By Ben
Authorization and Profile Application Block 1.0 Research Report
Profile
Using WindowsPrincipal or GenericPrIncipal to implement authentication authorization. But permissions can only be separated to roles. Use the Authorization and Profile Application Block 1.0 not only effectively implement permission to allocate to the role, but also assign to tasks, operations.
2. Research Process
2.1. Overview
Authorization and Profile Application Block is a .NET authentication authorization development tool. Windows Passport Management and NTLM, which implement user authentication authorization.
Using Azman implementation is easy and flexible to implement Authorization, you can freely customize the profile content for easy development, you can have a variety of Profile data storage media ...
Run the Authorization and Profile Application Block to the system requirements environment L:
1) .NET FRAMEWORK VERSION 1.1
2) Data storage (such as: Profile data is saved with SQL, you need SQL Server)
3) Windows Server 2003 or Windows 2000 Server With Service Pack 4 (because Block's AzmanProvider needs Authorization Manager [Azman])
Three major components:
1) Microsoft.ApplicationBlocks.security.dll This block of some object concept definition layers
2) Microsoft.ApplicationBlocks.common.dll This Block's Provider definition layer
3) Microsoft.ApplicationBlocks.Security.Providers.dll can insert the logical layer of the Provider of the application system business layer
Install Block
Download Location: http://www.microsoft.com/downloads/details.aspx? FamilyId = BA983AD5-E74F-4BE9-B146-9D2D2C6F8E81 & DisplayLANG = EN
Run [Install Position] / Scurity/Database/Profile.sql Install the Profile Storage Database (DEMO).
(Procedural)
2.2. Research environment
WinXP, SQL Server 2000 SP
3A
.NET
Attachment: (Click to download the Demo attachment)
DemoApp Project: WIN Application Project
Microsoft.Iterop.Security.Azroles.dll: Authorization Manager
Common project: Auth Pro
Security / security project: Auth Pro
Security / Providers Project: Authorization and Profile processors provided by Auth Pro
2.3. Research ideas
1. Understand all the practices that are familiar with ASP.NET general verification
2. Know Authorization and Profile Application Block
3. Configure Authorization and Profile Application Block to develop use environments
4. Using Block, Design Profile Solution Demo
5. Using Block, Design Authorization Solution Demo
6. Summary Use Block's use and design ideas
2.4. Block Design Architecture
It is also possible to know that Authorization and Profile are basically independently managed, and the management structure is basically the same.
CONFIGURATION:
Can be saved in a config file or other media
data storage:
Can be SQL, XML and other media
It can be seen from the architectural diagram to see what is mainly or provided.
EXTENDED PRINCIPAL
Ordinary WindowsPrincipal or GenericPrincipal does not implement complex business, extendedprincipal inherits IPrIncipal is also customized:
BOOL CheckAccess is based on
StringCollection Gtroles gets all roles
2. Authorization Provider Interface
Provide IAuTHORIZATIONPROVIDER:
Initialize
StringCollection Gtroles
Bool CheckAccess
3. Profile Provider Interface
Provide iProfileProvider: InitializeObject CreateIdentInsesupported
Optional:
è iProfileReaderProviderè iProfileWriterProvider
2.5.Authorization module
2.5.1. Development and application
è Join the common provided by the Block in a custom Solution, Security two Project
è New Providers projects to handle the logical use of Authorization. Quote CommON and Security project
è Creating a custom Provider class, must: based on iaurtizationProvider and implement three methods
Here is the use of XML and AZMAN management user rights two development application methods
1) Use XML
As the Authorization / AzxmlProvider.cs under the Providers project in an attachment. It is mainly the request to configure the user if the user has permission to perform the task from AzxmlProvider.xml in the CheckAccess method.
2) Use azman
If you use Azman (Windows 2003 Administration Tools / Windows 2000 Server SP4 Authorization Manager), you will reference Microsoft.Interop.Security.Azroles.
Method brief:
1. Find azroles.dll under C: / Windows / System32
2. TLBIMP Command Line Tools with .NET 1.1 will convert Azroles.dll this COM DLL conversion: tlbimp azroles.dll / out: microsoft.interop.security.azroles.dll / namespace: Microsoft.Interop.Security.AZROLES
3. Providers item references Microsoft.Iterop.security.azroles.dll
4. Set up user permissions (omitted) on the MMC of Authorization Manager
The Authorization / AzmanProvider.cs under the Providers project in an attachment. The three methods of implementing IAUTHORIZATIONPROVIDER are the ways to call Azman.
2.5.2. Setting of Configuration
Set the Provider to reference
As an attachment app.config:
Annex defines two Authorization Provider: Microsoft.ApplicationBlocks.Security.Authorization.AzManProvider and Microsoft.ApplicationBlocks.Security.Authorization.AzXmlProvider identification names are azmanProvider, AzXmlProvider.
Apply Provider, see the code:
ExtendedPrincipal Principal = extendedPrincipal.create (thread.currentprincipal.Identity);
...
Principal.authorizationProvider =
"azmanprovider"; // OR azxmlprovider;
2.6. Profile module
Slightly, don't focus, please refer to the Form1.cs under the attachment DemoApp project.
3. Summary
1) Authorization and profile application block 1.0 provides an interface that allows us to customize Provider to flexibly implement user authentication authorization actions.
2) Permission assignment can be subdivided to Operation, and user privileges are completely based on the setting of Authorization Manager (or XML, etc.)
3) Use very convenient to effectively improve the development quality of verification authorization
4. Reference
Serial number
name
source
1
Help for Auth Pro AB 1.0
Block installation directory
2
Designing Application-Management Authorization.pdf
3
MS - building secure asp.net coplications.pdf
4
5
6
