Matching the ever-changing security needs
of an enterprise implies frequent modifications and recompilation
of applications. The point is to keep a permission system up to
date without impairing developers efficiency
Visual Guard enables you to:
Update security rules without recompiling your application
Create high granularity permissions without changing the code
of your .Net application
Centralize the security of all .Net applications: ASP.Net,
WCF, Winforms, Web services, Silverlight …
A new approach: Keep security rules out of the code
Visual Guard .Net stores the security
data in a proprietary database: the Repository.
Roles, username/password accounts, permissions are separated
from the source code of your application.
Security rules are created and maintained with a dedicated
user interface: the Console.
Security rules are dynamically applied in runtime.
Visual Guard modifies the behaviour of applications without
Visual Guard applies permissions when the application
is in production.
Most of security rules are defined without coding: Roles,
Visual Guard .Net’s approach saves significant time
In the development phase: you do not code permissions
and roles any more. You define them in a few clicks.
In the maintenance phase: updates do not require to rebuild
the application any more.
How to create permissions with Visual Guard .Net
code: Modifying the properties of .Net objects
The VG Console lists all the objects of .Net applications as
well as their properties.
A dedicated wizard enables changing the value of each property.
You can add or modify this kind of permissions anytime.
.NET applications are modified dynamically at run time.
Support for ASP.Net, Winform, WCF, Web Services…
From a functional point of
view, Visual Guard .Net respects the basic guidelines of .Net
role based access control:
A user is granted a role.
A role contains a permission set.
A permission set contains permissions.
A permission is composed of technical actions.
If needed, Visual Guard .Net lets you
code permissions in the application.
You test whether a permission is granted to the current user,
as you would do without Visual Guard.
If the test is successful, the permissions are executed. You
can do the same for a role.
Cut maintenance costs: One security system for all applications.
Externalize the support for ever-changing new MS technologies.
Effortlessly secure N-tier applications (.Net or non .Net).
Visual Guard .Net supports
All .Net technologies: Visual Guard
.Net already integrates with any .Net application: Winforms,
ASP.Net, Webservices, WCF, WPF,… Support for Silverlight,
and to some extent to non .Net applications is coming soon.
All .Net components: GUI objects, non
visual business objects are supported as well as objects
which manage the access to the Database.
Dynamic objects are supported too (CAB, Smartclient,…).
In any cases, you can choose to code the definition of the
permission as usual.
VGServer: Visual Guard provides a component
to secure .Net applications that cannot access the Database.
Only VG Server communicates with the DB to retrieve the
security data of the end-users.
VG server supports all .Net application embedding the Visual
Guard runtime. The next version will expose web services
to secure non DotNet applications.
The console: Security rules are created
and maintained with a dedicated UI: the
Console. It is available in winform and in webform.
It allows administrators to manage security even if they
do not have an access to the data base. They just need an
access to the internet.
Most of the time, security rules
are hard coded in the application.
With this approach, managing the security implies rebuild
applications over and over, or delaying the implementation
of security rules, with potential security breaches.
Visual Guard approach allows to:
Maximize security level
Update security rules ANYTIME without waiting for the next
Match any complex business requirements with fine grained
authorizations (see permissions with conditions).
Cut maintenance cost
Modify existing permissions in a few clicks... see
Implement new permissions on demand, and keep applications
aligned with business reality.
Permissions with conditions
VG authorizations modify the properties
of objects of .Net applications ( ASP.Net, WCF, winform…).
They allow modifying business rules, modifying an SQL query,
hiding a button, disabling a menu, etc...
This means the value of the property varies depending on the
role of a user.
In some cases, the value of a property should vary depending
on two different criteria: the role AND information from the
Example: a user with the role “Sales representative”
is allowed to click on the “OK” button of an
invoice form IF the customer belongs to his portfolio.
The permission may also vary depending on another property
or on the value of a field of the application…
In this case, Visual Guard .Net allows you to modify the
value of a property with
Maximum or minimum Security?
Microsoft's security patterns include
a strict "nothing-allowed-by-default" policy in
For security reasons, we strongly recommend to comply with
this policy and develop to develop with maximum security:
"Close all doors" at development time and open them
one by one with permissions.
Rather than "Open all doors" at development time
and close them one by one with restrictions
The reason is that if you forget to close one door with a
restriction, it may generate a security/confidentiality breach
in the system: All users can go through that door.
Whereas, forgetting one permission is less critical: you
just have to add the permission if/when requested.
With Visual Guard .Net dynamic authorizations, you can add
permissions anytime, even when the application is in production
(dynamic authorizations do not require any access or change
in the code).