How to integrate in WCF ?

Estimated reading: 7 minutes 466 views

To integrate Visual Guard in your WCF project you have to:

  • Add the assemblies of Visual Guard as references of your project.
  • Modify the “web.config” or the “app.config” file of your application to integrate the Visual Guard module.
  • Integrate Visual Guard in the code of your application.
  • Create a Visual Guard repository and declare your application by using the
    Visual Guard console. This repository will contain all security items (users,
    roles, permissions …) of your application.
  • Generate the Visual Guard configuration
    files by using the Visual Guard console. These configuration files will be
    needed to connect your application to the repository.
  • Grant read/write permissions to the repository.


Integration Demo


Referencing Visual Guard assemblies

  • Opens the solution of your project in Visual Studio.
  • In the solution explorer, expands the project node.
  • Right-click the Project node for the project and select
    Add Reference

    from the shortcut menu.
  • In .Net tab, select the 5 assemblies
    1. Novalys.VisualGuard.Security
    2. Novalys.VisualGuard.Security.WebForm
    3. Novalys.VisualGuard.Security.WebService
    4. Novalys.VisualGuard.Security.<RepositoryType> (Files, SQLServer or Oracle)
    5. Novalys.VisualGuard.Security.<ApplicationFrameworkType> (Depending on type of application’s framework, whether .NetFramework or .NetCore)

  • And, then click the Select button, and then click the OK button

Note Note
In the list of assemblies, Visual
Studio can display different versions
of the Visual Guard assemblies. You must
select the assembly corresponding to the version of the framework used in your project.

Note Note
You must add either Novalys.VisualGuard.Security.NetFramework or Novalys.VisualGuard.Security.Core (Depending on type of application’s framework)
Add ReferencesWCFSilverlight
Note Note
Once the Visual Guard assemblies are referenced into project, you need to mark “Copy Local” property to “true” for each assembly.

 

  • Novalys.VisualGuard.Security contains the main Visual Guard classes.
  • Novalys.VisualGuard.Security contains the main Visual Guard classes.
  • Novalys.VisualGuard.Security.Files contains the classes needed to access
    to a file based repository.
  • Novalys.VisualGuard.Security.SQLServer contains the classes needed
    to access to a repository stored in a Microsoft SQLServer database (SQLServer 2005
    or higher). Available only in Visual Guard Enterprise Edition
  • Novalys.VisualGuard.Security.Oracle
    contains the classes needed to access to a repository stored in an Oracle database
    (8i or higher). Available only in Visual Guard Enterprise Edition
  • Novalys.VisualGuard.Security.WebService contains the classes needed
    to application hosting WCF services. You must reference this assembly in all project
    hosting WCF services that needs to be secure by Visual Guard.
  • Novalys.VisualGuard.Security.NetFramework contains all classes required to support .Net Framework applications.
    This assembly is needed only if you want to integrate Visual Guard in .net framework applications.
  • Novalys.VisualGuard.Security.Core contains all classes required to support .Net Core applications.
    This assembly is needed only if you want to integrate Visual Guard in .net core applications.

Modifying the “app.config” or “web.config” file of your application 


Adding a new service behavior

  • Right-click on the ‘Advanced>Service Behaviors’ node in the
    tree view.
  • Select the option ‘New Service Behavior Configuration’.
  • Change the name of the behavior (E.g.: VGSecurityBehavior).
<configuration>
  <system.serviceModel>
    ...
    <behaviors>
      <serviceBehaviors>
        <behavior name="VGSecurityBehavior">
          ...
        </behavior>
      </serviceBehaviors>
      ...
    </behaviors>
  </system.serviceModel>
</configuration>
  • Right-click on the service behavior node
    in the tree view.
  • Select the option ‘Add Behavior Element Extension’.
  • Select serviceCredentials and serviceAuthorization
    elements then click ok.
  <configuration> 
      <system.serviceModel>
        <behaviors>
         <serviceBehaviors>
                <behavior name="VGSecurityBehavior">
            <serviceCredentials> 
            ...
            </serviceCredentials>
            <serviceAuthorization>
                      ... 
            </serviceAuthorization> 
          </behavior> 
        </serviceBehaviors> 
       </behaviors>
      </system.serviceModel> 
</configuration>
  • Change the value of UserNamePasswordValidationMode to Custom.
  • Change the value of CustomUserNamePasswordValidatorType to
    ‘Novalys.VisualGuard.Security.WebService.VGUserNameValidator,
    Novalys.VisualGuard.Security.WebService’
    .
<configuration>
  <system.serviceModel>
    <behaviors>
      <serviceBehaviors>
        <behavior name="VGSecurityBehavior">
          <serviceCredentials>
            <usernameAuthentication
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             userNamePasswordValidationMode="Custom"
               customUserNamePasswordValidatorType="Novalys.VisualGuard.Security.WebService.VGUserNameValidator, Novalys.VisualGuard.Security.WebService"
               cacheLogonTokens="true"
     />
          </serviceCredentials>
          <serviceAuthorization>
            ...
          </serviceAuthorization>
        </behavior>

      </serviceBehaviors>
    </behaviors>
  </system.serviceModel>
</configuration>
  • Select the serviceAuthorization node in the tree view.
  • Change the value of PrincipalPermissionMode to Custom.
  • Change the value of ServiceAuthorizationManagerType  to
    ‘Novalys.VisualGuard.Security.WebService.VGServiceAuthorizationManager,
    Novalys.VisualGuard.Security.WebService’
    .
  <configuration>
    <system.serviceModel>
      <behaviors>
        <serviceBehaviors> 
          <behavior name="VGSecurityBehavior">
              <serviceCredentials>
                  <usernameAuthentication
                              userNamePasswordValidationMode="Custom" 
                              customUserNamePasswordValidatorType="Novalys.VisualGuard.Security.WebService.VGUserNameValidator,Novalys.VisualGuard.Security.WebService"
                              cacheLogonTokens="true" />
              </serviceCredentials> 
              <serviceAuthorization
                     principalPermissionMode="Custom" serviceAuthorizationManagerType="Novalys.VisualGuard.Security.WebService.VGServiceAuthorizationManager, Novalys.VisualGuard.Security.WebService" />
          </behavior>
          </serviceBehaviors>
       </behaviors>
  </system.serviceModel>
</configuration>


Configuring the service

  • Select the node of the service to configure.
  • Select the  BehaviorConfiguration  property in the right
    pane and specify the select the service behavior defined above (E.g.:).
  <configuration>
     <system.serviceModel>
      <services>
        <service behaviorConfiguration="VGSecurityBehavior" name="CalculatorService">
             <endpoint binding="wsHttpBinding"  contract="ICalculatorService" />
        </services> 
    ....
    </system.serviceModel>
</configuration>


Integrating Visual Guard in your code


Restricting the access to a service

[VGPrincipalPermission(SecurityAction.Demand, Name="CanMultiply", Type=VGPermissionType.Permission)]
public double Multiply(double n1, double n2)
{
return  n1 * n2;
}
<VGPrincipalPermission(SecurityAction.Demand, Name:="CanMultiply", Type="VGPermissionType.Permission")> _
Public Function Multiply(Double n1, Double n2) As Double
    Return n1 * n2
End Function


Securing objects of the application

 public class Calculator : ICalculator, VGISecurable
 {
      public Calculator()
      {
            // ....
            // Initialization of the object
            // ....

            // This call will indicates to Visual Guard that the class must be secured.
            VGSecurityManager.SetSecurity(this);
       }
       public double Multiply(double n1, double n2)
       {      
            return n1 * n2;     
       }           
}
Public Class Calculator Implemenents ICalculator, VGISecurable
    Private Sub New()
        ' ...
        ' Initialization of the object
        ' ...

        ' This call will indicates to Visual Guard that the class
        must be secured.

        VGSecurityManager.SetSecurity(Me)
    End Sub
    Public Function Multiply(ByVal n1 as Double, ByVal n2 as  Double) As Double
        Return n1 * n2;
    End Function
End Class

How to filter granted roles

 Sub VGSecurityManager_PermissionLoading(ByVal sender As Object, ByVal e As VGPermissionsLoadingEventArgs)
     If e.Roles.Length > 1 Then
         Dim selectedRoles(1) As Novalys.VisualGuard.Security.VGGrantedRole
         For Each role As Novalys.VisualGuard.Security.VGGrantedRole In e.Roles
           If role.Name = "Administrator" Then
               selectedRoles(0) = role
               Exit For
           Else
              If role.Name = "Member" Then
                 selectedRoles(0) = role
                 Exit For
             End If
           End If
     Next
     If selectedRoles(0) Is Nothing Then
         e.Status = Novalys.VisualGuard.Security.VGAuthorizationStatus.ProcessCanceled
     Else
         e.Roles = selectedRoles
     End If
  End If
End Sub
void VGSecurityManager_PermissionLoading(object sender, VGPermissionsLoadingEventArgs args)
{
    if (e.Roles.Length > 1)
    {
        Novalys.VisualGuard.Security.VGGrantedRole[] selectedRoles = new Novalys.VisualGuard.Security.VGGrantedRole[1];
        foreach (Novalys.VisualGuard.Security.VGGrantedRole role in e.Roles)
        {
            if (role.Name == &quot;Administrator&quot;)
            {
                selectedRoles[0] = role;
                break;
            }
            else if (role.Name == &quot;Member&quot;)
            {
                selectedRoles[0] = role;
                break;
            }
         }

         if (selectedRoles[0] == null)
         {
             e.Status = Novalys.VisualGuard.Security.VGAuthorizationStatus.ProcessCanceled;
         }
         else
         {
             e.Roles = selectedRoles;
         }
    }
 }


How to change default Visual Guard configuration settings


Create a repository and declare the application


Grants Read/Write permission to the Repository

  • Open the Explorer.
  • Right click the directory containing the repository data then select the menu
    “Properties”.
  • In the “Security” tab, click on the “Add” button and select the user for which
    you want to grant the permission (i.e. MACHINE\ASPNET) then click ok.
  • In the list of permissions, click the option “Modify” then click on the “OK”
    button.