How to apply security in your application

Estimated reading: 3 minutes 291 views

Using Security Actions

  • ‘Properties’ Action: this type of action will dynamically modify the value of property
    of objects that are secured by Visual Guard in your application.
  • ‘Script’ Action: this type of action allows to dynamically execute a script in your

Properties Action

#CurrentValue + ' And Country = '''+ #Permission['Country'] + ''''
public bool HideSalary
        return hideSalary;
        hideSalary = value;
        EmployeeDataList.Columns[5].Visible = value;

Script Action

Option Explicit On

Imports Novalys.VisualGuard.NorthwindSample
Imports Novalys.VisualGuard.Security
Imports Novalys.VisualGuard.Security.Action
Imports System
Imports System.Collections
Imports System.Windows.Forms
Imports System.Text

Namespace Novalys.VisualGuard.DynamicScript
    Public Class Cdff07f9054f2411bac2d424a4346dc27
        Inherits Novalys.VisualGuard.Security.Action.VGDynamicScript
        Public Overrides Sub Execute(ByVal target As Object, ByVal permission As VGIPermission, ByVal eventArgs() As Object)

        ' All script actions can be see in the debugger
        ' If the current application is in debug mode, signals a breakpoint to the debugger

        ' This parameter contains the object for which the action is executed
        Dim main as MDIForm = CType(target, MDIForm)
        main.Text = main.Text + " ********"

        ' Information about the current permission and its attributes
        Dim sb As New StringBuilder
        sb.AppendFormat("Current Permission : {0} (id={1})", permission.Name, permission.Id)
        sb.AppendFormat(" * Value of the permission attribute 'Attribute1': {0}", permission.Item("Attribute1"))
        sb.AppendFormat(" * Value of the permission attribute 'Attribute2': {0}", permission.Item("Attribute2"))

        ' Information about the arguments of the event for which the action is executed.
        ' For example for a click event:
        '    * the first element in the array is the sender.
        '      * the second is the EventArgs.
        If eventArgs.Length > 0 Then
            sb.Append("Event Information")
            For Each arg As Object In eventArgs
                    sb.AppendFormat(" * {0}", arg.GetType().ToString())
            sb.Append("The event does not have any arguments")
        End If

        ' Information about the current principal
        sb.AppendFormat("Current User: {0}", VGSecurityManager.Principal.Identity.Name)
        For Each role As VGGrantedRole In VGSecurityManager.Principal.Roles
            sb.AppendFormat("{0}, ", role.Name)
    End Sub
    End Class
End Namespace

Testing permissions in your application

If Not VGSecurityManager.Principal.HasPermission("Display only information on a country") Then
    MessageBox.Show("The current user can see all countries"
    Dim myPerm As  VGSecurityManager.Principal.GetPermission("Display only information on a country")
    Dim myValue As String = CType(myPerm("Country"), String)
    MessageBox.Show(String.Format("The current user can see only information about the country '{0}'", myValue))
End If

Using VGPrincipalPermission and Code Access Security

<VGPrincipalPermission(SecurityAction.Demand, Name="Administrator",Type=VGPermissionType.Role]> _
<VGPrincipalPermission(SecurityAction.Demand, Name="\Employees\Allows to edit employees",Type=VGPermissionType.Permission)]> _
Private Sub MethodWithRestrictedAccess()
    MessageBox.Show("You can see this message only if you are an administrator")
End Sub
Private Sub MethodWithRestrictedAccess()
    Dim PrincipalPerm1 As New VGPrincipalPermission("\Samples\Allow to call restricted method", VGPermissionType.Permission)
    Dim PrincipalPerm2 As New VGPrincipalPermission("Administrator", VGPermissionType.Role)
End Sub

Using URL authorization in ASP.Net context

  <allow roles="Administrator"/>
  <deny users="*"/>
  <allow roles="Administrator"/>
  <deny users="%\Employees\Allows to edit employees,%{e40b426a-9e78-4cb6-9f0d-ab047420f542}"/>

Using ASP.NET login controls Web

 <asp:LoginView ID="LoginView1" runat="server">
        <asp:RoleGroup Roles="%\Employees\Hide Salary">
        <asp:RoleGroup Roles="%{e40b426a-9e78-4cb6-9f0d-ab047420f542}">

See Also


Other Resources