1st step in role based security


Author
Message
yh
yh
StrataFrame Beginner (20 reputation)StrataFrame Beginner (20 reputation)StrataFrame Beginner (20 reputation)StrataFrame Beginner (20 reputation)StrataFrame Beginner (20 reputation)StrataFrame Beginner (20 reputation)StrataFrame Beginner (20 reputation)StrataFrame Beginner (20 reputation)StrataFrame Beginner (20 reputation)
Group: Forum Members
Posts: 10, Visits: 31

I am trying to make the most simple case (role based security) work.

 

  • one database strataFrame (everybody has this database when downloading strataframe),
  • Create one web site, then using the ‘Security Editor’ create one 1 record for this website: username=somebody , us_data=Test123  
  • In the global.asax, I specify the connection string to the database: strataFrame
  • Then in the default.aspx.vb, I use the following 3 lines code

             Dim loUserInfo As New MicroFour.StrataFrame.Security.BusinessObjects.SFSUsersBO   

             Dim loResult As MicroFour.StrataFrame.Security.Login.LoginResult     

             loResult = MicroFour.StrataFrame.Security.Login.AuthenticateUser("somebody ", " Test123", "nbs", loUserInfo)

 

 

Basically, the above is the whole test web site

 

And the loResult returns ‘failure’

 

 


yh
yh
StrataFrame Beginner (20 reputation)StrataFrame Beginner (20 reputation)StrataFrame Beginner (20 reputation)StrataFrame Beginner (20 reputation)StrataFrame Beginner (20 reputation)StrataFrame Beginner (20 reputation)StrataFrame Beginner (20 reputation)StrataFrame Beginner (20 reputation)StrataFrame Beginner (20 reputation)
Group: Forum Members
Posts: 10, Visits: 31
Answer is here:

Add the following line to the global.asax.

SecurityBasics.SetSecurityKeyAndVectorForUserAuthentication("")


yh
yh
StrataFrame Beginner (20 reputation)StrataFrame Beginner (20 reputation)StrataFrame Beginner (20 reputation)StrataFrame Beginner (20 reputation)StrataFrame Beginner (20 reputation)StrataFrame Beginner (20 reputation)StrataFrame Beginner (20 reputation)StrataFrame Beginner (20 reputation)StrataFrame Beginner (20 reputation)
Group: Forum Members
Posts: 10, Visits: 31
Is this kind of a bug?
StrataFrame Team
S
StrataFrame Developer (4.3K reputation)StrataFrame Developer (4.3K reputation)StrataFrame Developer (4.3K reputation)StrataFrame Developer (4.3K reputation)StrataFrame Developer (4.3K reputation)StrataFrame Developer (4.3K reputation)StrataFrame Developer (4.3K reputation)StrataFrame Developer (4.3K reputation)StrataFrame Developer (4.3K reputation)
Group: StrataFrame Developers
Posts: 3K, Visits: 2.5K
No, the us_Data field is encrypted with 3DES and uses a 24-byte key and an 8-byte initialization vector for the 3DES algorithm.  Rather than hard-coding the key within SF (so all SF developers would have to use the same key), we allow the key to be specified by the developer.  Within the Role-Based Security Editor, if you open the project properties, you will notice the "User Data Encryption" box that specifies the "Security Key:".  This value is used as the seed for the key and IV that are used by the 3DES to encrypt the data when you create or modify a user.  You then have to specify the value to tell your application how to decrypt the us_Data field for your users within the database.
yh
yh
StrataFrame Beginner (20 reputation)StrataFrame Beginner (20 reputation)StrataFrame Beginner (20 reputation)StrataFrame Beginner (20 reputation)StrataFrame Beginner (20 reputation)StrataFrame Beginner (20 reputation)StrataFrame Beginner (20 reputation)StrataFrame Beginner (20 reputation)StrataFrame Beginner (20 reputation)
Group: Forum Members
Posts: 10, Visits: 31

If user does not specify any value for the "Security Key:",   Should the decrypt  take a default value “” for the seed?

 

Anyway, it does not matter now.

StrataFrame Team
S
StrataFrame Developer (4.3K reputation)StrataFrame Developer (4.3K reputation)StrataFrame Developer (4.3K reputation)StrataFrame Developer (4.3K reputation)StrataFrame Developer (4.3K reputation)StrataFrame Developer (4.3K reputation)StrataFrame Developer (4.3K reputation)StrataFrame Developer (4.3K reputation)StrataFrame Developer (4.3K reputation)
Group: StrataFrame Developers
Posts: 3K, Visits: 2.5K
Since the key and IV are integral to the security of the application, we don't default those values, so it's "by design," as Microsoft would say Smile
Hugo R. Figueroa
Hugo R. Figueroa
StrataFrame User (163 reputation)StrataFrame User (163 reputation)StrataFrame User (163 reputation)StrataFrame User (163 reputation)StrataFrame User (163 reputation)StrataFrame User (163 reputation)StrataFrame User (163 reputation)StrataFrame User (163 reputation)StrataFrame User (163 reputation)
Group: StrataFrame Users
Posts: 81, Visits: 3.1K
For those of us that are very new to .net, could you add a web site example with security with your next release?

Thanks

Trent Taylor
Trent Taylor
StrataFrame Developer (10K reputation)StrataFrame Developer (10K reputation)StrataFrame Developer (10K reputation)StrataFrame Developer (10K reputation)StrataFrame Developer (10K reputation)StrataFrame Developer (10K reputation)StrataFrame Developer (10K reputation)StrataFrame Developer (10K reputation)StrataFrame Developer (10K reputation)
Group: StrataFrame Developers
Posts: 6.6K, Visits: 6.9K
It probably won't make it into the next update, but we can add it to the "requested samples" list.
GO

Merge Selected

Merge into selected topic...



Merge into merge target...



Merge into a specific topic ID...




Similar Topics

Reading This Topic

Login

Explore
Messages
Mentions
Search