StrataFrame Security Documentation Send comments on this topic.
Creating a New Application with Security

Glossary Item Box

Purpose: Provide a step-by-step procedure on creating a new application with security.

Creating a New Application with Security

For a new applications, inclusion of security is greatly streamlined by using the StrataFrame Windows Application w/ Security template.  To create a new application using this template:

  1. Create New Project - Create a new Visual Studio Project using the StrataFrame template.
    1. Within Visual Studio, select New->Project under the File menu.  The New Project dialog will display.
    2. Select the StrataFrame option under the Visual Basic or Visual C# item to see the available StrataFrame project templates.
    3. Select the StrataFrame Windows Application w/ Security template and click the OK button.

      4. Note: The template name may be abbreviated by the Visual Studio dialog.  The Application w/ Security template may still be identified by clicking on each template and viewing the description.

  2. Custom Login Form - If a custom login form is desired, it may be created as a new SF Login Form item and launched within the AppMain.vb or program.cs file.  For more information, refer to the Creating a Custom Login Form help topic.
  3. Recommended Customizations - For security reasons, it is highly recommended that the following options be changed from the StrataFrame defaults within the AppMain.vb or program.cs file:
    1. Set Data Source Key - Set the Security Data Source Key within the SetDataSources() method of AppMain.vb or program.cs. For a detailed description on the data source key, including what it does and how to set it, refer to the Setting the Security Data Source Key help topic.
      2. Security Data Source Key (Visual Basic)
      '-- Set the data source key for the security tables
SecurityBasics.SecurityDataSourceKey = ""
    2. Change Encryption Key - Change the encryption key to be used for user data using the following method call within the InitApplication() method.  For more information, refer to the Specifying the Encryption Key for User Data help topic.
      3. Encryption Key (Visual Basic)
      '-- Set the encryption key and vector for the user data
SecurityBasics.SetSecurityKeyAndVectorForUserAuthentication("MySecurityKey")
    3. Change Initial Usernames and Passwords - Custom users for administration and security maintenance are defined within the below code, found in the InitApplication() method. For security reasons, a custom dynamic password is recommended for each application.

      4. Note: These users will not appear to end-users within the Security Maintenance and cannot be configured outside of the below code assignments. 

      Custom Administrative Usernames and Passwords (Visual Basic)
      '-- Set the administrative and security maintenance usernames and passwords
SecurityBasics.AdministratorUserName = "Administrator"
SecurityBasics.AdministratorPassword = "admin" & DateTime.Now.Day.ToString() '-- set the admin password so that it changes from day to day
SecurityBasics.AdministratorUserPk = -1

SecurityBasics.SecurityMaintenanceUserName = "SecurityUser"
SecurityBasics.SecurityMaintenancePassword = "mySecurityUserPass1"
SecurityBasics.SecurityMaintenanceUserPk = -2
  4. Optional Customizations - The following configurations are optional, and may be changed from the listed defaults as desired to suit the needs of the application:
    1. Configure Session Locking - If session locking will not be used within the application, the following lines of code may be removed or commented out within the InitApplication() method.  If session locking will be used, they SessionLockKey may be changed.  This is only required if dynamic session locking will be used within your application.  For more information, refer to the Initializing Session Locking help topic.
      2. Session Locking (Visual Basic)
      '-- Start the session locking monitor & set the quick key to lock the application
SessionLock.StartSessionMonitoring()
SessionLock.SessionLockKey = Keys.F11
    2. Specify Default Security Settings - The default permission action, blocked message (using plain text or a message key), replacement character, and replacement regex are specified using the following assignments within the InitApplication() method.  These may be changed as desired.
      3. Security Settings (Visual Basic)
      '-- Set the default actions for security enabled objects within the application
SecurityBasics.DefaultPermissionInfo = New PermissionInfo(PermissionAction.Deny, _
    "Access Denied.", DeniedActions.Message)
SecurityBasics.DefaultPermissionAction = PermissionAction.Deny
SecurityBasics.DefaultBlockedMsg = "Access Denied."
'SecurityBasics.DefaultBlockedMsgKey = "AccessDeniedKey"
SecurityBasics.BlockedReplacementCharacter = "*"c
SecurityBasics.BlockedReplacementRegex = "[A-Za-z0-9@]"
    3. Allow Windows Authentication - By default, Windows authentication is disabled.  Windows authentication may be allowed by changing the follwoing assignment to True within the InitApplication() method.
      4. Windows Authentication (Visual Basic)
      '-- Determine whether to allow Windows authentication
SecurityBasics.AllowWindowsAuth = False