security Thu, 11 Jun 2026 18:01:34 -700 Wed, 19 Sep 2007 12:57:30 -700 http://blogs.law.harvard.edu/tech/rss Web Wiz Forums 9.69 360 www.ideablade.com/forum/RSS_post_feed.asp?TID=428 DevForce Community Forum http://www.ideablade.com/forum/forum_images/IdeaBlade_logo_tm.png http://www.ideablade.com/forum/ [SOLVED] Security : Great! http://www.ideablade.com/forum/forum_posts.asp?TID=428&PID=1225#1225 Author: Bill Jensen
Subject: 428
Posted: 19-Sep-2007 at 12:57pm

Great!]]> Wed, 19 Sep 2007 12:57:30 -700 http://www.ideablade.com/forum/forum_posts.asp?TID=428&PID=1225#1225 [SOLVED] Security : Two issues worked against me:... http://www.ideablade.com/forum/forum_posts.asp?TID=428&PID=1223#1223 Author: Linguinut
Subject: 428
Posted: 19-Sep-2007 at 12:28pm

Two issues worked against me:
 
1)  The "acc.Value" from the above code returns an ALL CAPS string.  I just needed to make the ProfileCatalog entries reflect that.
2)  The domain name is included in the group name (or local machine, if a local group), so I needed to remove the domain name from the string.
 
It is working, now.  Clap


Edited by Linguinut - 19-Sep-2007 at 12:29pm]]> Wed, 19 Sep 2007 12:28:37 -700 http://www.ideablade.com/forum/forum_posts.asp?TID=428&PID=1223#1223 [SOLVED] Security : All rolesshould be retrieved from... http://www.ideablade.com/forum/forum_posts.asp?TID=428&PID=1220#1220 Author: Linguinut
Subject: 428
Posted: 19-Sep-2007 at 12:06pm

All roles should be retrieved from the Active Directory.

The LoginManager did not have the GetUserRoles method implemented, so I added code to iterate through the WindowsIdentity groups collection and slipped each group name into the string collection that is returned to create the IPrincipal object.
 
This does not work.  Either the LoginManager is not being called (although the LoginManagerRequired property of the ibConfig file is set to true--debugging now), or I implemented the GetUserRoles method improperly, as follows. 

WindowsIdentity wid = WindowsIdentity.GetCurrent(false);
List<string> groups = new List<string>();
IdentityReferenceCollection irc = wid.Groups.Translate(typeof(NTAccount));
foreach (NTAccount acc in irc)
{
groups.Add(acc.Value);
}
return groups.ToArray();
 
Another consideration is the "Applicable to server only" statement.  If I am running this app without BOS (for development purposes), then is the login manager not being used?
 
Thanks,
Bill


Edited by Linguinut - 19-Sep-2007 at 12:11pm]]> Wed, 19 Sep 2007 12:06:54 -700 http://www.ideablade.com/forum/forum_posts.asp?TID=428&PID=1220#1220 [SOLVED] Security : How are you authorizing (assigning... http://www.ideablade.com/forum/forum_posts.asp?TID=428&PID=1201#1201 Author: Bill Jensen
Subject: 428
Posted: 18-Sep-2007 at 1:42pm

How are you authorizing (assigning roles)?  Are roles stored in the your database?  How do they find their way into the Principal for the running application?

See the Login() method at LoginManager (in CabanaCo.Cabana.Model) line 76.
 
Bill J.
]]> Tue, 18 Sep 2007 13:42:56 -700 http://www.ideablade.com/forum/forum_posts.asp?TID=428&PID=1201#1201 [SOLVED] Security : Yup. Essentially. That is exactly... http://www.ideablade.com/forum/forum_posts.asp?TID=428&PID=1196#1196 Author: Linguinut
Subject: 428
Posted: 18-Sep-2007 at 12:18pm

Yup.  Essentially.  That is exactly what I expected; however, that is not what is happening.  I made myself a member of the sales group, but the module does not load.  I also added the "Domain Admins" group to the module (which I am already a part of) -- <Role Allow="Domain Admins"/> --, but that did not work, either.  Is there something else I need to "turn on" or "turn off" within the app?
 
I expect this would work on a view level, too, if I utilized the proper attributes and reflection.  Is that right? 
]]> Tue, 18 Sep 2007 12:18:09 -700 http://www.ideablade.com/forum/forum_posts.asp?TID=428&PID=1196#1196 [SOLVED] Security : CAB only loads the Spiratex.Aspire.Sales... http://www.ideablade.com/forum/forum_posts.asp?TID=428&PID=1195#1195 Author: Bill Jensen
Subject: 428
Posted: 18-Sep-2007 at 11:04am

CAB only loads the Spiratex.Aspire.Sales module if the current Principal responds true to IsInRole("Sales").

Is that the question?
 
Bill J.
]]> Tue, 18 Sep 2007 11:04:47 -700 http://www.ideablade.com/forum/forum_posts.asp?TID=428&PID=1195#1195 [SOLVED] Security : How does the following actually... http://www.ideablade.com/forum/forum_posts.asp?TID=428&PID=1187#1187 Author: Linguinut
Subject: 428
Posted: 17-Sep-2007 at 10:47am

How does the following actually work?

<Section Name="Sales">
    <Dependencies>
        <Dependency Name="Foundation" />
    </Dependencies>
    <Modules>
        <ModuleInfo AssemblyFile="Spiratex.Aspire.Sales.dll">
            <Roles>
                <Role Allow="Sales"/>
            </Roles>
        </ModuleInfo>
    </Modules>
</Section>

Will this work if I have an AD group called 'Sales'?


Edited by Linguinut - 17-Sep-2007 at 1:50pm]]> Mon, 17 Sep 2007 10:47:59 -700 http://www.ideablade.com/forum/forum_posts.asp?TID=428&PID=1187#1187 [SOLVED] Security : Well, for one, I could load/not... http://www.ideablade.com/forum/forum_posts.asp?TID=428&PID=1181#1181 Author: Linguinut
Subject: 428
Posted: 14-Sep-2007 at 9:37am

Well, for one, I could load/not load modules based on the user's role.  This involves the ProfileCatalog.xml file in some way.  Also, I want to make sure that I am not missing out on taking advantage of IOC/dependency injection.  A service would be a great place to put this kind of thing, I imagine.  That kind of application structure is a bit different.

Nevertheless, I am looking at any documentation, samples and videos that I can lay my hands on.  I am currently reviewing (again) your seminar on Securing Your Application.

Thanks!
Bill

]]> Fri, 14 Sep 2007 09:37:01 -700 http://www.ideablade.com/forum/forum_posts.asp?TID=428&PID=1181#1181 [SOLVED] Security : Idon&#039;t know why you would... http://www.ideablade.com/forum/forum_posts.asp?TID=428&PID=1177#1177 Author: davidklitzke
Subject: 428
Posted: 13-Sep-2007 at 7:01pm

I don't know why you would look at role-based authorizarion in Cabana applications any differently than you would look at role-based authorization in any other kind of IdeaBlade application.  In particular, I encourage you to look at the Advanced Tutorial on Role-based Authorization.

]]> Thu, 13 Sep 2007 19:01:13 -700 http://www.ideablade.com/forum/forum_posts.asp?TID=428&PID=1177#1177 [SOLVED] Security : No problem. I can introduce the... http://www.ideablade.com/forum/forum_posts.asp?TID=428&PID=1175#1175 Author: Linguinut
Subject: 428
Posted: 13-Sep-2007 at 5:23pm

No problem.  I can introduce the security aspect later in the project.]]> Thu, 13 Sep 2007 17:23:15 -700 http://www.ideablade.com/forum/forum_posts.asp?TID=428&PID=1175#1175 [SOLVED] Security : This question is a little like... http://www.ideablade.com/forum/forum_posts.asp?TID=428&PID=1173#1173 Author: Bill Jensen
Subject: 428
Posted: 13-Sep-2007 at 5:13pm

This question is a little like asking "In 25 words or less...discuss China".
 
I'm out of the office through Monday.  I'll be happy to address this when I return on Tuesday.
 
Bill J.
]]> Thu, 13 Sep 2007 17:13:51 -700 http://www.ideablade.com/forum/forum_posts.asp?TID=428&PID=1173#1173 [SOLVED] Security : What is the best way to handle... http://www.ideablade.com/forum/forum_posts.asp?TID=428&PID=1172#1172 Author: Linguinut
Subject: 428
Posted: 13-Sep-2007 at 1:18pm

What is the best way to handle role-based security in the CAB?
 
Thanks,
Bill


Edited by Linguinut - 19-Sep-2007 at 12:30pm]]> Thu, 13 Sep 2007 13:18:42 -700 http://www.ideablade.com/forum/forum_posts.asp?TID=428&PID=1172#1172