Entering Configuration Information
Retired Content |
---|
This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This page may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist. |
The latest Enterprise Library information can be found at the Enterprise Library site. |
These procedures explain how to configure the Security Application Block. Properties associated with the nodes appear in the right pane of the Configuration Console or the Properties window of the Visual Studio Configuration Editor.
For details of the schema for the Security Application Block configuration, see Source Schema for the Security Application Block.
To add the Security Application Block
- Open the configuration file. For more information, see Configuring Enterprise Library.
- Right-click Application Configuration, point to New, and then click Security Application Block.
- (Optional) In the properties pane, set the DefaultAuthorizationInstance property. This is the authorization instance to use if none is specified in the code. The default is None.
- (Optional) In the properties pane, set the DefaultSecurityCacheInstance property. This is the security caching instance to use if none is specified in the code. The default is None.
- Right-click the Authorization node, point to New, and then click Authorization Rule Provider, AzMan Provider, or Custom Authorization Provider.
Note
The AzMan Provider is available only if you have installed the required prerequisites, including the assembly Microsoft.Interop.Security.AzRoles.dll. For more information about installing the AzMan provider, see Building Enterprise Library from the Source Code.
After you add the Security Application Block to the application configuration, you need to configure some or all of the following elements:
- AzMan Provider
- Custom Authorization Provider
- Authorization Rules
- Authorization Rule Provider
- Security Cache
- Caching Store Provider
- Custom Cache Provider
AzMan Provider
The next procedure describes how to configure the AzMan Provider.
To configure an AzMan Provider
- (Optional) In the properties pane, enter the Application name. The default is Application.
- Enter the AuditIdentifierPrefix. This is a prefix that precedes the audit identifier. The form is prefixusername:operation. The default prefix is AzManAuthorization Provider.
- Enter the Name for the provider. The default is AzMan Provider.
- (Optional) Enter the Scope. Using scopes, you can have different authorization settings for different parts of your application.
- Enter the StoreLocation. This is the location of the authorization store. It can be either an XML file or a part of Active Directory. The default location for an XML file is msxml://c:/myAuthStore.xml. The default for Active Directory is msldap://myserver/CN=MyStore,OU=AzMan,DC=MyDomain,DC=Com.
Custom Authorization Provider
The next procedure describes how to configure the Custom Authorization Provider.
To configure a Custom Authorization Provider
- In the properties pane, click the Attributes property and then click the ellipsis button (****…) to open the EditableKeyValue Collection Editor dialog box.
- In the EditableKeyValue Collection Editor dialog box, click Add to add a new name/value pair.
- In the right pane of the EditableKeyValue Collection Editor dialog box, enter the key name and the value of the property.
- Add more name/value pairs as appropriate, and then click OK.
- In the Name property section located in the properties pane, change the name of the authorization provider. The default name is Custom Authorization Provider.
- In the properties pane, click the Type property.
- Click the ellipsis button (****…) in the Type property section of the right pane. If the type you want is not included in the Assemblies folder, click Load Assembly in the Type Selector to find the assembly that contains the type you want.
Configuring Authorization Rules
If you are using the Authorization Rule Provider, you must enter the authorization rule(s). An authorization rule specifies the circumstances under which a user is authorized to perform some task. The expression must be a string with a Boolean predicate. The configuration tools include a Rule Expression Editor you can use to create the rule. With the editor, you can enter identities, roles, and Boolean operators.
Valid identities are the following:
- Specific (for example, "Bob")
- Anonymous (symbolized as "?")
- Any (symbolized as "*")
Valid roles are the following:
- Specific (for example, "Managers")
- Any (symbolized as "*")
Valid operators are the following:
- AND
- OR
- NOT
- (
- )
These identities, roles, and operators are combined in rules, which can be simple or complex. Examples of rules include the following:
- I: Bob. This rule indicates that only a user with the identity Bob is authorized.
- ((R:HumanResources OR R:GeneralManagers) AND (NOT R:HRSpecialist)). This rule indicates that only users that are in either the HumanResources or GeneralManagers roles and are not in the HRSpecialist role are authorized.
The Rule Expression Editor also includes a feature to test whether users with particular roles or identities are authorized using the rule you have specified. This can be useful to help confirm that you have phrased the rule correctly. To use this feature, enter the role and/or identity you want to test against the rule, and then click the Test button. The Expression Editor will display Authorized, Not Authorized, or an error message that indicates that the rule is not correctly defined.
Authorization Rule Provider
The following procedure shows how to configure the Authorization Rule Provider.
To configure the Authorization Rule Provider
- Click the Rule Provider node.
- (Optional) In the properties pane, change the name of the node. The default name is Rule Provider.
- To add a rule, right-click the Rule Provider node, point to New, and then click Rule.
- In the properties pane, click the Expression property.
- Click the ellipsis button (****…). Use the Rule Expression Editor to enter the authorization rule.
- (Optional) In the properties pane, change the name of the rule. The default name is Rule.
Security Cache
You can use a security cache to store security-related information. The following procedure describes how to configure the security cache.
To select the security cache
- Right-click the Security Cache node, point to New, click either Caching Store Provider or Custom Store Provider. The caching store provider uses the Caching Application Block as the security cache.
- If you selected the Caching Store Provider, the Caching Application Block is added automatically. For more information, see The Caching Application Block documentation.
Caching Store Provider
The next procedure describes how to configure the caching store provider.
To configure the caching store provider
- Set the Absolute Expiration property. This is the amount of time it takes for an item that is added to the cache to expire. The unit of time is minutes. The default is 60.
- Set the CacheManager property. This is the name of the Cache Manager to use, as defined in the Caching Application Block configuration. Select one from the drop-down list. The default is Cache Manager.
- (Optional) Change the Name property. This is the name of the node. The default is CachingStoreProvider.
- Set the SlidingExpiration property. This is the interval between the time an item in the cache was last accessed and when it expires. The unit of time is minutes. The default is 10.
Custom Cache Provider
The next procedure describes how to configure the Custom Cache Provider.
To configure the Custom Cache Provider
- (Optional) Select the Attributes property in the properties pane, then click the ellipsis button (****…).
- In the EditableKeyValue Collection Editor dialog box, click Add to add a new name/value pair.
- In the right pane of the EditableKeyValue Collection Editor dialog box, enter the key name and the value of the property.
- Add more name/value pairs as appropriate, and then click OK.
- (Optional) Change the Name property. The default name is Custom Cache Provider.
- Click the Type property. Click the ellipsis button (****…). If the type you want is not included in the Assemblies folder, click Load Assembly in the Type Selector to find the assembly that contains the type you want to use.