Lab 9: Configuring and Securing an Application

Lab 9: Configuring and Securing an Application

In this lab, you will modify the international business application you created in Lab 8. You will add code to allow the user to set the culture by editing the configuration file. You will then configure role-based security for your application to prevent unauthorized users from using it. Finally, you will configure code access security to prevent unauthorized printing. The solution to this lab is available on the Supplemental Course Materials CD-ROM in the \Labs\Ch09\Solution folder.

Before You Begin

Before you begin this lab, you must have either completed the Chapter 8 lab or loaded the Chapter 8 lab solution from the CD-ROM. Additionally, you must use a computer where you are a member of the Windows Administrators group.

Estimated lesson time: 45 minutes

Exercise 9.1: Adding the Configuration File

In this exercise, you will add a configuration file to your application, and then add code that reads a culture value from the configuration file and sets the CurrentCulture and the CurrentUICulture to that value. This exercise begins with the solution to the Chapter 8 lab already loaded into Visual Studio .NET.

To add the configuration file

1. In Solution Explorer, right-click frmLanguage and choose Delete. Click OK in response to the dialog box. frmLanguage is deleted from the project.

2. In Solution Explorer, right-click Form1 and choose View Code. The code window for Form1 opens.

3. Locate the constructor for Form1. Note that in Visual Basic .NET, you will have to open the Windows Form Designer generated code region. In the constructor, delete the following two lines of code:

   Visual Basic .NET

   Dim aForm As New frmLanguage() aForm.ShowDialog()

   Visual C#

   frmLanguage aForm = new frmLanguage(); aForm.ShowDialog();

4. Add a configuration file to your application. The method for doing this differs depending on the language you use.

Visual Basic .NET

1. From the Project menu, choose Add New Item.

2. In the Add New Item window, choose Application Configuration File. An application configuration file is added to your project.

Visual C#

1. From the Project menu, choose Add New Item.

2. In the Add New Item window, choose Text File. A new text file is added to your project and the text editor for it opens.

3. In Solution Explorer, right-click the new text file, and choose Rename. Rename the file App.config. In the text editor, add the following XML:

   <?xml version="1.0" encoding="utf-8" ?> <configuration> </configuration>

4. In Solution Explorer, double-click App.config, and choose Yes when asked if you would like to close it. The view reverts to the XML text editor for the App.config file.

5. In the XML text editor for the App.config file, add the following XML code. This code should be nested within the <configuration> element:

   <appSettings> <! Change the value of Culture to set the current culture --> <! Change the value of UICulture to set the current UI culture > <add key="Culture" value="it-IT" /> <add key="UICulture" value="it-IT" /> </appSettings>

6. In Solution Explorer, right-click Form1 and choose View Code. The code editor for Form1 opens.

7. In the constructor for Form1, add the following code to read the values from the configuration file and set the CurrentCulture and CurrentUICulture.

   Visual Basic .NET

   Dim Reader As New System.Configuration.AppSettingsReader() Threading.Thread.CurrentThread.CurrentCulture = New _ Globalization.CultureInfo(CType(Reader.GetValue("Culture", _ GetType(String)), String)) Threading.Thread.CurrentThread.CurrentUICulture = New _ Globalization.CultureInfo(CType(Reader.GetValue("UICulture", _ GetType(String)), String))

   Visual C#

   System.Configuration.AppSettingsReader reader = new System.Configuration.AppSettingsReader(); System.Threading.Thread.CurrentThread.CurrentCulture = new System.Globalization.CultureInfo((string) (reader.GetValue("Culture", typeof(string)))); System.Threading.Thread.CurrentThread.CurrentUICulture = new System.Globalization.CultureInfo((string) (reader.GetValue("UICulture", typeof(string))));

8. Press F5 to test your application. When Form1 opens, note that the user interface is displayed in Italian and the Euro symbol is used to format currency in the list box.

Exercise 9.2: Securing Your Application

In this exercise, you will add security code to your application. You will use imperative security to verify the role of the user, and then add a declarative security check to protect access to the printer.

To add security to your application

1. In Solution Explorer, right-click Form1 and choose View Code. The code editor for Form1 opens.

2. In the constructor for Form1, add the following code to restrict access to the application to members of the Windows built-in Administrators role:

   Visual Basic .NET

   AppDomain.CurrentDomain.SetPrincipalPolicy _ (System.Security.Principal.PrincipalPolicy.WindowsPrincipal) Dim myPerm As New _ System.Security.Permissions.PrincipalPermission(Nothing, _  "BUILTIN\Administrators") Try myPerm.Demand() Catch se As System.Security.SecurityException MessageBox.Show _ ("You do not have permission to run this program!") End End Try

   Visual C#

   AppDomain.CurrentDomain.SetPrincipalPolicy (System.Security.Principal.PrincipalPolicy.WindowsPrincipal); System.Security.Permissions.PrincipalPermission myPerm = new System.Security.Permissions.PrincipalPermission(null,  "BUILTIN\\Administrators"); try { myPerm.Demand(); } catch(System.Security.SecurityException se) { MessageBox.Show ("You do not have permission to run this program!"); throw se; }

3. Locate the btnPrint_Click method. Attach the following security attribute to this method to ensure that only trusted code is allowed to use the printer:

   Visual Basic .NET

   <Drawing.Printing.PrintingPermission _ (Security.Permissions.SecurityAction.Demand, _ Level:=Drawing.Printing.PrintingPermissionLevel.AllPrinting)>

   Visual C#

   [System.Drawing.Printing.PrintingPermission (System.Security.Permissions.SecurityAction.Demand, Level=System.Drawing.Printing.PrintingPermissionLevel.AllPrinting)]

4. In the btnPrint_Click method, add exception handling to wrap the printing attempt. For example:

   Visual Basic .NET

   Try PrintDocument1.Print() Catch MessageBox.Show("You do not have permission to print!") End Try 

   Visual C#

   try { printDocument1.Print(); } catch { MessageBox.Show("You do not have permission to print!"); }

5. Press F5 to test your application. The application should run normally.

   NOTE
   Your code will fail to run if you are not a member of the Administrators group. In this case, set the specified role to a Windows built-in group in which you are a member. If you receive a security exception when attempting to print, you should adjust the security policy for this assembly or ask the system administrator to do so.

6. In the line that creates the PrincipalPermission, change the specified role from BUILTIN\Administrators to a nonexistent Windows role, such as BUILT IN\Administratorss. Press F5 to build and run the program.

   The application denies you permission and fails to execute. In Visual Basic .NET, the application ends. In Visual C#, the application breaks on an un handled exception that is rethrown. Change the specified role back to BUILT IN\Administrators.

7. In the attribute specifying the PrintingPermission, change the security action from Demand to Deny. Press F5 to build and run the application and attempt to print.

   Permission to print is denied, and the user is informed. Return the security action to its original value and build the application.

8. From the File menu, choose Save All to save your work.