Chapter 7. The Security Application Block


With all of the viruses, worms, and theft that appears to be rampant in cyberspace today, securing applications has been thrust to the forefront of application design. Software architects cannot ignore the threats that exist to an application and the data that drive it. These concerns are especially true for enterprise applications that will live on the corporate network and most probably will leverage the Internet in some way. Additionally, government legislation is demanding that enterprise applications either meet certain security criteria or cease to exist. I have been in more than one company that feared it would have to "turn off" production applications because of new, more rigorous security audits.

Architects and developers can use a helping hand as the pressures rise for designing and developing applications that answer the call of this strict legislation and the ever increasing security risks. The Security Application Block is intended to help. While it isn't intended to solve every security issue that might arise in an application, it is designed to help in five main areas that deal with user data and the tasks those users are entitled to perform. Specifically, the Security Application Block has been designed to address the following areas.

  • Authentication

  • Caching profile information and security-related credentials

  • Authorization

  • Role management

  • Profile management

Typically, this type of data about the users of an application exists in a variety of data stores. Very often, relational databases are used to store some of this information. In many enterprises, some form of LDAP user store like Microsoft Active Directory or Active Directory Application Mode (ADAM) is used. Authorization information might be contained in code, files, databases, or products like Authorization Manager. The Security Application Block allows developers of an application to be indifferent as to where the data for user information is stored. Thus, you can concentrate on ensuring that applications are authenticating and authorizing users at appropriate points in an application and not how or where that authentication or authorization occurs.

This chapter discusses how the features in the Security Application Block work and how any one of them can be extended if your needs are different than the out-of-the-box functionality. The Security Application Block is a bit different from the other application blocks in that there are many disparate providers and none of the providers rely on any of the others to accomplish their functionality.

There is a dependency in the block, though; the DbAuthenticationProvider, DbRoleProvider, and DbProfileProvider rely on the existence of a specific database schema to function properly. Therefore, the chapter begins with the design of the Security Application Block and details the purpose and use of the Security Database. It then shows the design for authentication, the Security Cache, authorization, role management, and profile management. Each of these sections describes how the relevant providers in the Security Application Block work and gives examples of how to extend the functionality if you need to.

The chapter ends with a description of how to configure and develop against each of the different providers included in the Security Application Block. If an application only needs to access users, roles, and profiles from a database, and can use the AuthorizationRuleProvider that ships with this block for its authorization needs, you don't need to develop any custom extensions. The point of the custom extensions is merely to show that the capability exists should you need it.




Fenster Effective Use of Microsoft Enterprise Library(c) Building Blocks for Creating Enterprise Applications and Services 2006
Effective Use of Microsoft Enterprise Library: Building Blocks for Creating Enterprise Applications and Services
ISBN: 0321334213
EAN: 2147483647
Year: 2004
Pages: 103
Authors: Len Fenster

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net