To secure Linq with Visual Guard you have to:
In order to use Visual Guard, you must add references to Visual Guard assemblies:
Note: In the list of assemblies, Visual Studio can display different versions of the Visual Guard assemblies. You must select the assembly that corresponds to the version of the framework used in your project.
If the assemblies do not appear in this list you can use the Browse tab and select them in the directory <Visual Guard installation directory>Visual Guard Console
Description of Visual Guard assemblies:
There is 1 main class in Visual Guard:
Novalys.VisualGuard.Security.VGSecurityManager: This class provides the main access point for interacting with Visual Guard. It provides authentication and authorization features, it allows you to set the security of the object of your application.
If you have a stored procedure in your database, and you want to secure this stored procedure:
[SQL] CREATE PROCEDURE selectProduct AS BEGIN SELECT [ID] ,[ProductCode] ,[ProductName] ,[CreateDate] ,[PaysID] FROM [ProductDB].[dbo].[Product] END
In your class where you call you stored procedure, you have to:
1 - Load the security before all other code. In this case you will be sure to set the security of all the objects of your application. Visual Guard will not automatically set the security of this window. In this case, you must set the security of this window after loading the permissions of the user (see the method VGSecurityManager.SetSecurity).
[C#] class ClassProduct: VGISecurable { .... public ClassProduct() { VGSecurityManager.SetSecurity(this); //Load the security } }
2 - Secure the stored procedure
[VGPrincipalPermission(SecurityAction.Demand, Name = "canReadProduct", Type = VGPermissionType.Permission)] //Secure the stored procedure public IEnumerable <Product> getProduct() { var result = dc.selectProduct(); return result; }
Visual Guard is compatible with the standard PrincipalPermissionAttribute class. This attribute will check whether a user is authenticated or is a member of a role. Visual Guard also provides its own attribute: Novalys.VisualGuard.Security.VGPrincipalPermission. This attribute is similar to the standard PrincipalPermissionAttribute class and allows you to check a Visual Guard role or a Visual Guard permission and is not required.
3 - In the Visual Guard console in your application you have to create your permission. In this example the permission is "canReadProduct"
4 - Now, you can call the stored procedure on your code.
private void loadProduct() { ClassProduct cProduct = new ClassProduct(); try { DataContext = cProduct.getProduct(); //Call the stored procedure } catch (Exception E) { MessageBox.Show(E.Message); } }
In our sample we want to list only the products the user has the right to manage.
1 - Create a stored procedure with a parameter to filter products by country.
CREATE PROCEDURE selectProductByCodeCountry ( @codeCountry char(3) ) AS BEGIN SELECT Prod.* FROM Product Prod, Country P WHERE Prod.CountryID = P.ID AND P.CodeCountry = @codeCountry END
2 - In your class, create a property to initialize the permission.
string userCountryCode; public string userCountry { get { return ""; } set { ClassCountry cCountry = new ClassCountry(); var res = cCountry.getCountryByName(value); userCountryCode = res.Single().CodeCountry; } }
3 - In Visual Guard console, create a permission with a Argument named "CountryCode",
Select the class where you have created the property
Select the property "userCountry" and initialize it with the argument of the permission.
this.userCountry=<#Permission['CountryCode']>
4 - In your method to call the stored procedure, you have to use "userCountry" as the parameter.
public IEnumerable <Product> getProductByCodePays() { var result = dc.selectProductByCodeCountry(userCountryCode); return result; }
To secure a Linq querry you have to:
public int userCountryID { get; set; } public IEnumerable<Product> getProductByID() { var result = from prod in dc.selectProduct() where prod.CountryID == userCountryID select prod; return result; }