Microsoft Enterprise Library: Security Application Block

Exclusive offer: get 50% off this eBook here
Microsoft Enterprise Library 5.0

Microsoft Enterprise Library 5.0 — Save 50%

Develop Enterprise applications using reusable software components of Microsoft Enterprise Library 5.0 with this book and eBook

$29.99    $15.00
by Sachin Joshi | December 2010 | Enterprise Articles Microsoft

Security is of prime importance for any application, especially enterprise applications where the business impact is potentially high. At the very core, security is a two step mechanism.

In this article by Sachin Joshi, author of Microsoft Enterprise Library 5.0, you will be introduced to the Security Application Block.

 

Microsoft Enterprise Library 5.0

Microsoft Enterprise Library 5.0

Develop Enterprise applications using reusable software components of Microsoft Enterprise Library 5.0

  • Develop Enterprise Applications using the Enterprise Library Application Blocks
  • Set up the initial infrastructure configuration of the Application Blocks using the configuration editor
  • A step-by-step tutorial to gradually configure each Application Block and implement its functions to develop the required Enterprise Application

 

        Read more about this book      

(For more resources on Microsoft Enterprise Library, see here.)

The first step is the process of validating an identity against a store (Active Directory, Database, and so on); this is commonly called as Authentication. The second step is the process of verifying whether the validated identity is allowed to perform certain actions; this is commonly known Authorization. These two security mechanisms take care of allowing only known identities to access the application and perform their respective actions. Although, with the advent of new tools and technologies, it is not difficult to safeguard the application, utilizing these authentication and authorization mechanisms and implementing security correctly across different types of applications, or across different layers and in a consistent manner is pretty challenging for developers. Also, while security is an important factor, it's of no use if the application's performance is dismal. So, a good design should also consider performance and cache the outcome of authentication and authorization for repeated use.

The Security Application Block provides a very simple and consistent way to implement authorization and credential caching functionality in our applications. Authorization doesn't belong to one particular layer; it is a best practice to authorize user action not only in the UI layer but also in the business logic layer. As Enterprise Library application blocks are layer-agnostic, we can leverage the same authorization rules and expect the same outcome across different layers bringing consistency. Authorization of user actions can be performed using an Authorization Provider; the block provides Authorization Rule Provider or AzMan Authorization Provider; it also provides the flexibility of implementing a custom authorization provider. Caching of security credentials is provided by the SecurityCacheProvider by leveraging the Caching Application Block and a custom caching provider can also be implemented using extension points. Both Authorization and Security cache providers are configured in the configuration file; this allows changing of provider any time without re-compilation.

The following are the key features of the Security block:

  • The Security Application Block provides a simple and consistent API to implement authorization.
  • It abstracts the application code from security providers through configuration.
  • It provides the Authorization Rule Provider to store rules in a configuration file and Windows Authorization Manager (AzMan) Authorization Provider to authorize against Active Directory, XML file, or database.
  • Flexibility to implement custom Authorization Providers.
  • It provides token generation and caching of authenticated IIdentity, IPrincipal and Profile objects.
  • It provides User identity cache management, which improves performance while repeatedly authenticating users using cached security credentials.
  • Flexibility to extend and implement custom Security Cache Providers.

Developing an application

We will explore each individual Security block feature and along the way we will understand the concepts behind the individual elements. This will help us to get up to speed with the basics. To get started, we will do the following:

  • Reference the Validation block assemblies
  • Add the required Namespaces
  • Set up the initial configuration

To complement the concepts and allow you to gain quick hands-on experience of different features of the Security Application Block, we have created a sample web application project with three additional projects, DataProvider, BusinessLayer, and BusinessEntities, to demonstrate the features. The application leverages SQL Membership, Role, and Profile provider for authentication, role management, and profiling needs. Before running the web application you will have to run the database generation script provided in the DBScript folder of the solution, and update the connection string in web.config appropriately. You might have to open the solution in "Administrator" mode based on your development environment. Also, create an application pool with an identity that has the required privileges to access the development SQL Server database, and map the application pool to the website. A screenshot of the sample application is shown as follows:

(Move the mouse over the image to enlarge.)

Referencing required/optional assemblies

For the purposes of this demonstration we will be referencing non-strong-named assemblies but based on individual requirements Microsoft strong-named assemblies, or a modified set of custom assemblies can be referenced as well. The list of Enterprise Library assemblies that are required to leverage the Security Application Block functionality is given next. A few assemblies are optional based on the Authorization Provider and cache storage mechanism used. Use the Microsoft strong-named, or the non-strong-named, or a modified set of custom assemblies based on your referencing needs.

The following table lists the required/optional assemblies:

Assembly Required/Optional
Microsoft.Practices.EnterpriseLibrary.Common.dll Required
Microsoft.Practices.ServiceLocation.dll Required
Microsoft.Practices.Unity.dll Required
Microsoft.Practices.Unity.Interception.dll Required
Microsoft.Practices.Unity.Configuration.dll Optional

Useful while utilizing Unity configuration classes in our code

Microsoft.Practices.EnterpriseLibrary.Security.dll Required
Microsoft.Practices.EnterpriseLibrary.Security.AzMan.dll Optional

Used for Windows Authorization Manager Provider

Microsoft.Practices.EnterpriseLibrary.Security.Cache.CachingStore.dll Optional

Used for caching the User identity

Microsoft.Practices.EnterpriseLibrary.Data.dll Optional

Used for caching in Database Cache Storage

Open Visual Studio 2008/2010 and create a new ASP.NET Web Application Project by selecting File | New | Project | ASP.NET Web Application; provide the appropriate name for the solution and the desired project location. Currently, the application will have a default web form and assembly references. In the Solution Explorer, right-click on the References section and click on Add Reference and go to the Browse tab. Next, navigate to the Enterprise Library 5.0 installation location; the default install location is %Program Files%\Microsoft Enterprise Library 5.0\Bin. Now select all the assemblies listed in the previous table, excluding the AzMan-related assembly (Microsoft.Practices.EnterpriseLibrary.Security.AzMan.dll).

The final assembly selection will look similar to the following screenshot:

Microsoft Enterprise Library

Microsoft Enterprise Library 5.0 Develop Enterprise applications using reusable software components of Microsoft Enterprise Library 5.0 with this book and eBook
Published: November 2010
eBook Price: $29.99
Book Price: $49.99
See more
Select your format and quantity:
        Read more about this book      

(For more resources on Microsoft Enterprise Library, see here.)

Adding initial security settings

Before we can leverage the features of the Security Application Block, we have to add the initial Security Settings to the configuration. Open the Enterprise Library configuration editor either using the shortcut available in Start | All Programs | Microsoft patterns & practices | Enterprise Library 5.0 | Enterprise Library Configuration or just by right-clicking the configuration file in the Solution Explorer window of Visual Studio IDE and clicking on Edit Enterprise Library V5 Configuration. Initially, we will have a blank configuration file with default Application Settings and Database Settings.

The following screenshot shows the default configuration settings:

Microsoft Enterprise Library

Let us go ahead and add the Security Settings in the configuration file. Select the menu option Blocks, which lists many different settings to be added to the configuration, and click on the Add Security Settings menu item to add the security configuration settings.

The following screenshot shows the available options in the Blocks menu:

Microsoft Enterprise Library

Once we click on the Add Security Settings the configuration editor will display the default Security Settings as shown in the following screenshot.

Microsoft Enterprise Library

The Security Settings consist of Authorization Providers, Security Caches and Authorization Rules. Authorization Rules can be configured only while using Authorization Rule Provider. We will change the configuration further but for now, we are in good shape with regards to the initial infrastructure configuration.

Adding namespaces

We will be leveraging types from several different namespaces and so to make our life easy we can add the given namespace to the source code file to use the Security block elements without fully qualifying the references. Although we will be using EnterpriseLibraryContainer to instantiate objects (we will also add Microsoft.Practices.EnterpriseLibrary.Common.Configuration namespace to the source file), the Unity Namespace section is listed to make you aware of the availability of the alternative approach of instantiating objects.

  • Core Namespace:
    • Microsoft.Practices.EnterpriseLibrary.Security
  • Configuration Namespace (Optional): Required while using the EnterpriseLibraryContainer to instantiate objects.
    • Microsoft.Practices.EnterpriseLibrary.Common.Configuration
  • Unity Namespace (Optional): Required while instantiating objects using UnityContainer.
    • System.Configuration
    • Microsoft.Practices.Unity
    • Microsoft.Practices.Unity.Configuration

Creating security application block objects

We have several options at hand while creating objects, such as using a static factory class, using Unity service locator and using Unity container directly. A few approaches such as configuring the container through a configuration file or code are not listed here but the recommended approach is either to use the Unity Service Locator for applications with few dependencies or create objects using Unity container directly to leverage the benefits of this approach. Use of a static factory class is not recommended.

Using the static factory class

Static factory classes were the default approach for creating objects with versions prior to 5.0. This approach is no longer recommended but is still available for backward compatibility.

The following is the syntax to create deafult and named Authorization Provider instances using the static AuthorizationFactory class:

//Instantiating Using Static Factory - Default Authorization Provider
IAuthorizationProvider defaultAuthorizationProvider =
AuthorizationFactory.GetAuthorizationProvider();

//Instantiating Using Static Factory - Named Authorization Provider
IAuthorizationProvider namedAuthorizationProvider =
AuthorizationFactory.GetAuthorizationProvider("AuthzProvider");

The following is the syntax to create deafult and named Security Cache Provider instances using the static SecurityCacheFactory class:

//Instantiating Using Static Factory - Default Security Cache
Provider ISecurityCacheProvider defaultSecurityCacheProvider
= SecurityCacheFactory.GetSecurityCacheProvider();

//Instantiating Using Static Factory - Named Security Cache
Provider ISecurityCacheProvider namedSecurityCacheProvider
= SecurityCacheFactory.GetSecurityCacheProvider("SecurityCache");

Using Unity service locator

This approach is recommended for applications with few dependencies. The EnterpriseLibraryContainer class exposes a static property called Current of type IServiceLocator, which resolves and gets an instance of the specified type.

The following is the syntax to create default and named Authorization Provider instances using the EnterpriseLibraryContainer class:

//Instantiating Using Unity Service Locator - Default Authorization
Provider
IAuthorizationProvider defaultAuthorizationProvider =
EnterpriseLibraryContainer.Current.GetInstance<IAuthorizationProvid
er>();

//Instantiating Using Unity Service Locator - Named Authorization
Provider
IAuthorizationProvider namedAuthorizationProvider =
EnterpriseLibraryContainer.Current.GetInstance<IAuthorizationProvid
er>("AuthzProvider");

The following is the syntax to create default and named Security Cache Provider instances using the EnterpriseLibraryContainer class:

//Instantiating Using Unity Service Locator - Default Security Cache
Provider
ISecurityCacheProvider defaultSecurityCacheProvider =
EnterpriseLibraryContainer.Current.GetInstance<ISecurityCacheProvid
er>();

//Instantiating Using Unity Service Locator - Named Security Cache
Provider
ISecurityCacheProvider namedSecurityCacheProvider =
EnterpriseLibraryContainer.Current.GetInstance<ISecurityCacheProvid
er>("SecurityCache");

Using Unity container directly

Larger complex applications demand looser coupling; this approach leverages the dependency injection mechanism to create objects instead of explicitly creating instances of concrete implementations. Unity container stores the type registrations and mappings in the configuration file and instantiates the appropriate type whenever requested. This allows us to change the type in the configuration without re-compiling the code and essentially to change the behavior from outside.

The following is the syntax to create default and named Authorization Provider instances using the UnityContainer class:

var container = new UnityContainer();
container.AddNewExtension<EnterpriseLibraryCoreExtension>();

//Instantiating Using Unity Container Directly - Default Authorization
Provider
IAuthorizationProvider defaultAuthorizationProvider = container.Resolv
e<IAuthorizationProvider>();

//Instantiating Using Unity Container Directly - Named Authorization
Provider
IAuthorizationProvider namedAuthorizationProvider = container.Resolve<
IAuthorizationProvider>("AuthzProvider");

The following is the syntax to create default and named Security Cache Provider instances using the UnityContainer class:

var container = new UnityContainer();
container.AddNewExtension<EnterpriseLibraryCoreExtension>();

//Instantiating Using Unity Container Directly - Default Security
Cache Provider
ISecurityCacheProvider defaultSecurityCacheProvider = container.Resolv
e<ISecurityCacheProvider>();

//Instantiating Using Unity Container Directly - Named Security Cache
Provider
ISecurityCacheProvider namedSecurityCacheProvider = container.Resolve<
ISecurityCacheProvider>("SecurityCache");

Summary

In this article we discussed the key features of the Security Application Block.

In the next article, Microsoft Enterprise Library: Authorization and Security Cache, we will explore the elements of Authorization and Security Cache Providers.


Further resources on this subject:


Microsoft Enterprise Library 5.0 Develop Enterprise applications using reusable software components of Microsoft Enterprise Library 5.0 with this book and eBook
Published: November 2010
eBook Price: $29.99
Book Price: $49.99
See more
Select your format and quantity:

About the Author :


Sachin Joshi

Sachin Joshi holds a Master's Degree in Computer Applications and a Bachelor's Degree in Business Administration; he is a Microsoft Certified Professional Developer in ASP.NET and Microsoft Certified Technology Specialist in WCF and .NET 3.5 Windows. He has over 5 years of industry experience developing enterprise applications with Microsoft .NET and related technologies. Sachin was performing a juggling act between his college degree and running his own optical business for around 5 years before joining the IT industry.

Sachin is currently working as a Consultant in a reputed software company in Hyderabad, India. He has several years of experience in designing and architecting solutions for various domains and he has been involved with several complex engagements. His technical strengths include C, C++, C#, VB.NET, Microsoft .NET, AJAX, Design Patterns, SQL Server, JavaScript, and more. His current passion is Vala (http://live.gnome.org/Vala) a new C#-like programming language with the power of C.

Sachin blogs at http://fuzzydev.com and spends most of his time reading books and playing with different technologies. When not at work, Sachin spends time with his family, watching movies and playing video games. He and his wife have not only pledged but are working towards spreading awareness of the noble cause of organ donation. Sachin has a dream of opening a library for students who are economically disadvantaged, to enable them to grow. In the technology arena, Sachin is currently working on an open source project code named Apocalypse – lifting of the veil, a CMS based on ASP.NET 4.0.

Books From Packt


Microsoft Dynamics NAV 2009 Application Design
Microsoft Dynamics NAV 2009 Application Design

Microsoft Silverlight 4 Business Application Development: Beginner’s Guide
Microsoft Silverlight 4 Business Application Development: Beginner’s Guide

Microsoft Dynamics NAV 2009 Programming Cookbook
Microsoft Dynamics NAV 2009 Programming Cookbook

Application Development for IBM WebSphere Process Server 7 and Enterprise Service Bus 7
Application Development for IBM WebSphere Process Server 7 and Enterprise Service Bus 7

Microsoft Azure: Enterprise Application Development
Microsoft Azure: Enterprise Application Development

IBM Lotus Sametime 8 Essentials: A User's Guide
IBM Lotus Sametime 8 Essentials: A User's Guide

Microsoft Windows Workflow Foundation 4.0 Cookbook
Microsoft Windows Workflow Foundation 4.0 Cookbook

Applied Architecture Patterns on the Microsoft Platform
Applied Architecture Patterns on the Microsoft Platform


No votes yet

Post new comment

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
c
A
k
P
R
a
Enter the code without spaces and pay attention to upper/lower case.
Code Download and Errata
Packt Anytime, Anywhere
Register Books
Print Upgrades
eBook Downloads
Video Support
Contact Us
Awards Voting Nominations Previous Winners
Judges Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software
Resources
Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software