Silverlight 4 and security framework - security

I'm an experienced developer, but new to Silverlight, Prism, MVVM and all related stuff, and I have a need for a flexible approach regarding security in a new application I'm developing.
I have this security model implemented through a custom security framework I built for WinForms (actually Visual WebGui), but I need to get some guidelines on how to implement this for Silverlight or if there is something already built that I can use.
All modules implements two interfaces, ISecurableModule and ISecuredModule.
ISecurableModule is used to register modules with security repository.
ISecuredModule is used to enforce security.
In my Winforms app, at startup (actually after a new install, at first start), a module is started that through reflection inspect all assemblies, looking for modules implementing ISecurableModule interface. This interface reports if a module ce be started in Add Mode, Edit Mode, View Mode or None of them (e.g. a reporting module or data fetch / filter can be open only in View mode, as no data can be changed in it, but a data entry can be open only in Add, or in Add / Edit, or in View)
All this data is saved into security repository.
To define security rights, I can create security categories - that is, e.g. Inventory Operator, Inventory Supervisor, Payroll Operator, Payroll Supervisor, etc. For each category, I assign modules selected from security repository, with appropriate rights (e.g. for Inventory Operator I assign module Reception Inventory Operation or Transfer Inventory Operation with Add and View rights, and for Inventory Supervisor I assign all inventory modules with full rights)
Then I create Inventory Operator Role, and assign him the Inventory Operator Security category. I can assign several security categories to each role (because I can create security categories with a higher granularity - e.g. security category to manage own account or to manage group of users - which will be granted to supervisors, etc)
Then at runtime I have the concept of workplace (like shell in Prism) where I can load modules dynamically (really dynamically, I use ServiceLocator pattern to locate a component based on the interface it implements and then there is a controller for each class of module - modules implementing the same interface - which can use a enum field to identify which module to actually load for the time of data needed to process). The workplace controller uses a security provider which check the access rights for module to be loaded against the access rights for current user.
In my SL4 app I want to use MVVM pattern, and thus I want to have my views codeless and drive the whole functionality through ViewModel, ICommands and data binding. So I need some suggestions on how can I accomplish this sort of functionality I described into a SL4 app. I'm not particularly tied to Prism, so I will consider if there is another SL4 framework which can help me accomplish this goal.

You could try to protect the Silverlight application in many ways but in the end you cannot trust the client.
A couple of guidelines I use:
Protect the wire: use ssl to protect communication between SL and the back-end (perhaps even issue custom tokens to be able to invalidate a connection)
Do not rely on secrets in the Silverlight application (private keys, custom encryption methods, isolated storage) because they are easily broken
Put all important logic and security checks on the server.
Always check authorization when a receiving a (service)call; you never know who is calling unless you check.
I only use authorization on modules to reduce the download; if you are not authorized to use a module why download it?

Related

Granular control with WIX IIS website installation

I am authoring an installer that creates a new website and application pool. This installer is for internal use within several development environments which all have subtle differences. One may use only HTTP, another only HTTPS and one might use both. One might use the default ApplicationPoolIdentity identity where as another may use an explicit User reference.
Given the association of a WebAppPool is by ID through a WebApplication which must be nested under a WebSite, each time an option is desired on the installer, the breakout and duplication of features gets ridiculous.
I imagine I am not the first to encounter this, how does one accomplish this much flexibility within an installer?
The route I went with was creating a basic template within WIX using expected IDs, then used an immediate custom action scheduled before InstallValidate which manipulated the template entries to what ever degree was required. The properties used by the CA to make the decisions are stored in the registry for modify/patch/removal invocations.

Orchard Multi-Tenancy Setup/Configuration

I am starting to play with Orchard's multi-tenancy options to enable a single codebase to host dozens of websites (perhaps over a hundred in the future). The pieces I'm unclear on with this are:
Is it possible to call one or more API endpoints to dynamically create these sites from code on my end? Meaning, we have an existing codebase (non-Orchard) in .Net so what API(s) would I call to create these sites on the fly without having to login and do it manually?
In conjunction with #1, are there API(s) for us to create the individual users for the newly created sites that have a pre-configured set of minimal permissions (create content, deal with media, navigation) and blocking others (settings, user management, etc.)? Our client base for this process is not particularly computer savvy so limiting what they can break will go a long way in saving our support staff having to fix stuff they shouldn't be accessing to begin with.
Is there a way to handle SSO within these multi-tenant sites? The difficult part here would be our site relies on Session variables for access (it's a hybrid of classic ASP and .Net that I'm trying to modernize, but have to leave things like Session in for all the old stuff to work)? I'm guessing this would get into building a module, but know that's a rather advanced process so I'm trying to avoid it if possible.
Thanks in advance!
Yes, but Orchard doesn't easily integrate into existing applications. dotNest is an example of Orchard sites being created dynamically: http://dotnest.com/knowledge-base/topics/lombiq-hosting-suite
Yes. Users can be created from code, and you can assign them restricted permissions, the simplest way of doing it being to create a group with that permission set, and to put those users into that group. All of that can be done from code.
Just use oAuth like the rest of the world.
Just forget about integrating Orchard into an existing application. Especially classic ASP ;) Time to move on.

How can I automate adding members to a Domino Server?

The company I work for wants to host documents on Lotus Quickr for external vendors to view. The way it currently works is as follows: A project manager needs to retrieve the non-employee's information (name, contact info, job title, etc.), which is sent to the Lotus manager. The Lotus manager then needs to add the non-employee as a new member to the Domino server. Then the Lotus manager needs to send the login credentials to the non-employee. Lastly, the project manager needs to give the non-employee access to the relevant Quickr place.
Because this process is very slow, my manager wants to automate a portion of the process. Our ideal solution would be to build a webpage where the non-employee could fill out their information. The project manager could then look over the the non-employee's information and choose to approve, deny, or send back the information. If the information is approved, the user will automatically be added to the Domino server. Then, the project manager would add them to the Quickr place as usual. This alternative method would eliminate a few steps, a lot of time, and the non-employee's login credentials would only be known to the non-employee.
The problem is that we're not sure how to tackle this. Would it be possible to build an XPage that could be sent out publicly that could handle this? Or is there a similar solution that we could use? I am very new to Domino and Lotus, but I would be comfortable with learning any necessary APIs once I know where to begin. For reference, we are using IBM Notes and Domino Designer 9 Social Edition.
This is indeed possible. Take a look at the User Group application on OpenNTF. It includes functionality for users to register themself so that they can login afterwards.
Good luck with your project.
in addition to #stwissel's and #Thierry's answers:
you of course can build an Xpages based application through which an anonymous user could ask to be granted access to some quickr place. You'll have to keep in mind that most visitors aren't registered users for you Domino server so you need to treat them as anonymous. This could mean that for example resources like company logos or stylesheets used in you "anonymous" application forms need to be marked as available for public access users.
Then you'll have to decide how the application forms are passed on to the project manager; you could send the data using mail, which however might open up an unwanted gateway for spammers. Preferably you would store the applicants' data in a small database from which you project managers then pull all open applications.
The rest is simple and has already been layed out by #stwissel und #Thierry: use quickr's ability to maintain its own set of place-based "local" directories (btw. one of the real cool features of this otherwise dead product).
Speaking about the product: as #stwissel already pointed out this product is no longer maintained by IBM; looking at the long record of known problems quickr had with various browser updates (esp. MSIE), not to speak of future Domino server support allow me to recommend looking for an entirely different solution
http://www-10.lotus.com/ldd/lqwiki.nsf/m_Home.xsp?documentId=F26B114598D21516852577FB005171F4#mobileViewer
QuickR on Domino can allow member not in directory if option is enabled by admin. So no need to ask to lotus manager, project manager can create local member

Storing farm level data for a web component

I've built a SharePoint user control (not a web part) and am deploying it via Solutions, Features, etc.
It's a commercial component and I want to be able to store license information once it's registered. I've got all the licensing stuff down and working, however, I am trying to find a "global" (i.e. farm level) place to store the information (so it works on multi-server farms).
This is intended to be a commercial component so I have no control over security policies, application pool accounts, etc. I need it to work without admins needing to reconfigure their farms.
I've considered:
Web.config - best option so far, but have read that Windows UAC can interfere and changes may not always be applied.
Hierarchical Object Store - Several security gotchas - Namely app pool needs access to Config database (which many environments won't allow)
Root site property bag - Possible. I can update all the Root Sites Properties at the time of registration, but what happens when new web apps are created? User has to register component for each web app?
Registry, file system - Not persisted across servers
Custom DB - Seems like a lot of places for this to fail.
I know other commercial vendors are doing it somehow.
Any ideas?
Web.config - best option so far, but have read that Windows UAC can interfere and changes may not always be applied.
There are many many different opinions about putting your configuration stuff in web.config. Personally, i would NOT recommend it, because SharePoint is automatically pushing changes to it and you can't really control what's going on.
I've had similar requirements, but at a SiteCollection level. What i did was creating a simple custom list with 2 columns (Key, Value) at the root of my SiteCollection. Within my code, i hardcoded the name of the list and used elevated privileges (because i set the list permissions to admin-only) to access the values i needed.
You could basically do the same, but not at the root of the SiteCollection level, but in the Central Administration. This way, you can access the configuration list from anywhere within SharePoint.
Another idea would be setting up a simple configuration database and then use a custom web-service (which is deployed within SharePoint) to get it's values. However this adds quite a lot of overhead to such a "simple" task and will get you in a lot of trouble without proper exception handling/logging.

Security system design in MVC application

Which design approach can be used, already exists or new ones to implement security system in MVC web-application?
Possibly there are patterns, best practices, e.g. in some popular languages, e.g. Java, .Net or whatsoever?
On which level is it better to implement it: model or controller or something between them?
I faced that primitive approach results in spreading security checks among many controllers or models depending on implementation, mixing with code of levels.
But it is not obvious for me in which way to design security in better way.
I have an MVC application.
I need flexible system of access rights.
I have and hierarchy of categories and entities in categories.
Some user can edit/view/add/remove one on set of categories, another users - other categories.
It is also required that depending on user role some fields of model should not be retrieved from DB (null should be returned)
Admins should be able to assign different access rights.
You should be using .Net's built in member ship providers. By default a new MVC 3 Internet Application Visual Studio project template will give you basic login code. Clicking on the 'manage' your site button from within visual studio will give you the web interface to manage the users and roles. Create your users/roles, then define [Authorize(Roles="Admin,Users")] on your Controller class definition or on your method definitions. DO NOT define URL access as was done in Asp.Net Web Form applications as there are multiple URLs that could map to a single place. Use the Authorize attribute instead.
Also check my response here:
What features do I need to have before I open an ASP.Net app onto the internet?
In addition make sure you use Html.AntoForgeryToken in your views and [ValidateAntiForgeryToken] on your [HttpPost] controller methods (ie any methods you post back to)

Resources