To secure Linq with Visual Guard you have to:
In order to use Visual Guard, you must add references to Visual Guard assemblies:
Note: In the list of assemblies, Visual Studio can display different versions of the Visual Guard assemblies. You must select the assembly corresponding to the version of the framework used in your project.
If the assemblies does not appear in this list you can use the Browse tab and select them in the directory <Visual Guard installation directory>Visual Guard Console
Note: Once the Visual Guard assemblies are referenced into project, you need to mark "Copy Local" property to "true" for each assembly.
Description of Visual Guard assemblies:
There are 1 main classes in Visual Guard:
Novalys.VisualGuard.Security.VGSecurityManager: This class provides the main access point for interacting with Visual Guard. It provides authentication and authorization features, it allows to set the security of the object of your application.
In your data base you have a stored procedure. And you want to secure this stored procedure.
[SQL] CREATE PROCEDURE selectProduct AS BEGIN SELECT [ID] ,[ProductCode] ,[ProductName] ,[CreateDate] ,[PaysID] FROM [ProductDB].[dbo].[Product] END
In your class where you call you stored procedure, you have to:
1 - Load the security before all other code. In this case you will be sure to set the security of all the objects of your application. Visual Guard will not automatically set the security of this windows. In this case, you must set the security of this window after loading the permissions of the user (see the method VGSecurityManager.SetSecurity).
[C#] class ClassProduct: VGISecurable { .... public ClassProduct() { VGSecurityManager.SetSecurity(this); //Load the security } }
2 - Secure the stored procedure
[VGPrincipalPermission(SecurityAction.Demand, Name = "canReadProduct", Type = VGPermissionType.Permission)] //Secure the stored procedure public IEnumerable <Product> getProduct() { var result = dc.selectProduct(); return result; }
Visual Guard is compatible with the standard PrincipalPermissionAttribute class. This attribute will check whether a user is authenticated or is a member of a role. Visual Guard also provides its own attribute: Novalys.VisualGuard.Security.VGPrincipalPermission. This attribute is similar as the standard PrincipalPermissionAttribute class and allows to check a Visual Guard role or aVisual Guard permission and does not requires
3 - In the visual Guard console in your application you have to create your permission. In this exemple the permission is "canReadProduct"
4 - Now, you can call the stored procedure on your code.
private void loadProduct() { ClassProduct cProduct = new ClassProduct(); try { DataContext = cProduct.getProduct(); //Call the stored procedure } catch (Exception E) { MessageBox.Show(E.Message); } }
In our sample we want to list only the product of the user have right to manage.
1 - Create a stored procedure with a parameter to filter products by pays.
CREATE PROCEDURE selectProductByCodePays ( @codePays char(3) ) AS BEGIN SELECT Prod.* FROM Product Prod, Pays P WHERE Prod.PaysID = P.ID AND P.CodePays = @codePays END
2 - In your class, create a property to initialise it throw the permission.
string userPaysCode; public string userPays { get { return ""; } set { ClassPays cPays = new ClassPays(); var res = cPays.getPaysByName(value); userPaysCode = res.Single().CodePays; } }
3 - In Visual Guard console, create a permission with a Argument named "PaysCode",
Select the class where you have creating the property
Select the property "userPays" and initialise it with the argument of the permission.
this.userPays=<#Permission['PaysCode']>
4 - In your methode to call the stored procedure you have to give "userPay" in parameter.
public IEnumerable <Product> getProductByCodePays() { var result = dc.selectProductByCodePays(userPaysCode); return result; }
To secure a Linq querry you have to:
public int userPaysID { get; set; } public IEnumerable<Product> getProductByID() { var result = from prod in dc.selectProduct() where prod.PaysID == userPaysID select prod; return result; }