|
| | | StrataFrame Beginner
Group: Forum Members
Last Login: 02/12/2007 8:30:30 AM
Posts: 10, Visits: 31 |
| I am trying to make the most simple case (role based security) work. - one database strataFrame (everybody has this database when downloading strataframe),
- Create one web site, then using the ‘Security Editor’ create one 1 record for this website: username=somebody , us_data=Test123
- In the global.asax, I specify the connection string to the database: strataFrame
- Then in the default.aspx.vb, I use the following 3 lines code
Dim loUserInfo As New MicroFour.StrataFrame.Security.BusinessObjects.SFSUsersBO Dim loResult As MicroFour.StrataFrame.Security.Login.LoginResult loResult = MicroFour.StrataFrame.Security.Login.AuthenticateUser("somebody ", " Test123", "nbs", loUserInfo) Basically, the above is the whole test web site And the loResult returns ‘failure’ |
| |
| | | StrataFrame Beginner
Group: Forum Members
Last Login: 02/12/2007 8:30:30 AM
Posts: 10, Visits: 31 |
| | Answer is here: Add the following line to the global.asax. SecurityBasics.SetSecurityKeyAndVectorForUserAuthentication( "") |
| |
| | | StrataFrame Beginner
Group: Forum Members
Last Login: 02/12/2007 8:30:30 AM
Posts: 10, Visits: 31 |
| | |
| | | 
StrataFrame Developer
Group: StrataFrame Developers
Last Login: 08/01/2008 8:53:41 AM
Posts: 2,671, Visits: 1,879 |
| No, the us_Data field is encrypted with 3DES and uses a 24-byte key and an 8-byte initialization vector for the 3DES algorithm. Rather than hard-coding the key within SF (so all SF developers would have to use the same key), we allow the key to be specified by the developer. Within the Role-Based Security Editor, if you open the project properties, you will notice the "User Data Encryption" box that specifies the "Security Key:". This value is used as the seed for the key and IV that are used by the 3DES to encrypt the data when you create or modify a user. You then have to specify the value to tell your application how to decrypt the us_Data field for your users within the database.
www.bungie.net |
| |
| | | StrataFrame Beginner
Group: Forum Members
Last Login: 02/12/2007 8:30:30 AM
Posts: 10, Visits: 31 |
| If user does not specify any value for the "Security Key:", Should the decrypt take a default value “” for the seed? Anyway, it does not matter now. |
| |
| | |
StrataFrame Developer
Group: StrataFrame Developers
Last Login: 08/01/2008 8:53:41 AM
Posts: 2,671, Visits: 1,879 |
| Since the key and IV are integral to the security of the application, we don't default those values, so it's "by design," as Microsoft would say 
www.bungie.net |
| |
| | | StrataFrame Beginner
Group: StrataFrame Users
Last Login: 2 days ago @ 7:23:34 PM
Posts: 42, Visits: 969 |
| | For those of us that are very new to .net, could you add a web site example with security with your next release? Thanks |
| |
| | | 
StrataFrame Developer
Group: StrataFrame Developers
Last Login: Yesterday @ 10:49:29 PM
Posts: 4,379, Visits: 4,412 |
| | It probably won't make it into the next update, but we can add it to the "requested samples" list. |
| |
|
|