1st step in role based security


1st step in role based security
View
Options
Author
Message
yh
yh
yh
posted 17 Years Ago
StrataFrame Beginner (20 reputation)StrataFrame Beginner (20 reputation)StrataFrame Beginner (20 reputation)StrataFrame Beginner (20 reputation)StrataFrame Beginner (20 reputation)StrataFrame Beginner (20 reputation)StrataFrame Beginner (20 reputation)StrataFrame Beginner (20 reputation)StrataFrame Beginner (20 reputation)
Group: Forum Members
Posts: 10, Visits: 31

I am trying to make the most simple case (role based security) work.

 

  • one database strataFrame (everybody has this database when downloading strataframe),
  • Create one web site, then using the ‘Security Editor’ create one 1 record for this website: username=somebody , us_data=Test123  
  • In the global.asax, I specify the connection string to the database: strataFrame
  • Then in the default.aspx.vb, I use the following 3 lines code

             Dim loUserInfo As New MicroFour.StrataFrame.Security.BusinessObjects.SFSUsersBO   

             Dim loResult As MicroFour.StrataFrame.Security.Login.LoginResult     

             loResult = MicroFour.StrataFrame.Security.Login.AuthenticateUser("somebody ", " Test123", "nbs", loUserInfo)

 

 

Basically, the above is the whole test web site

 

And the loResult returns ‘failure’

 

 
Reply Like 0
yh
yh
yh
posted 17 Years Ago
StrataFrame Beginner (20 reputation)StrataFrame Beginner (20 reputation)StrataFrame Beginner (20 reputation)StrataFrame Beginner (20 reputation)StrataFrame Beginner (20 reputation)StrataFrame Beginner (20 reputation)StrataFrame Beginner (20 reputation)StrataFrame Beginner (20 reputation)StrataFrame Beginner (20 reputation)
Group: Forum Members
Posts: 10, Visits: 31
Answer is here:

Add the following line to the global.asax.

SecurityBasics.SetSecurityKeyAndVectorForUserAuthentication("")
Reply Like 0
yh
yh
yh
posted 17 Years Ago
StrataFrame Beginner (20 reputation)StrataFrame Beginner (20 reputation)StrataFrame Beginner (20 reputation)StrataFrame Beginner (20 reputation)StrataFrame Beginner (20 reputation)StrataFrame Beginner (20 reputation)StrataFrame Beginner (20 reputation)StrataFrame Beginner (20 reputation)StrataFrame Beginner (20 reputation)
Group: Forum Members
Posts: 10, Visits: 31
Is this kind of a bug?
Reply Like 0
StrataFrame Team
S
StrataFrame Team
posted 17 Years Ago
StrataFrame Developer (4.3K reputation)StrataFrame Developer (4.3K reputation)StrataFrame Developer (4.3K reputation)StrataFrame Developer (4.3K reputation)StrataFrame Developer (4.3K reputation)StrataFrame Developer (4.3K reputation)StrataFrame Developer (4.3K reputation)StrataFrame Developer (4.3K reputation)StrataFrame Developer (4.3K reputation)
Group: StrataFrame Developers
Posts: 3K, Visits: 2.5K
No, the us_Data field is encrypted with 3DES and uses a 24-byte key and an 8-byte initialization vector for the 3DES algorithm.  Rather than hard-coding the key within SF (so all SF developers would have to use the same key), we allow the key to be specified by the developer.  Within the Role-Based Security Editor, if you open the project properties, you will notice the "User Data Encryption" box that specifies the "Security Key:".  This value is used as the seed for the key and IV that are used by the 3DES to encrypt the data when you create or modify a user.  You then have to specify the value to tell your application how to decrypt the us_Data field for your users within the database.
Reply Like 0
yh
yh
yh
posted 17 Years Ago
StrataFrame Beginner (20 reputation)StrataFrame Beginner (20 reputation)StrataFrame Beginner (20 reputation)StrataFrame Beginner (20 reputation)StrataFrame Beginner (20 reputation)StrataFrame Beginner (20 reputation)StrataFrame Beginner (20 reputation)StrataFrame Beginner (20 reputation)StrataFrame Beginner (20 reputation)
Group: Forum Members
Posts: 10, Visits: 31

If user does not specify any value for the "Security Key:",   Should the decrypt  take a default value “” for the seed?

 

Anyway, it does not matter now.

Reply Like 0
StrataFrame Team
S
StrataFrame Team
posted 17 Years Ago
StrataFrame Developer (4.3K reputation)StrataFrame Developer (4.3K reputation)StrataFrame Developer (4.3K reputation)StrataFrame Developer (4.3K reputation)StrataFrame Developer (4.3K reputation)StrataFrame Developer (4.3K reputation)StrataFrame Developer (4.3K reputation)StrataFrame Developer (4.3K reputation)StrataFrame Developer (4.3K reputation)
Group: StrataFrame Developers
Posts: 3K, Visits: 2.5K
Since the key and IV are integral to the security of the application, we don't default those values, so it's "by design," as Microsoft would say Smile
Reply Like 0
Hugo R. Figueroa
Hugo R. Figueroa
Hugo R. Figueroa
posted 17 Years Ago
StrataFrame User (163 reputation)StrataFrame User (163 reputation)StrataFrame User (163 reputation)StrataFrame User (163 reputation)StrataFrame User (163 reputation)StrataFrame User (163 reputation)StrataFrame User (163 reputation)StrataFrame User (163 reputation)StrataFrame User (163 reputation)
Group: StrataFrame Users
Posts: 81, Visits: 3.1K
For those of us that are very new to .net, could you add a web site example with security with your next release?

Thanks

Reply Like 0
Trent Taylor
Trent Taylor
Trent Taylor
posted 17 Years Ago
StrataFrame Developer (10K reputation)StrataFrame Developer (10K reputation)StrataFrame Developer (10K reputation)StrataFrame Developer (10K reputation)StrataFrame Developer (10K reputation)StrataFrame Developer (10K reputation)StrataFrame Developer (10K reputation)StrataFrame Developer (10K reputation)StrataFrame Developer (10K reputation)
Group: StrataFrame Developers
Posts: 6.6K, Visits: 6.9K
It probably won't make it into the next update, but we can add it to the "requested samples" list.
Reply Like 0
GO

Merge Selected

Merge into selected topic...



Merge into merge target...



Merge into a specific topic ID...



Submit

Similar Topics

Post Quoted Reply
Reading This Topic

Powered by InstantForum 2017-1 Final © 2024
Execution: 0.000. 3 queries. Compression Enabled.

Login

Explore
Messages
Mentions
Search