How to secure Linq with Visual Guard

How to secure Linq with Visual Guard

To secure Linq with Visual Guard you have to:

  • Add the assemblies of Visual Guard as references of your project.
  • Integrate Visual Guard in the code of your application.
  • Create a Visual Guard repository and declare your application by using the Visual Guard console. This repository will contain all security items (users, roles, permissions ...) of your application.
  • Generate the Visual Guard configuration files by using the Visual Guard console. These configuration files will be needed to connect your application to the repository.
  • Grant read/write permissions to the repository.

Referencing Visual Guard assemblies

In order to use Visual Guard, you must add references to Visual Guard assemblies:

  • Open the solution of your project in Visual Studio.
  • In the solution explorer, expand the project node.
  • Right-click the Project node for the project and select Add Reference from the shortcut menu.
  • In .Net tab, select the 2 assemblies Novalys.VisualGuard.Security, Novalys.VisualGuard.Security.<RepositoryType> (File, SQLServer or Oracle). Click the Select button, and then click the OK button

Note: In the list of assemblies, Visual Studio can display different versions of the Visual Guard assemblies. You must select the assembly that corresponds to the version of the framework used in your project.

Add References Linq

If the assemblies do not appear in this list you can use the Browse tab and select them in the directory <Visual Guard installation directory>Visual Guard Console

Description of Visual Guard assemblies:

  • Novalys.VisualGuard.Security contains the main Visual Guard classes.
  • Novalys.VisualGuard.Security.Files contains the classes needed to access to a file-based repository.
  • Novalys.VisualGuard.Security.SQLServer contains the classes needed to access to a repository stored in a Microsoft SQLServer database (SQLServer 2000 or higher). Available only in Visual Guard Enterprise Edition
  • Novalys.VisualGuard.Security.Oracle contains the classes needed to access to a repository stored in an Oracle database (8i or higher). Available only in Visual Guard Enterprise Edition

Secure a stored Procedure

Create an authentication service

There is 1 main class in Visual Guard:

  • Novalys.VisualGuard.Security.VGSecurityManager: This class provides the main access point for interacting with Visual Guard. It provides authentication and authorization features, it allows you to set the security of the object of your application.

If you have a stored procedure in your database, and you want to secure this stored procedure:

[SQL]
CREATE PROCEDURE selectProduct
AS		
BEGIN
	SELECT [ID]
		,[ProductCode]
		,[ProductName]
		,[CreateDate]
		,[PaysID]
	FROM 
		[ProductDB].[dbo].[Product]
END
      

In your class where you call you stored procedure, you have to:

1 - Load the security before all other code. In this case you will be sure to set the security of all the objects of your application. Visual Guard will not automatically set the security of this window. In this case, you must set the security of this window after loading the permissions of the user (see the method VGSecurityManager.SetSecurity).

[C#]
class ClassProduct: VGISecurable
{
       ....
        
        public ClassProduct()
        {
            VGSecurityManager.SetSecurity(this); //Load the security
        }
}

2 - Secure the stored procedure

 [VGPrincipalPermission(SecurityAction.Demand, Name = "canReadProduct", Type = VGPermissionType.Permission)] //Secure the stored procedure
public IEnumerable <Product> getProduct()
{
            var result =  dc.selectProduct();
            return result;
}
      

Visual Guard is compatible with the standard PrincipalPermissionAttribute class. This attribute will check whether a user is authenticated or is a member of a role. Visual Guard also provides its own attribute: Novalys.VisualGuard.Security.VGPrincipalPermission. This attribute is similar to the standard PrincipalPermissionAttribute class and allows you to check a Visual Guard role or a Visual Guard permission and is not required.

3 - In the Visual Guard console in your application you have to create your permission. In this example the permission is "canReadProduct"

4 - Now, you can call the stored procedure on your code.

private void loadProduct()
{
           ClassProduct cProduct = new ClassProduct();
            try
            {
                DataContext = cProduct.getProduct(); //Call the stored procedure
            }
            catch (Exception E)
            {
                 MessageBox.Show(E.Message);
            }
}

 

How to initialize a parameter of a stored procedure with a permission of a user

In our sample we want to list only the products the user has the right to manage.

1 - Create a stored procedure with a parameter to filter products by country.

CREATE PROCEDURE selectProductByCodeCountry
(
	@codeCountry char(3)
)
AS
BEGIN
	SELECT 
		Prod.* 
	FROM 
		Product Prod, 
		Country P
	WHERE 
		Prod.CountryID = P.ID
		AND P.CodeCountry = @codeCountry
END

2 - In your class, create a property to initialize the permission.

string userCountryCode;

public string userCountry
{
	get
	{
		return "";
	}
	set 
	{
		ClassCountry cCountry = new ClassCountry();
		var res = cCountry.getCountryByName(value);
		userCountryCode = res.Single().CodeCountry;
	}
}	 

3 - In Visual Guard console, create a permission with a Argument named "CountryCode",

Select the class where you have created the property

Select the property "userCountry" and initialize it with the argument of the permission.

Select Permission Argument

this.userCountry=<#Permission['CountryCode']>

4 - In your method to call the stored procedure, you have to use "userCountry" as the parameter.

public IEnumerable <Product> getProductByCodePays()
{
            var result =  dc.selectProductByCodeCountry(userCountryCode);
            return result;
}

How to secure a linq querry

To secure a Linq querry you have to:

  1.  Create a property to initialise it throw the permission,
  2. Create a permission with an Argument in the Visual Guard console,
  3. Filter the linq querry with the parameter.
public int  userCountryID { get; set; }
		
		
public IEnumerable<Product> getProductByID()
{
	var result = from prod in dc.selectProduct() where prod.CountryID == userCountryID select prod;
	return result;
}