Compare Visual Guard Features to Microsoft .Net Framework 4.5

User Authentication	.Net 4.5	VG CPE
Form-based authentication Users sign up by entering their logon and passwords in a login page. This page encapsulates all of the logic required to prompt users for credentials and validate the credentials in the system. The Visual Guard API is compatible with the .Net Membership API.
Single Sign-On (SSO) based on Windows Accounts Users start a Windows session as usual. When they open an application, Visual Guard uses the current Windows account to authenticate the user against Active Directory. As a result, the user does not have to provide his credentials each time he enters an application.
Mixed-Mode authentication The same application can support both Login/password accounts and Windows Accounts. For example, a login form can let the user select his type of account and enter his credentials.
User Authentication via Windows Groups Declare only Windows Groups in the Security System: Users can only access the Application if they belong to Groups with Access Rights to the App. Release people in charge of applications from daily User Management: they just have to maintain a list of Groups instead of User Accounts.
Off-line mode Users can travel with a laptop running a Winform/WPF application. The application remains secured (authentication + access control) even though the application cannot access the Corporate Security System.

Note: For more complex requirements, additional features are provided by commercial versions of Visual Guard (Professional or Enterprise Edition):

• User Groups: Define a hierarchy of Groups within Visual Guard. Place each account in one or several VG Groups.
• Identity Federation: Use Windows Accounts defined in several Active Directories, located in separate networks (read more).
• Web SSO/ Web Portal: users log into a first website, and jump to other websites without entering their credentials again (read more).
• 3rd party authentication: Support any type of user account. Centralize several authentication systems in a single administration point.

Permissions and Roles	.Net 4.5	VG CPE
Manage Permissions and Permission Sets Manage permissions to define what users can do in each application. Permissions are granted to Permission Sets; Permission Sets to Roles; Roles to users or Windows groups. At run-time, Visual Guard calculates the list of permissions for the current user, depending on his roles and groups. The application can then enable or disable features based on the user permissions provided by Visual Guard.
Manage Application Roles Manage Roles containing the Access Rights of the User for one specific Application. At runtime, the Application Logic can check the Role of the User to enable or disable sensitive features.
Support for multiple applications: A single user account can have different Roles from one application to another.
Manage Shared Roles One Shared Role contains Access Rights for SEVERAL applications. By granting a Shared Role to Users or Windows Groups, you give them access to several Applications at the same time.
Grant Roles to Active Directory Groups (Windows Groups) You can grant roles to login/password accounts, to Windows Accounts, and to Windows Groups. Note: by granting roles to Windows Groups, you can release people in charge of applications from daily user management: they just grant access rights at Windows Group-level. On a daily basis, Windows administrators will manage Individual Windows Accounts and place them into groups.

Note: for more complex requirements, additional features are provided by commercial versions of Visual Guard (Professional or Enterprise Edition) :

• Dynamic Permissions®: each permission corresponds to one or several actions that will activate/deactivate/modify the application's features. For instance, VG can dynamically modify any property of .Net controls. These actions are defined and stored within VG. At run-time, VG will dynamically load and apply them. As a result, the application code is completely separated from the security code. You can define new permissions without changing the application's code and going through a complete testing/debugging cycle (see examples with an ASP.Net application, and with a Winform application).
• Grant Roles to VG User Groups: Grant one or several Roles to a VG Group. VG will automatically propagate these roles to child-groups and users. When a user logs in to the application. VG will automatically calculate his Roles and Permissions depending on the VG Group(s) he belongs to.

Administration Application	.Net 4.5	VG CPE
Ready-to-use, Secured Administration Application VG Administration Console is a ready-to-use, Winform application, providing all the features to manage User, Roles and Permissions. It is highly secured, and requires a valid VG Account with a VG Role (Master Administrator, Developer, Auditor...). Depending on the VG Role, the VG Console will automatically adapt itself to only display the features authorized to the current VG Account
Master Administrators features Users with a Master Admin Role can manage Security Repositories and define a Password Policy with the VG Administration Console They define VG Accounts and grant them VG Roles, to delegate Application Security Operations.
Developers features Users with a Developer Role can declare Applications secured by the Access Control System. They define Permissions, Permissions Sets and Roles. They deploy this information from development to production environments.
Administrators features Users with an Administrators Role can manage login/password accounts. They can declare Windows Accounts and Windows Groups in the Access Control System. They Grant Roles to User Accounts or Windows Groups.
Administration Roles customization If the defaults VG Roles do not comply with your requirements, you can design Custom Roles to delegate security operations exactly as you need. For instance, you can create a Custom Admin Role that can only Grant Roles to Users, but cannot Create User Account or Roles.

Note: for more complex requirements, additional features are provided by commercial versions of Visual Guard (Professional or Enterprise Edition).

• Define Dynamic Permissions® within the VG Administration Console (see examples with an ASP.Net application, or a Winform application).
• Manage a hierarchy of VG User Groups; place Users into VG User Groups and Grant Roles at VG User Group-level.
• Declare distant Active Directories (for Identity Federation purposes).
• Visual Guard also provides an ASP.Net version of the VG Administration Console to Manage Users, Groups and Roles over the Internet.
• Customize the Visual Guard WebConsole to comply with Corporate Standards and specific security Logic (requires coding).
• Audit: Review the operations made by end-users in your applications (who did what?).
• Audit: Review the operations made by administrators when managing users' accounts and permissions.
• Audit: Generate detailed reports about the current Users, Groups, Roles and Permissions.

Click to read more on the VG Administration Console

Click to read more on the VG WebConsole

Technical Requirements	.Net 4.5	VG CPE
Storing the Security Information within Oracle
Storing the Security Information within SQL Server
Storing the Security Information within Proprietary File System (Royalty free)
Support for .NET Applications: ASP.Net, Winforms, WPF, WCF, Silverlight

Note:

For more complex requirements, additional features are provided by commercial versions of Visual Guard (Professional or Enterprise Edition).

For instance:

• Support for PowerBuilder Applications.
• Support for other applications: any technology capable of calling Web Services (JAVA, PHP, C++, Oracle Procedures...).