How to secure LinQ with Visual Guard

To secure Linq with Visual Guard you have to:

Add the assemblies of Visual Guard as references of your project.
Integrate Visual Guard in the code of your application.
Create a Visual Guard repository and declare your application by using the Visual Guard console. This repository will contain all security items (users, roles, permissions ...) of your application.
Generate the Visual Guard configuration files by using the Visual Guard console. These configuration files will be needed to connect your application to the repository.
Grant read/write permissions to the repository.

Referencing Visual Guard assemblies

In order to use Visual Guard, you must add references to Visual Guard assemblies:

Opens the solution of your project in Visual Studio.
In the solution explorer, expands the project node.
Right-click the Project node for the project and select Add Reference from the shortcut menu.
In .Net tab, select the 3 assemblies
1. Novalys.VisualGuard.Security
2. Novalys.VisualGuard.Security.<RepositoryType> (Files, SQLServer or Oracle)
3. Novalys.VisualGuard.Security.<ApplicationFrameworkType> (Depending on type of application's framework, whether .NetFramework or .NetCore)
And, then click the Select button, and then click the OK button

Note
In the list of assemblies, Visual Studio can display different versions of the Visual Guard assemblies. You must select the assembly corresponding to the version of the framework used in your project.

If the assemblies does not appear in this list you can use the Browse tab and select them in the directory <Visual Guard installation directory>Visual Guard Console

Note
Once the Visual Guard assemblies are referenced into project, you need to mark "Copy Local" property to "true" for each assembly.

Note
You must add either Novalys.VisualGuard.Security.NetFramework or Novalys.VisualGuard.Security.Core (Depending on type of application's framework)

Description of Visual Guard assemblies:

Novalys.VisualGuard.Security contains the main Visual Guard classes.
Novalys.VisualGuard.Security.Files contains the classes needed to access to a file based repository.
Novalys.VisualGuard.Security.SQLServer contains the classes needed to access to a repository stored in a Microsoft SQLServer database (SQLServer 2005 or higher). Available only in Visual Guard Enterprise Edition
Novalys.VisualGuard.Security.Oracle contains the classes needed to access to a repository stored in an Oracle database (9i or higher). Available only in Visual Guard Enterprise Edition
Novalys.VisualGuard.Security.NetFramework contains all classes required to support .Net Framework applications. This assembly is needed only if you want to integrate Visual Guard in .net framework applications.
Novalys.VisualGuard.Security.Core contains all classes required to support .Net Core applications. This assembly is needed only if you want to integrate Visual Guard in .net core applications.

Secure a stored Procedure

There is 1 main class in Visual Guard:

Novalys.VisualGuard.SecurityVGSecurityManager provides the main access point for interacting with Visual Guard. It provides authentication and authorization features, it allows to set the security of the object of your application.

In your data base you have a stored procedure. And you want to secure this stored procedure.

[SQL]

Copy

CREATE PROCEDURE selectProduct
AS
BEGIN
    SELECT [ID]
      ,[ProductCode]
      ,[ProductName]
      ,[CreateDate]
      ,[PaysID]
    FROM
      [ProductDB].[dbo].[Product]
END

In your class where you call you stored procedure, you have to:

1 - Load the security before all other code. In this case you will be sure to set the security of all the objects of your application. Visual Guard will not automatically set the security of this windows. In this case, you must set the security of this window after loading the permissions of the user (see the method VGSecurityManager.SetSecurity ).

[C#]

Copy

class ClassProduct: VGISecurable
{
    ....

    public ClassProduct()
    {
        VGSecurityManager.SetSecurity(this); //Load the security
    }
}

2 - Secure the stored procedure

Copy

[VGPrincipalPermission(SecurityAction.Demand, Name = "canReadProduct", Type = VGPermissionType.Permission)] //Secure the stored procedure
public IEnumerable <Product> getProduct()
{
    var result =  dc.selectProduct();
    return result;
}

Visual Guard is compatible with the standard PrincipalPermissionAttribute class. This attribute will check whether a user is authenticated or is a member of a role. Visual Guard also provides its own attribute: Novalys.VisualGuard.SecurityVGPrincipalPermissionAttribute This attribute is similar as the standard PrincipalPermissionAttribute class and allows to check a Visual Guard role or a Visual Guard permission

3 - In the visual Guard console in your application you have to create your permission. In this exemple the permission is "canReadProduct"

4 - Now, you can call the stored procedure on your code.

Copy

private void loadProduct()
{
    ClassProduct cProduct = new ClassProduct();
    try
    {
        DataContext = cProduct.getProduct(); //Call the stored procedure
    }
    catch (Exception E)
    {
        MessageBox.Show(E.Message);
    }
}

How to initialise a parameter of a stored procedure with a permission of a user

In our sample we want to list only the product of the user have right to manage.

1 - Create a stored procedure with a parameter to filter products by pays.

Copy

CREATE PROCEDURE selectProductByCodePays
(
@codePays char(3)
)
AS
BEGIN
  SELECT
      Prod.*
    FROM
      Product Prod,
    Pays P
    WHERE Prod.PaysID = P.ID
    AND P.CodePays = @codePays
END

2 - In your class, create a property to initialise it throw the permission.

Copy

string userPaysCode;
public string userPays
{
    get
    {
       return "";
    }
    set
    {
        ClassPays cPays = new ClassPays();
        var res = cPays.getPaysByName(value);
        userPaysCode = res.Single().CodePays;
    }
}

3 - In Visual Guard console, create a permission with a Argument named "PaysCode",

Select the class where you have created the property

Select the property "userPays" and initialise it with the argument of the permission.

Copy

this.userPays=<#Permission['PaysCode']>

4 - In your methode to call the stored procedure you have to give "userPay" in parameter.

Copy

public IEnumerable <Product> getProductByCodePays()
{
    var result =  dc.selectProductByCodePays(userPaysCode);
    return result;
}

How to secure a linq querry

To secure a Linq querry you have to:

Create a property to initialise it throw the permission,
Create a permission with a Argument in Visual Guard console,
Filter the linq querry with the parameter.

Copy

public int  userPaysID { get; set; }

public IEnumerable<Product> getProductByID()
{
    var result = from prod in dc.selectProduct() where prod.PaysID == userPaysID select prod;
    return result;
}

Other Resources

Debugging Visual Guard Security Actions

How to apply security in your application

How Visual Guard secures an application

How to generate or edit the Visual Guard configuration files

How to integrate Visual Guard in WinForm applications

How to integrate Visual Guard in WPF applications

How to integrate Visual Guard in ASP.net applications

How to integrate Visual Guard in MVC applications

How to integrate Visual Guard in WCF applications

How to integrate Visual Guard in WCF/Silverlight services