To secure Linq with Visual Guard you have to:
- Add the assemblies of Visual Guard as references of your project.
- Integrate Visual Guard in the code of your application.
- Create a Visual Guard repository and declare your application by using the
Visual Guard console. This repository will contain all security items (users,
roles, permissions ...) of your application.
- Generate the Visual Guard configuration files by using the Visual Guard console. These configuration files will be
needed to connect your application to the repository.
- Grant read/write permissions to the repository.
Referencing Visual Guard assemblies
In order to use Visual Guard, you must add references to Visual Guard assemblies:
- Open the solution of your project in Visual Studio.
- In the solution explorer, expand the project node.
- Right-click the Project node for the project and select Add Reference from the shortcut menu.
- In .Net tab, select the 2 assemblies Novalys.VisualGuard.Security,
Novalys.VisualGuard.Security.<RepositoryType> (File, SQLServer or Oracle). Click the Select button, and then
click the OK button
Note: In the list of assemblies,
Visual Studio can display different versions of the Visual Guard assemblies.
You must select the assembly that corresponds to the version of the framework
used in your project.
If the assemblies do not appear in this list you can use the Browse tab and select them in the directory <Visual Guard installation directory>Visual
Guard Console
Description of Visual Guard assemblies:
- Novalys.VisualGuard.Security contains the main Visual Guard classes.
- Novalys.VisualGuard.Security.Files contains the classes needed to
access to a file-based repository.
- Novalys.VisualGuard.Security.SQLServer contains the classes
needed to access to a repository stored in a Microsoft SQLServer database
(SQLServer 2000 or higher). Available only in
Visual Guard Enterprise Edition
- Novalys.VisualGuard.Security.Oracle contains the classes needed to access to a repository stored in an Oracle
database (8i or higher). Available only in
Visual Guard Enterprise Edition
Secure a stored Procedure
Create an authentication service
There is 1 main class in Visual Guard:
If you have a stored procedure in your database, and you want to secure this
stored procedure:
[SQL]
CREATE PROCEDURE selectProduct
AS
BEGIN
SELECT [ID]
,[ProductCode]
,[ProductName]
,[CreateDate]
,[PaysID]
FROM
[ProductDB].[dbo].[Product]
END
In your class where you call you stored procedure, you have to:
1 - Load the security before all other code. In this case you will be sure
to set the security of all the objects of your application. Visual Guard will
not automatically set the security of this window. In this case, you must set
the security of this window after loading the permissions of the user (see the
method VGSecurityManager.SetSecurity).
[C#]
class ClassProduct: VGISecurable
{
....
public ClassProduct()
{
VGSecurityManager.SetSecurity(this); //Load the security
}
}
2 - Secure the stored procedure
[VGPrincipalPermission(SecurityAction.Demand, Name = "canReadProduct", Type = VGPermissionType.Permission)] //Secure the stored procedure
public IEnumerable <Product> getProduct()
{
var result = dc.selectProduct();
return result;
}
Visual Guard is compatible with the standard PrincipalPermissionAttribute class. This attribute will check whether a user is authenticated or is a member
of a role. Visual Guard also provides its own attribute: Novalys.VisualGuard.Security.VGPrincipalPermission. This attribute is similar
to the standard PrincipalPermissionAttribute class and allows
you to check a Visual Guard role or a Visual Guard permission and is not required.
3 - In the Visual Guard console in your application you have to create your
permission. In this example the permission is "canReadProduct"
4 - Now, you can call the stored procedure on your code.
private void loadProduct()
{
ClassProduct cProduct = new ClassProduct();
try
{
DataContext = cProduct.getProduct(); //Call the stored procedure
}
catch (Exception E)
{
MessageBox.Show(E.Message);
}
}
How to initialize a parameter of a stored procedure with a permission of a
user
In our sample we want to list only the products the user has the right to manage.
1 - Create a stored procedure with a parameter to filter products by country.
CREATE PROCEDURE selectProductByCodeCountry
(
@codeCountry char(3)
)
AS
BEGIN
SELECT
Prod.*
FROM
Product Prod,
Country P
WHERE
Prod.CountryID = P.ID
AND P.CodeCountry = @codeCountry
END
2 - In your class, create a property to initialize the permission.
string userCountryCode;
public string userCountry
{
get
{
return "";
}
set
{
ClassCountry cCountry = new ClassCountry();
var res = cCountry.getCountryByName(value);
userCountryCode = res.Single().CodeCountry;
}
}
3 - In Visual Guard console, create a permission with a Argument named "CountryCode",
Select the class where you have created the property
Select the property "userCountry" and initialize it with the argument
of the permission.
this.userCountry=<#Permission['CountryCode']>
4 - In your method to call the stored procedure, you have to use "userCountry"
as the parameter.
public IEnumerable <Product> getProductByCodePays()
{
var result = dc.selectProductByCodeCountry(userCountryCode);
return result;
}
How to secure a linq querry
To secure a Linq querry you have to:
- Create a property to initialise it throw the permission,
- Create a permission with an Argument in the Visual Guard console,
- Filter the linq querry with the parameter.
public int userCountryID { get; set; }
public IEnumerable<Product> getProductByID()
{
var result = from prod in dc.selectProduct() where prod.CountryID == userCountryID select prod;
return result;
}
 |
