How to integrate VG in PowerBuilder?

Estimated reading: 6 minutes 860 views

You need to have the below requirements to integrate Power Builder in Visual Guard

  • Minimum PowerBuilder version PB 2019R3
  • VGIdentityServer 2024
  • VGWinConsole 2024

To Integrate Visual Guard in your PowerBuilder application, you have to:

  • Add the library of Visual Guard in library list of your target.
  • Add the Dll of Visual Guard runtime in your directory project
  • Integrate Visual Guard in the code of your application.
  • Create a Visual Guard repository and declare your application by using the Visual Guard console. This repository will contain all security items (users, roles, permissions …) of your application.
  • Generate the Visual Guard configuration files by using the Visual Guard console. These configuration files will be needed to connect your application to the repository.
  • Grant read/write permissions to the repository.

Add Visual Guard pbl files in your application

  • Open the workspace of your project in PowerBuilder.
  • In the solution explorer, expand the workspace node.
  • Right-click the Target node for the workspace and select Properties from the shortcut menu.
  • In Library List tab, select the 2 libraries Novalys.visualguard.security.pbrt.pbl, Novalys.visualguard.security.pbrte.pbl .
  • Click the OK button
  • Novalys.VisualGuard.Security.pbrt.pbl conains the main Visual Guard classes. The content of this PBL should not be modified by developers.
  • Novalys.VisualGuard.Security.pbrte.pbl contains the classes needed to extend the functionality of Visual Guard.
  • Novalys.VisualGuard.Security.pbrt.dll contains the base classes and SSO manager.

Generate your configuration file for connection to Visual Guard Repository

  1. Using Visual Guard Identity Server
  2. Without Using Visual Guard Server (Using VGPBClient – Local system)

Using Visual Guard Identity Server

File configuration of PowerBuilder application

Variable NameDescriptionValue
VGServerUrl of VGServer or VGidentityServerUrl sample
http://127.0.0.1:29000|http://127.0.0.1:29001
VGPBClient to communicate with VGRuntime (.Net)
portPort of the service Default is 80 for http, you can set 443 for https
ClientidOnly for VGIdenityServer <GUID>
SecretOnly for VGIdentityServer, encoded to base64
mergeRolesNeed to merge the rolesY= for yes
N= for no
supportedAuthenticationModesWhat type of authentification is supportedVG equals VisualGuard
AD equals Active Directory
WC equals Windows by credentials
PL equals PasswordLess authentication
Db equals Database authentication
silentModeY= for yes
N= for no
traceY= for yes
N= for no

PowerBuilder file configuration for IdentityServer

[SECURITY] 
VGServer=http://127.0.0.1:29000|http://127.0.0.1:29001 
ClientId=<Guid>
secret=<Password encoded to base64>
mergeRoles=Y 
supportedAuthenticationModes=VG|AD|WC 
dynamicBrowser=Y 
silentMode=Y 
trace=Y

Without Using Visual Guard Server (Using VGPBClient – Local system)

[SECURITY] 
VGServer=VGPBClient 
TraceServeur=Y (or N, to delete or no files exchange with VGPBClient for tracing execution).

The program VGPBClient.exe and it’s dependencies must be copied in the current directory of the secured
PowerBuilder application. (Or in a path accessible by it).  

  • Novalys.VisualGuard.Security.dll
  • Novalys.VisualGuard.Security.SQLServer.dll Or Novalys.VisualGuard.Security.Oracle.dll

The VisualGuardConfiguration.config file of this program (VGPBClient) should be made correctly:

Modify applicationId and connectionString with your values of application

  • applicationId=”7e6b1582-9229-451a-a615-22ec70933353″
  • connectionString=”server=YOURSERVERNAME\YOURSQLEXPRESS;initial catalog=visualguarddb;Trusted_Connection=True;”

The exchange files between PowerBuilder application and VGPBClient are generated, by default, in the directory: C:\ProgramData\Novalys\VisualGuard\FileTrsf


Integrate in your PowerBuilder Code

Declare the Security Manager

// Declare the security manager as global variable 
vge_n_cst_vgmanager guo_vgmanager

Create the Security Manager

// Create the security manager 
guo_vgmanager = CREATE vge_n_cst_vgmanager

Destroy the Security Manager

// Destroy the security manager 
if IsValid(guo_vgmanager) then 
Destroy (guo_vgmanager)

Declare the Configuration file of the application (Optional)

// Declare configuration file with your custom parameters to connect at Visual Guard Identity Server (Optional)
guo_vgmanager.of_setconfigfile ("myconfigfile.cfg")

Declare the Trace file of the application (Optional)

// Declare the trace file if you use tracing action execution in your application (Optional)
guo_vgmanager.of_settracefile ("mytracefile.log")

Authenticate with Visual Guard

Authenticating a user with your own Visual Guard login

// Authenticate a Visual Guard User and load the security data 
if isvalid(guo_vgmanager) Then 
     if guo_vgmanager.of_VerifyUser(VGlogin, VGpassword) > 0 Then 
            Open(w_Main) 
    Else 
            Return 
    End if 
End if

Authenticating a user with your own login window using Signal Sign-On (SSO)

// Authenticate a Windows User and load the security data 
if isvalid(guo_vgmanager) Then 
    if guo_vgmanager.of_VerifyUser() > 0 Then 
        Open(w_Main) 
     Else 
        Return 
    End if 
End if

Authenticating a user with your own login window using credentials

// Authenticate a Windows By Credential User and load the security data 
if isvalid(guo_vgmanager) Then 
      if guo_vgmanager.of_VerifyUser(VGlogin, VGpassword, vg_n_authenticationmode.windowsbycredential) > 0 Then 
          Open(w_Main) 
     Else 
         Return 
     End if 
End if

How to get the bearer token?

To manually use the API provided by the VG Identity Server, you must use the bearer token provided by the VG Runtime after authentication.

guo_vgmanager.of_getbearertoken()

This API allows you to:

  • Check that the Visual Guard account, the Windows account, and the Windows By Credential account exist.
  • Check that the user password is valid (Visual Guard account only)
  • Check that the user has a valid profile for this application
  • Load the application security related to the account profile

Secure Application Components

  • CallingObject: The main object from which you apply the security, usually the window
  • CallingID: A string identifier to differentiate many calls from the same object
  • Parameters: A string containing one or more parameters to send to the security manager

In general, this function is called in the open event of the ancestor window:

// Trigger the security in the open Event of the ancestor window 
if isvalid(guo_vgmanager) Then 
     guo_vgmanager.of_SetSecurity( this, "open", "") 
End if

For the PFC, add the following code:

// In the event ?w_master.pfc_preopen? in ?pfemain.pbl?: 
if IsValid(guo_vgmanager) Then 
     guo_vgmanager.of_SetSecurity ( this, "open", "") 
End if
// In the event ?w_master.pfc_postopen? in ?pfemain.pbl?: 
if IsValid(guo_vgmanager) Then 
     guo_vgmanager.of_SetSecurity ( this, "postinit ", "") 
End if
// In the event ?u_dw.Constructor? in ?pfemain.pbl?: 
if IsValid(guo_vgmanager) Then 
    guo_vgmanager.of_SetSecurity ( this, "constructor ", "") 
End if

How to change the password?

To change the password in PB, we need to call the below method of VG Runtime by passing the old and new passwords once inside the application after initial authentication.

// Call Change PassWord of Visual Guard Server
ret = guo_vgmanager.of_changepassword( ls_old, ls_new)
//IF ret = 1 Then Messagebox ("VGServer Change Password", "Password as being changed.")
IF ret <> 1 Then
      guo_vgmanager.of_geterrvg( li_err, ls_err)
      Messagebox ("Visual Guard Error", "Error N° " + string (li_err) + "~rText :  " + ls_err)
End if

These are the return values from the above method

ValueStatus
1Success
2Failure
6OldPasswordDoesNotMatch
8LastBadLogin
16AccountIsLockedOut
32PasswordConfimrationDoesNotMatch
64UserNotFound
128NewPasswordDoesNotPassValidation
256PasswordAnswerDoesNotMatch