how to use NetSqlAzManAuthorization from code?

Nov 5, 2009 at 6:51 PM

Hello Andrea,

Could you explain  how can NetSqlAzManAuthorization be used as a Attribute? with example.I don't see any documentation to it.

Other question I have about check access method

 Should checkaccess method need to be called to see if user has access, for every security sensitive operation or  Is there any way I can use declarative approach like NetSqlAzManAuthorization?

Thanks,

Satya.

 

 

 

Nov 5, 2009 at 8:52 PM

Hi,

an example is reported into the Build History file (.rtf) (3.5.3.0 version):

o Added the ability to CheckAccess through .NET Attributes.
Thanks to news75. Work Item 2567: http://netsqlazman.codeplex.com/WorkItem/View.aspx?WorkItemId=2567

§ Added two classes: NetSqlAzManAuthorizationAttribute and NetSqlAzManAuthorizationContext (namespace: NetSqlAzMan)
Example:

[Form1.Designer.cs]
[NetSqlAzManAuthorization("My operation", " Visible", false)] //If NOT CheckAccess(...) => button1.Visible = false

private System.Windows.Forms.Button button1;

[NetSqlAzManAuthorization("My Role", "Enabled", false)] //If NOT CheckAccess(...) => saveToolStripMenuItem.Enabled = false

private System.Windows.Forms.ToolStripMenuItem saveToolStripMenuItem;

[Form1.cs]
private
void Form2_Load(object sender, EventArgs e)

      {

            //Initialize the NetSqlAzMan Context

                        NetSqlAzManAuthorizationContext ctx = new NetSqlAzManAuthorizationContext(

                "data source=(local);Initial Catalog=NetSqlAzManStorage;User id=sa;password=",

                            "Store Name",

                "Application Name",

                WindowsIdentity.GetCurrent(),

                true); //True to use StorageCache, false to direct check access

                        //Optionally you can intercept events before and after the Access Check

                        //ctx.BeforeCheckAccess += new BeforeCheckAccessHandler(NetSqlAzManAuthorizationContext_BeforeCheckAccess);

                        //ctx.AfterCheckAccess += new AfterCheckAccessHandler(NetSqlAzManAuthorizationContext_AfterCheckAccess);

                        //If using the Storage Cache … you can also invalidate the cache

                        //ctx.InvalidateCache();    

[…]

//Finally … check the security for all Attributes

                        ctx.CheckSecurity(this);

      }

      //void NetSqlAzManAuthorizationContext_AfterCheckAccess(NetSqlAzManAuthorizationContext context, NetSqlAzManAuthorizationAttribute attribute, ref bool partialResult)

      //{

      //    //Do something before checking the access

      //}

      //void NetSqlAzManAuthorizationContext_BeforeCheckAccess(NetSqlAzManAuthorizationContext context, NetSqlAzManAuthorizationAttribute attribute)

      //{

//    //Do something after access check
//}

__________________________________
Andrea Ferendeles
NetSqlAzMan Project Coordinator  
E-mail aferende@hotmail.com Web http://netsqlazman.codeplex.com

Nov 5, 2009 at 10:26 PM

thanks Andera. However below code never works for me

[NetSqlAzManAuthorization("Role_1", "Enabled", false)] //If NOT CheckAccess(...) => saveToolStripMenuItem.Enabled = false
   private System.Windows.Forms.ToolStripMenuItem saveToolStripMenuItem;

 

For "Role_1" authorization type set to deny and still this menu is always enabled regardless of what authorization type it is.

Any ideas?

Thanks,

Satya.

 

 

 

Nov 6, 2009 at 7:28 AM

You forgot to invoke NetSqlAzManAuthorizationContext.CheckSecurity(…) into the Form_Load event handler:

Example:

private void Form1_Load(object sender, EventArgs e)

{

//Initialize the NetSqlAzMan Context

NetSqlAzManAuthorizationContext ctx = new NetSqlAzManAuthorizationContext(

"data source=(local);Initial Catalog=NetSqlAzManStorage;User id=sa;password=",

"Store Name",

"Application Name",

WindowsIdentity.GetCurrent(),

true); //True to use StorageCache, false to direct check access

//Optionally you can intercept events before and after the Access Check

//ctx.BeforeCheckAccess += new BeforeCheckAccessHandler(NetSqlAzManAuthorizationContext_BeforeCheckAccess);

//ctx.AfterCheckAccess += new AfterCheckAccessHandler(NetSqlAzManAuthorizationContext_AfterCheckAccess);

//If using the Storage Cache … you can also invalidate the cache

//ctx.InvalidateCache();

[…]

//Finally … check the security for all Attributes

ctx.CheckSecurity(this);

}

__________________________________
Andrea Ferendeles
NetSqlAzMan Project Coordinator  
E-mail aferende@hotmail.com Web http://netsqlazman.codeplex.com

Nov 6, 2009 at 2:49 PM

Thanks Andrea!

One more question  about passing DBuser Identity to NetSqlAzManAuthorizationContext ctx = new NetSqlAzManAuthorizationContext("data source=(local);Initial Catalog=NetSqlAzManStorage;User;password=","Store Name","Application Name",WindowsIdentity.GetCurrent(),true);

What are the ways I could get DBUserIdentity?

I am thinking of using below code however I am not convinced myself creating SqlAzManStorage object just to get DBUserIdentity.

IAzManStorage storage = new SqlAzManStorage(sqlConnectionString)

IAzManDBUser dbUser = storage.GetDBUser(dbUserName);

Any thoughts?

Thanks,

Satya

 

Nov 6, 2009 at 10:17 PM

storage.GetDBUser(dbUserName) is the right way to get a DB User SID.

If you need more then one db user just keep alive the storage instance.

Regards,
Andrea.

__________________________________
Andrea Ferendeles
NetSqlAzMan Project Coordinator  
E-mail aferende@hotmail.com Web http://netsqlazman.codeplex.com

Nov 17, 2009 at 7:57 PM

 

 Hello Andrea,

I am using  Project type Website(ASP.NET) , as you know it does create any designer.vb/.cs files which causing issue for me while disable or enable controls on web page using

NetSqlAzManAuthorization.

For Web applications, I could sucessfully apply NetSqlAzManAuthorization like below but not for Web site project types as there is no designer.cs/vb file generated for it

[Form1.Designer.cs/vb]
[NetSqlAzManAuthorization("My operation", " Visible", false)] //If NOT CheckAccess(...) => button1.Visible = false

private System.Windows.Forms.Button button1;

[NetSqlAzManAuthorization("My Role", "Enabled", false)] //If NOT CheckAccess(...) => saveToolStripMenuItem.Enabled = false

I am wondering  how it could be done for Web sites?

Thanks,

Satya.