Develop Enterprise applications using reusable software components of Microsoft Enterprise Library 5.0
- Develop Enterprise Applications using the Enterprise Library Application Blocks
- Set up the initial infrastructure configuration of the Application Blocks using the configuration editor
- A step-by-step tutorial to gradually configure each Application Block and implement its functions to develop the required Enterprise Application
The first step is the process of validating an identity against a store (Active Directory, Database, and so on); this is commonly called as Authentication. The second step is the process of verifying whether the validated identity is allowed to perform certain actions; this is commonly known Authorization. These two security mechanisms take care of allowing only known identities to access the application and perform their respective actions. Although, with the advent of new tools and technologies, it is not difficult to safeguard the application, utilizing these authentication and authorization mechanisms and implementing security correctly across different types of applications, or across different layers and in a consistent manner is pretty challenging for developers. Also, while security is an important factor, it’s of no use if the application’s performance is dismal. So, a good design should also consider performance and cache the outcome of authentication and authorization for repeated use.
The Security Application Block provides a very simple and consistent way to implement authorization and credential caching functionality in our applications. Authorization doesn’t belong to one particular layer; it is a best practice to authorize user action not only in the UI layer but also in the business logic layer. As Enterprise Library application blocks are layer-agnostic, we can leverage the same authorization rules and expect the same outcome across different layers bringing consistency. Authorization of user actions can be performed using an Authorization Provider; the block provides Authorization Rule Provider or AzMan Authorization Provider; it also provides the flexibility of implementing a custom authorization provider. Caching of security credentials is provided by the SecurityCacheProvider by leveraging the Caching Application Block and a custom caching provider can also be implemented using extension points. Both Authorization and Security cache providers are configured in the configuration file; this allows changing of provider any time without re-compilation.
The following are the key features of the Security block:
- The Security Application Block provides a simple and consistent API to implement authorization.
- It abstracts the application code from security providers through configuration.
- It provides the Authorization Rule Provider to store rules in a configuration file and Windows Authorization Manager (AzMan) Authorization Provider to authorize against Active Directory, XML file, or database.
- Flexibility to implement custom Authorization Providers.
- It provides token generation and caching of authenticated IIdentity, IPrincipal and Profile objects.
- It provides User identity cache management, which improves performance while repeatedly authenticating users using cached security credentials.
- Flexibility to extend and implement custom Security Cache Providers.
Developing an application
We will explore each individual Security block feature and along the way we will understand the concepts behind the individual elements. This will help us to get up to speed with the basics. To get started, we will do the following:
- Reference the Validation block assemblies
- Add the required Namespaces
- Set up the initial configuration
To complement the concepts and allow you to gain quick hands-on experience of different features of the Security Application Block, we have created a sample web application project with three additional projects, DataProvider, BusinessLayer, and BusinessEntities, to demonstrate the features. The application leverages SQL Membership, Role, and Profile provider for authentication, role management, and profiling needs. Before running the web application you will have to run the database generation script provided in the DBScript folder of the solution, and update the connection string in web.config appropriately. You might have to open the solution in “Administrator” mode based on your development environment. Also, create an application pool with an identity that has the required privileges to access the development SQL Server database, and map the application pool to the website. A screenshot of the sample application is shown as follows:
(Move the mouse over the image to enlarge.)
Referencing required/optional assemblies
For the purposes of this demonstration we will be referencing non-strong-named assemblies but based on individual requirements Microsoft strong-named assemblies, or a modified set of custom assemblies can be referenced as well. The list of Enterprise Library assemblies that are required to leverage the Security Application Block functionality is given next. A few assemblies are optional based on the Authorization Provider and cache storage mechanism used. Use the Microsoft strong-named, or the non-strong-named, or a modified set of custom assemblies based on your referencing needs.
The following table lists the required/optional assemblies:
AssemblyRequired/OptionalMicrosoft.Practices.EnterpriseLibrary.Common.dllRequiredMicrosoft.Practices.ServiceLocation.dllRequiredMicrosoft.Practices. Unity.dllRequiredMicrosoft.Practices. Unity.Interception.dllRequiredMicrosoft.Practices.Unity.Configuration.dll
Useful while utilizing Unity configuration classes in our code
Used for Windows Authorization Manager Provider
Used for caching the User identity
Used for caching in Database Cache Storage
Open Visual Studio 2008/2010 and create a new ASP.NET Web Application Project by selecting File | New | Project | ASP.NET Web Application; provide the appropriate name for the solution and the desired project location. Currently, the application will have a default web form and assembly references. In the Solution Explorer, right-click on the References section and click on Add Reference and go to the Browse tab. Next, navigate to the Enterprise Library 5.0 installation location; the default install location is %Program Files%Microsoft Enterprise Library 5.0Bin. Now select all the assemblies listed in the previous table, excluding the AzMan-related assembly (Microsoft.Practices.EnterpriseLibrary.Security.AzMan.dll).
The final assembly selection will look similar to the following screenshot: