[SOLVED] Security

Post Reply

Author	Message / View Unread Post Share Topic Printable Version Delicious Digg Facebook Furl Google Boomarks Google Buzz MySpace Newsvine reddit StumbleUpon Translate Twitter Windows Live Yahoo Bookmarks Topic Search Topic Options Post Reply Create New Topic
Bill Jensen Members Profile Send Private Message Find Members Posts Add to Buddy List IdeaBlade Joined: 31-Jul-2007 Location: United States Posts: 229	Post Options Post Reply Quote Bill Jensen Report Post Quote Reply Topic: [SOLVED] Security Posted: 19-Sep-2007 at 12:57pm
	Great!

Linguinut Members Profile Send Private Message Find Members Posts Add to Buddy List Senior Member Joined: 14-Jun-2007 Location: United States Posts: 394	Post Options Post Reply Quote Linguinut Report Post Quote Reply Posted: 19-Sep-2007 at 12:28pm
	Two issues worked against me: 1) The "acc.Value" from the above code returns an ALL CAPS string. I just needed to make the ProfileCatalog entries reflect that. 2) The domain name is included in the group name (or local machine, if a local group), so I needed to remove the domain name from the string. It is working, now. Edited by Linguinut - 19-Sep-2007 at 12:29pm

Linguinut Members Profile Send Private Message Find Members Posts Add to Buddy List Senior Member Joined: 14-Jun-2007 Location: United States Posts: 394	Post Options Post Reply Quote Linguinut Report Post Quote Reply Posted: 19-Sep-2007 at 12:06pm
	All roles should be retrieved from the Active Directory. The LoginManager did not have the GetUserRoles method implemented, so I added code to iterate through the WindowsIdentity groups collection and slipped each group name into the string collection that is returned to create the IPrincipal object. This does not work. Either the LoginManager is not being called (although the LoginManagerRequired property of the ibConfig file is set to true--debugging now), or I implemented the GetUserRoles method improperly, as follows. WindowsIdentity wid = WindowsIdentity.GetCurrent(false); List<string> groups = new List<string>(); IdentityReferenceCollection irc = wid.Groups.Translate(typeof(NTAccount)); foreach (NTAccount acc in irc) { groups.Add(acc.Value); } return groups.ToArray(); Another consideration is the "Applicable to server only" statement. If I am running this app without BOS (for development purposes), then is the login manager not being used? Thanks, Bill Edited by Linguinut - 19-Sep-2007 at 12:11pm

Bill Jensen Members Profile Send Private Message Find Members Posts Add to Buddy List IdeaBlade Joined: 31-Jul-2007 Location: United States Posts: 229	Post Options Post Reply Quote Bill Jensen Report Post Quote Reply Posted: 18-Sep-2007 at 1:42pm
	How are you authorizing (assigning roles)? Are roles stored in the your database? How do they find their way into the Principal for the running application? See the Login() method at LoginManager (in CabanaCo.Cabana.Model) line 76. Bill J.

Linguinut Members Profile Send Private Message Find Members Posts Add to Buddy List Senior Member Joined: 14-Jun-2007 Location: United States Posts: 394	Post Options Post Reply Quote Linguinut Report Post Quote Reply Posted: 18-Sep-2007 at 12:18pm
	Yup. Essentially. That is exactly what I expected; however, that is not what is happening. I made myself a member of the sales group, but the module does not load. I also added the "Domain Admins" group to the module (which I am already a part of) -- <Role Allow="Domain Admins"/> --, but that did not work, either. Is there something else I need to "turn on" or "turn off" within the app? I expect this would work on a view level, too, if I utilized the proper attributes and reflection. Is that right?

Bill Jensen Members Profile Send Private Message Find Members Posts Add to Buddy List IdeaBlade Joined: 31-Jul-2007 Location: United States Posts: 229	Post Options Post Reply Quote Bill Jensen Report Post Quote Reply Posted: 18-Sep-2007 at 11:04am
	CAB only loads the Spiratex.Aspire.Sales module if the current Principal responds true to IsInRole("Sales"). Is that the question? Bill J.

Linguinut Members Profile Send Private Message Find Members Posts Add to Buddy List Senior Member Joined: 14-Jun-2007 Location: United States Posts: 394	Post Options Post Reply Quote Linguinut Report Post Quote Reply Posted: 17-Sep-2007 at 10:47am
	How does the following actually work? <Section Name="Sales"> <Dependencies> <Dependency Name="Foundation" /> </Dependencies> <Modules> <ModuleInfo AssemblyFile="Spiratex.Aspire.Sales.dll"> <Roles> <Role Allow="Sales"/> </Roles> </ModuleInfo> </Modules> </Section> Will this work if I have an AD group called 'Sales'? Edited by Linguinut - 17-Sep-2007 at 1:50pm

Linguinut Members Profile Send Private Message Find Members Posts Add to Buddy List Senior Member Joined: 14-Jun-2007 Location: United States Posts: 394	Post Options Post Reply Quote Linguinut Report Post Quote Reply Posted: 14-Sep-2007 at 9:37am
	Well, for one, I could load/not load modules based on the user's role. This involves the ProfileCatalog.xml file in some way. Also, I want to make sure that I am not missing out on taking advantage of IOC/dependency injection. A service would be a great place to put this kind of thing, I imagine. That kind of application structure is a bit different. Nevertheless, I am looking at any documentation, samples and videos that I can lay my hands on. I am currently reviewing (again) your seminar on Securing Your Application. Thanks! Bill

davidklitzke Members Profile Send Private Message Find Members Posts Add to Buddy List IdeaBlade Joined: 14-Jun-2007 Posts: 715	Post Options Post Reply Quote davidklitzke Report Post Quote Reply Posted: 13-Sep-2007 at 7:01pm
	I don't know why you would look at role-based authorizarion in Cabana applications any differently than you would look at role-based authorization in any other kind of IdeaBlade application. In particular, I encourage you to look at the Advanced Tutorial on Role-based Authorization.

Linguinut Members Profile Send Private Message Find Members Posts Add to Buddy List Senior Member Joined: 14-Jun-2007 Location: United States Posts: 394	Post Options Post Reply Quote Linguinut Report Post Quote Reply Posted: 13-Sep-2007 at 5:23pm
	No problem. I can introduce the security aspect later in the project.

Bill Jensen Members Profile Send Private Message Find Members Posts Add to Buddy List IdeaBlade Joined: 31-Jul-2007 Location: United States Posts: 229	Post Options Post Reply Quote Bill Jensen Report Post Quote Reply Posted: 13-Sep-2007 at 5:13pm
	This question is a little like asking "In 25 words or less...discuss China". I'm out of the office through Monday. I'll be happy to address this when I return on Tuesday. Bill J.

Linguinut Members Profile Send Private Message Find Members Posts Add to Buddy List Senior Member Joined: 14-Jun-2007 Location: United States Posts: 394	Post Options Post Reply Quote Linguinut Report Post Quote Reply Posted: 13-Sep-2007 at 1:18pm
	What is the best way to handle role-based security in the CAB? Thanks, Bill Edited by Linguinut - 19-Sep-2007 at 12:30pm

Post Reply

Forum Jump

Forum Permissions View Drop Down

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot delete your posts in this forum
You cannot edit your posts in this forum
You cannot create polls in this forum
You cannot vote in polls in this forum