Secure an application without its source code?
Posted by z Jean-jacques Jouanneaux on 24 August 2010 04:50 PM

We would like to secure an application but we do not have access to its source code.
Can Visual Guard do this?

Visual Guard can secure a .Net application even if its source code is not available.
This implies an adapted use of Visual Guard.
You can find below more information about how to manage this with the 3 main features of Visual Guard (Authentication, Permissions, Audit), for Winforms and for Webforms.

Authentication with Winforms (2 options)

1. A launcher for all applications
You can develop a Winform application, which will launch one or several winform applications.
The launcher is secured by Visual Guard.
User authentication will be done when the user enters the launcher.
The launcher contains a dynamic menu. The options of the menu corresponds to the applications the user has access to.
The dynamic menu would be adapted by Visual Guard according to the permissions granted to the user.

You need to maintain the content of the menu.
You need to deploy the launcher any time you want to add/remove an application from the menu.

2. A launcher per application
The other option consists in developing a launcher per winform application, secured by Visual Guard.
This launcher would manage user authentication.

Authentication with Webforms

You do not modify the source code.
You modify the configuration files of the website so that authentication is managed by Visual Guard when the user accesses the website.
Permissions for Winform applications
Visual Guard sees the launcher and your winform applications as one unique application.
Even without the code of the application, you can:
• Define permissions: VG Permission Editor can explore the components of the application using the .Net framework reflection mechanism and define technical actions (for example the modification of the property of a visual component).
• At runtime, VG would intercept the windows opened in the winform application and applies the technical actions related to the permissions. This allows acting on the visual elements in the windows of the application (hide a button, or a menu option, etc…)
Permissions for Webform applications.

When the configuration files of the webform application are modified, it allows VG to intercept the pages displayed and to modify the visual elements of the page with the technical actions declared before hand in the permission editor.

You can restrict the access to a directory or folders of the website to some of the users, some roles or some permissions managed by Visual Guard.

Auditing features for Winform

• Anytime someone tries to access an application, you can create an event in the log (whether the log in was successful or not).
• Anytime a page is opened, you can log the access to this specific page with the ID of the user, the time/date, …
• You can log the use of any visual control (who clicked on this button, who opened a menu, etc…

Note: the instruction which allows writing in VG log can not be added to the code of the applications (since we do not have access to the source code).
The instruction would be written in a VG « Script Actions ». When VG detects the event you want to log (for example, an access to the application), the corresponding script action is launched and its code is be executed. It calls VG API to add a line into VG log.
Auditing features for Webform

The same process applies for a web site:
A VG Script Action would add a line in the log for each event you want to track (accessing application, opening a page…)

Visual Guard
(0 vote(s))
Not helpful

Comments (0)
Help Desk by Novalys