Today, I will introduce the Security Application Block in Enterprise Library 2.0, which helps programs developers implement most of the functions related to authorization in the application, not only that, but also supports the authorization of users in our system and authorization data. It mainly includes several components:
1. Reduce the quantity of code;
2. Keep the consistency of security management in the application;
3. Provide a method of implementation of many security issues in applications;
4, scalable, support custom provider.
...
Regarding the introduction to the Security Application Block, I don't say more, I can refer to the help documentation. Let's take a look at how to configure Security Application Block, first open the configuration tool, create a new security application block, as follows: and then create an Authorization Rule Provider under the Authorization node, name RuleProvider, as follows: Now you can create it under the RuleProvider node, create A series of rules (Rule). As shown below: New rules, we also need to define an expression for this rule, used to determine whether to meet this rule in the program, as shown below: As shown, we define the identity of the user who can pass the rule must be User or admin. We can define a variety of rules according to our actual needs. Finally, we can allocate a default Authorization instance for our Structure Application Block, as shown in Figure: At this point, there are more details in our configuration file:
<
section
Name
= "SecurityConfiguration"
Type
= "Microsoft.Practices.Enterpriselibrary.security.configuration.securitySettings, Microsoft.Practices.EnterpriseLibrary.security, Version = 2.0.0.0, Culture = neutral, publickeyToken = NULL"
/>
<
SecurityConfiguration
DefaultAuthorizationInstance
= "RuleProvider"
DefaultSecurityCacheInstance
= ""
>
<
AuthorizationProviders
>
<
Add
Type
= "Microsoft.Practices.Enterpriselibrary.Security.AuthorizationRuleProvider, Microsoft.Practices.EnterpriseLibrary.Security, Version = 2.0.0.0, Culture = NEUTRAL, PUBLICKEYTOKEN = NULL"
Name
= "RuleProvider"
>
<
Rules
>
<
Add
EXPRESSION
= "R: User or r: admin"
Name
= "Rule"
/>
Rules
>
Add
>
AuthorizationProviders
>
SecurityConfiguration>
It is said that the configuration of the Security Application Block is here.
Let's take a look at the difference between Enterprise Library 2.0's Security Application Block and version 1.0, because the new features of roles and members' management are provided in ASP.NET 2.0, so there is a certain difference in some aspects and 1.0 versions: Because ASP.NET 2.0 provides two classes of MemberShip, Roles, which contains authentication users, role management, and settings and read features for Profile information, so Security Application Block 2.0 removes these features. Therefore, the main difference from version 1.0 is the following three aspects: first importing the following two namespaces: use system.web.profile; using system.web.security; 1. Verifying the user's method is as follows:
/ ** /
///
public
Bool
CHECKUSER
String
Username,
String
PASSWORD)
{Return Membership.validateUser (username, password);
2, read or set the profile information
/ ** /
///
[TestMethod]
public
Void
Useprofile ()
{IIdentity identity; identity = new GenericIdentity ( "SHY520", Membership.Provider.Name); // Set Profile ProfileBase setuserProfile = ProfileBase.Create (identity.Name); setuserProfile [ "Name"] = "SHY520"; setuserProfile [ " Address "] =" Wuhu China "; // save Profile information setuserProfile.Save (); // read Profile information ProfileBase readuserProfile = ProfileBase.Create (identity.Name); string Name = readuserProfile [" Name "] ToString (. ); String address = readuserprofile ["address"]. ToString (); assert.Arequal (name, "shy520"); assert.Areequal (address, "wuhu china);} 3, get a list of roles belonging to a user
/ ** /
///
public
String
GetUserRoles ()
{IIDENTITY IDENTIN = New GenericIdentity ("Shy520", Member); Return Roles.Getrolesforuser (Identity.Name);}
The difference from the previous version is basically the above, let's take a look at the basic method of use of Security Application Block 2.0:
1. Assign an authorized user: Security Application Block places the authorized user's identity information into the cache, and returns a token, so we need to configure a security cache before using this party. Not much to say, you can refer to the official tutorial, follow the code in the configured app.config:
<
SecurityCacheProviders
>
<
Add
CachemanagerinstanceName
= "Cache Manager"
DefaultlidingSessionExpirationinminutes
= "10"
DefaultAbsolutionsSessionExpirationinminutes
= "60"
Type
= "Microsoft.Practices.EnterpriseLibrary.Security.Cache.CachingStore.CachingStoreProvider, Microsoft.Practices.EnterpriseLibrary.Security.Cache.CachingStore, Version = 2.0.0.0, Culture = neutral, PublicKeyToken = null" name
= "CACHING Store Provider"
/>
SecurityCacheProviders
>
This code is in the SecurityConfiguration section, where cacheManagerInstanceName is an instance we configured in the Caching Application Block.
/ ** /
///
public
IToken SaveUserInfo ()
{ISecurityCacheProvider sc = securitycachefactory.getSecurityCacheProvider ("cache manager"); // put the user identity into the cache and return a ITOKEN type of marker returnis sc.SaveIdentity (New GenericIdentity);}
2, use token to verify that the user has been authorized
/ ** /
///
public
Bool
CheckUserbyToken (Itoken Token)
{ISecurityCacheProvider sc = SecurityCacheFactory.GetSecurityCacheProvider ( "Cache Manager"); // get the corresponding identity Token IIdentity IIdentity savedIdentity = sc.GetIdentity (token); // Returns whether the identification has been authorized savedIdentity.IsAuthenticated return;}
3, end User Session (even if Tokeen expires)
/ ** /
///
public
Void
CloseUsession ()
{ISecurityCacheProvider sc = SecurityCacheFactory.GetSecurityCacheProvider ( "Cache Manager"); // save the identity IToken token = sc.SaveIdentity (new GenericIdentity ( "SHY520")); // make the identity expired sc.ExpireIdentity (token);} 4, is determined Whether the user meets certain rules First, you need to import the following namespace: use system.security.principal; using microsoft.practices.EnterpriseLibrary.security;
/ ** /
///
public
Bool
CheckUserRolebyRule
String
Username,
String
Role,
String
Rule)
{IPrincipal principal = new GenericPrincipal (new GenericIdentity (username), new string [] {role}); // create a default instance Authorization IAuthorizationProvider autoprovider = AuthorizationFactory.GetAuthorizationProvider (); // Returns verify by return autoprovider.Authorize ( Principal, rule);
Through the above method, you can simply implement the identification of user rights. For the simple application of Security Application Block, you will talk about how to realize custom Authorization Provider. 1, first we build your own Provider class, which requires AuthorizationProvider; 2, and adds the attribute; 3, add constructor, parameter to the NameValueCollection type; 4, overlay base class The authorize method in which you have added your own verification, you have completed a custom authorization provider. The complete class is as follows:
Using
System;
Using
System.collections.Generic;
Using
System.Text;
Using
Microsoft.Practices.EnterpriseLibrary.security; using
System.collections.Specialized;
Using
System.security.principal;
Using
Microsoft.practices.EnterpriseLibrary.Common.configuration;
Using
Microsoft.Practices.EnterpriseLibrary.security.configuration;
Namespace
Enterprise_library_2
{[ConfigurationElementType (typeof (CustomAuthorizationProviderData))] public class CustomProvider: AuthorizationProvider {public CustomProvider (NameValueCollection configurationItems) {} public override bool Authorize (IPrincipal principal, string context) {// TODO: need to add authentication authorization herein Logic can be return true;}}}
Regarding the introduction of Security Application Block, I said that there is a negligent place, please refer to it, I hope to help beginners!