After wrestling all week with the update for SF, I finally posted my application code to the server (click-once deployment). Users today are telling me that they have access to everything in my secured application...all menus and all forms. RBS does not seem to be engaged. Not good.

Bill, I haven't rolled out 1.70 to my customers but the security is working when I run the application on my development PC. Is the security failing on your development system?

I am integrating AD with RBS in SF. Since I am both a network admin as well as set as a system admin in the RBS, I am unable to tell when debugging. It was brought to my attention after I had released the update. Never expected a problem with security. And, it is a sticky one, too.

Bill,



I don't think that this one is on us. We have been doing this for quite some time now and we too have rolled this out into the field. I think that there is something else going on within your code. If you are using AD for authentication, this definitely cannot be SF as we don't do the authentication at this point. This is all pass-through. The only thing handled by SF when authenticating off of AD is that once you authenticate, then we use the user name to associated permissions, etc. to the user.



More information is definitely needed on this one.

Let's say I had a problem with assemblies not matching (and, I did). In what way could the security subsystem be changed so that it is not actually working? When my assemblies were messed up, some controls were overwritten. Perhaps, something was changed in security somewhere. Is there any place that I could look to determine why the security is not working. The app works fine...it is as if everyone has access to everything despite the fact that I have this code in my program.cs:

Well, the first thing I would do is to log in with an SF user using standard authentication to see if you have the same results. Next, I would take a single user, verify the permissions, etc. and immediately after logging in, I would write a little test and verify that the user's permissions were granted and denied appropriately.



If this works, then I would back up one step and try it for an AD authentication and go through the same process.



So let's work from the most granular level first by looking at permissions for a particular user to ensure that they are pulled (and stored) int he DB properly.

An SF user using standard authentication has full access. The user has only accounting access. For some reason, the permissions are not being read properly. It is as if the default for all roles/permissions is 'granted'. I will write something to review the user's privileges.

Each role that I cycle through for the SF user after authenticating is coming back as Granted, although only one, Accounting, has been allowed for that user. All roles should be denied expect the accounting role/permission. Why would that be happening?

Here is what I did in the InitApplication method:



SecurityBasics.DefaultPermissionAction = PermissionAction.Deny;

//SecurityBasics.DefaultPermissionInfo = new PermissionInfo(PermissionAction.Deny);



The code that I added sets the default action. The application works, now. The code I commented out *did* work before the update.



Why this new code works? I dunno.

Hi Bill,



This is what I have in my AppMain.vb InitApplication()





If this is an old application, try creating a new SF project and compare the code in the program.cs with yours, probably something may have changed before.

Edhy Rijo