How to integrate in ASP.Net application 2.0 ?
To integrate Visual Guard in your ASP.Net Web Site, Web Application or Web Service
project you have to:
- Add the assemblies of Visual Guard as references of your project.
- Modify the “web.config” file of your application to integrate the Visual Guard module.
- Integrate Visual Guard in the code of your application.
- Create a Visual Guard repository and declare your application by using the Visual
Guard console. This repository will contain all security items (users, roles, permissions
…) of your application. - Generate the Visual Guard configuration files
by using the Visual Guard console. These configuration files will be needed to connect
your application to the repository. - Grant read/write permissions to the repository.
Integration Demo
Referencing Visual Guard assemblies
- Opens the solution of your project in Visual Studio.
- In the solution explorer, expands the project node.
- Right-click the Project node for the project and select
Add Reference
from the shortcut menu. - In .Net tab, select the 4 assemblies
- Novalys.VisualGuard.Security
- Novalys.VisualGuard.Security.WebForm
- Novalys.VisualGuard.Security.<RepositoryType> (Files, SQLServer or Oracle)
- Novalys.VisualGuard.Security.<ApplicationFrameworkType> (Depending on type of application’s framework, whether .NetFramework or .NetCore)
And, then click the Select button, and then click the OK button
 Note |
|---|
| Once the Visual Guard assemblies are referenced into project, you need to mark “Copy Local” property to “true” for each assembly. |
| Note |
|---|
| You must add either Novalys.VisualGuard.Security.NetFramework or Novalys.VisualGuard.Security.Core (Depending on type of application’s framework) |
- Novalys.VisualGuard.Security contains the main Visual Guard classes.
- Novalys.VisualGuard.Security.Files contains the classes needed to access
to a file based repository. - Novalys.VisualGuard.Security.SQLServer contains the classes needed
to access to a repository stored in a Microsoft SQLServer database (SQLServer 2005
or higher). Available only in Visual Guard Enterprise Edition - Novalys.VisualGuard.Security.Oracle
contains the classes needed to access to a repository stored in an Oracle database
(9i or higher). Available only in Visual Guard Enterprise Edition - Novalys.VisualGuard.Security.WebForm contains the classes
needed for ASP.Net application. You must reference this assembly in ASP.Net web
application or
WebService project. - Novalys.VisualGuard.Security.NetFramework contains all classes required to support .Net Framework applications.
This assembly is needed only if you want to integrate Visual Guard in .net framework applications. - Novalys.VisualGuard.Security.Core contains all classes required to support .Net Core applications.
This assembly is needed only if you want to integrate Visual Guard in .net core applications.
Modifying the “web.config” file of your application
- Open the “web.config” file of your application or add a new one to your
project. - Add the following line of code in the <httpModules> node.
<add type="Novalys.VisualGuard.Security.WebForm.VGHttpModule,Novalys.VisualGuard.Security.WebForm" name="VGModule"/>
<configuration> <system.web> ... <!-- Classic Mode --> <httpModules> <add type= "Novalys.VisualGuard.Security.WebForm.VGHttpModule,Novalys.VisualGuard.Security.WebForm" name="VGModule"/> </httpModules> ... </system.web> <system.webserver> ... <!-- Integrated Mode --> <modules runAllManagedModulesForAllRequests="true" > <add type= "Novalys.VisualGuard.Security.WebForm.VGHttpModule,Novalys.VisualGuard.Security.WebForm" name="VGModule"/> </modules> ... </system.webserver> </configuration>
- Open the Visual Guard console and connect to the repository associated to your application.
- Create a new role in your application with a permission set containing permissions
for an anonymous user. - Select the item corresponding to your application and, in the property
“Anonymous role”, select the role created above. - To take into account this modification in your application, you must regenerate the Visual Guard configuration files of your application or edit
them and change the option anonymousSessionSupported. - Modify your authorization section of web.config file
in order to allow anonymous access to your website.
<configuration> <configSections> <section name="VGWebConfiguration" type="Novalys.VisualGuard.Security.WebForm.VGWebConfiguration" /> </configSections> ... <VGWebConfiguration excludeExtension=".css,.png,.js,.gif,.jpg,.Gif"> <ExcludePages> <add Url="^~/$" /> <add Url="~/Account/Login" /> </ExcludePages> <VGCookieConfig Domain=".vg.local" DomainScope="WebSSO" AutoRedirect="true" AuthenticationUrl="http://vg.local/webApp/Account/Login" /> </VGWebConfiguration> </configuration>
Web SSO
- If the tag VGCookieConfig is not defined, Visual Guard Authentication restricts its scope for the website only.
- Value for the property Domain restricts Visual Guard Authentication to that particular domain. Hence, all web application coming under that domain will be authenticated.
- Value for the property DomainScope defines the scope of Visual Guard Authentication.
- Website: Restricts authentication only for current web application.
- WebSSO: Restricts authentication for all web applications which comes under defined domain. Signing out from one application results sign out from all web applications.
- All: Restricts authentication for all web applications which comes under defined domain. But here signing out from one application would not affect other applications.
- If the value of property AutoRedirect is true and the user is not authenticate VG redirects the user to AuthenticationUrl.
- Value of the property AuthenticationUrl gets or sets the url for authentication.
Configuring Membership
<configuration> <system.web> ... <roleManager defaultProvider="VGRoleProvider" enabled="true"> <providers> <add name="VGRoleProvider" type="Novalys.VisualGuard.Security.WebForm.VGRoleProvider, Novalys.VisualGuard.Security.WebForm"/> </providers> </roleManager> <membership defaultProvider="VGMemberShipProvider"> <providers> <add name="VGMemberShipProvider" type="Novalys.VisualGuard.Security.WebForm.VGMemberShipProvider, Novalys.VisualGuard.Security.WebForm"/> </providers> </membership> ... </system.web> </configuration>
Integrating Visual Guard in your code
- When you want to use the Form Authentication mode, you must create authentication form that will be used to identify the users.
- When you want to secure a WebService, a custom class or custom control, you must
call Visual Guard to set the security of this object
(Form and Master class are automatically secured by Visual Guard). - When you want to check if a user has a specific permission or a specific role, you
can use
VGSecurityManagerPrincipal
or use the property
HttpContext.User
HttpContext.User.
To create a Login page
Page.Validate();
if (!Page.IsValid)
{
return;
}
VGAuthenticationState state = VGSecurityManager.Authenticate(usernameTextBox.Text, passwordTextBox.Text, VGAuthenticationMode.VisualGuard);
// Check if the authentication is failed.
if (state.IsFailed)
{
FormsAuthentication.SignOut();
// The username/password is invalid
if (state.IsCredentialInvalid)
{
if (state.IsLastBadLogin)
{
// According to the password policy, the next bad login will lock the {account}
errorLabel.Text = "Invalid user or password. The next bad login will lock your account.";
}
else
{
errorLabel.Text = "Invalid user or password";
}
}
else if (state.IsUserNotAuthorized)
{
// The credentials are valid but the user does not have any role granted for the application
errorLabel.Text = "You are not authorized to log on to this application";
}
else if (state.IsUserAccountExpired)
{
// The account of the user has expired
errorLabel.Text = "Your account is no more valid. Contact your administrator";
}
else if (state.IsUserAccountNotYetAvailable)
{
// The account of the user is not yet available
errorLabel.Text = "Your account is not yet available.";
}
else if (state.IsUserAccountLockedOut)
{
// The account of the user is locked out and must be unlocked by using the Visual { Guard console.}
errorLabel.Text = "Your account is locked. Contact your administrator.";
}
else if (state.MustChangePasswordAtNextLogon)
{
// The user must change the password
RedirectToChangePasswordPage();
}
errorLabel.Visible = true;
}
else
{
if (!state.IsPasswordSecure)
{
// According to the password policy, the password is enough secure
FormsAuthentication.SetAuthCookie(usernameTextBox.Text,remenberCheckBox.Checked); RedirectToChangePasswordPage();
}
else
{
FormsAuthentication.RedirectFromLoginPage(usernameTextBox.Text,remenberCheckBox.Checked);
}
}
}
Private Sub SurroundingSub() Page.Validate() If Not Page.IsValid Then Return End If Dim state As VGAuthenticationState = VGSecurityManager.Authenticate(usernameTextBox.Text, passwordTextBox.Text, VGAuthenticationMode.VisualGuard) If state.IsFailed Then FormsAuthentication.SignOut() If state.IsCredentialInvalid Then If state.IsLastBadLogin Then errorLabel.Text = "Invalid user or password. The next bad login will lock your account." Else errorLabel.Text = "Invalid user or password" End If ElseIf state.IsUserNotAuthorized Then errorLabel.Text = "You are not authorized to log on to this application" ElseIf state.IsUserAccountExpired Then errorLabel.Text = "Your account is no more valid. Contact your administrator" ElseIf state.IsUserAccountNotYetAvailable Then errorLabel.Text = "Your account is not yet available." ElseIf state.IsUserAccountLockedOut Then If True Then Dim console As Guard End If errorLabel.Text = "Your account is locked. Contact your administrator." ElseIf state.MustChangePasswordAtNextLogon Then RedirectToChangePasswordPage() End If errorLabel.Visible = True Else If Not state.IsPasswordSecure Then FormsAuthentication.SetAuthCookie(usernameTextBox.Text, remenberCheckBox.Checked) RedirectToChangePasswordPage() Else FormsAuthentication.RedirectFromLoginPage(usernameTextBox.Text, remenberCheckBox.Checked) End If End If End Sub
To secure your application objects
How to filter granted roles
[Visual Basic] Sub VGModule_PermissionLoading(ByVal sender As Object, ByVal e As VGPermissionsLoadingEventArgs) If e.Roles.Length > 1 Then Dim selectedRoles(1) As Novalys.VisualGuard.Security.VGGrantedRole For Each role As Novalys.VisualGuard.Security.VGGrantedRole In e.Roles If role.Name = "Administrator" Then selectedRoles(0) = role Exit For Else If role.Name = "Member" Then selectedRoles(0) = role Exit For End If End If Next If selectedRoles(0) Is Nothing Then e.Status = Novalys.VisualGuard.Security.VGAuthorizationStatus.ProcessCanceled Else e.Roles= selectedRoles End If End If End Sub
void VGModule_PermissionLoading(object sender, VGPermissionsLoadingEventArgs args) { if (e.Roles.Length > 1) { Novalys.VisualGuard.Security.VGGrantedRole[] selectedRoles = new Novalys.VisualGuard.Security.VGGrantedRole[1]; foreach (Novalys.VisualGuard.Security.VGGrantedRole role in e.Roles) { if (role.Name == "Administrator") { selectedRoles[0] = role; break; } else if (role.Name == "Member") { selectedRoles[0] = role; break; } } if (selectedRoles[0] == null) { e.Status = Novalys.VisualGuard.Security.VGAuthorizationStatus.ProcessCanceled; } else { e.Roles = selectedRoles; } } }
Creating a repository and declaring the application
| Note |
|---|
| If you want to test the connection to this repository from your application, you will need to create a role for your application in the Visual Guard console and grant this role to a user. A user defined in the repository can access your application only when a role of the application is granted to this user. |
Granting Read/Write permission to the Repository
- Open the Explorer.
- Right click the directory containing the repository data then select the menu “Properties”.
- In the “Security” tab, click on the “Add” button and select the user for which you
want to grant the permission (i.e. MACHINE\ASPNET) then click ok. - In the list of permissions, click the option “Modify” then click on the “OK” button.