Documente Academic
Documente Profesional
Documente Cultură
Table of Contents
Connected Systems: Security................................................................................................................... 3
Exercise 1 Using the GeneriCo implementation .................................................................................................4
Exercise 2 A first look at the code behind GeneriCo ..........................................................................................7
Exercise 3 Employee Login.................................................................................................................................9
Exercise 4 Active Directory Integration............................................................................................................13
Scenario
Estimated time to
complete this lab: 60
minutes
This lab examines two systems in GeneriCo: the employee portal, which is a
web application accessed via a browser, and the security service, which is an
XML web service used to authenticate and authorize users as they use various
systems in GeneriCo, including the employee portal. We start by giving you a
brief introduction to the portal application, in case youve not used it before.
Then we show the basic structure of GeneriCos source code, so you can more
easily navigate this highly factored implementation. After the introductions, we
walk through the login process from the employee portal presentation layer all
the way through to the Active Directory integration in the security service.
Along the way, youll learn about some of the tradeoffs that must be made
when building a platform-neutral system like GeneriCo, and some of the
benefits youll get by integrating more fully with Windows.
Exercise 1
Using the GeneriCo implementation
Scenario
In this part of the lab, you walk through using parts of the GeneriCo Blueprints implementation to
gain familiarity with its functionality from a client's perspective. If you already feel comfortable
with the functionality of the application, you may elect to skip to part 2.
Tasks
1.
Detailed steps
a.
d. Click Login.
a.
Note: this is main page an employee would use in the portal its
customizable via Web parts. Many of the links on this page are not
functional.
b. Click the Department Listing link at the bottom of the page.
c.
Click the Employees tab to see a list of employees (this should contain
the same information you saw in the HR application).
3.
e.
f.
a.
b. Enter a Subject and Date to fill in the form with a new task.
c.
Click Submit.
Note: when other employees interact with the portal, tasks can be
automatically created for other users (e.g., when something needs
approval, etc.).
Now lets walk through a more involved workflow scenario, requiring
logging in and out as different users. The following steps will walk you
through submitting and approving an expense report.
4.
a.
Total.
e.
f.
g.
5.
Log out.
a.
7.
a.
Click Login.
a.
Click the Staff Reports link under the Expense Reports field.
8.
Log out.
c.
a.
Note: now that the manager has approved the expense report, accounting
needs to authorize the expense report for payment.
9.
report.
a.
a.
a.
Note: now that accounting has approved the expense report, it should be
paid.
12. Log back in as Earl12 to
a.
Click Login.
b. Verify that the report has been paid by looking in My Reports under
Status.
c.
Exercise 2
A first look at the code behind GeneriCo
Scenario
In this exercise, we will see how the layers of a solution work together by examining the structure
of that solution.
Tasks
Detailed steps
1.
a.
Click the folder icon on the quick launch bar. This just launches an
Explorer window and drills into to the directory shown below. This
will be the base source code directory where youll be working:
C:\Documents and Settings\Administrator\My
Documents\Visual Studio Projects\GeneriCo
b. Open the EmployeePortal subdirectory and double-click
GeneriCo.EmployeePortal.sln to open the solution in Visual Studio.
2.
a.
Collapse all the projects in the Solution Explorer and youll be able to
see the overall structure of the solution, as shown here:
Besides the UnitTests and setup folders, notice the three layers that make
up this project: Presentation, Business and Model. Other projects will also
have a data layer (this particular example does not because it relies on a
set of XML Web Services instead of a data store).
Since this project exposes a user interface (in this case an ASP.NET web
application), there is a Presentation layer. In a service, youll see this
replaced by a Service layer instead.
3.
Business
BusinessLayer
Layer
Presentation
Presentation
or
orService
ServiceLayer
Layer
Data
DataLayer
Layer
Model
ModelLayer
Layer
Exercise 3
Employee Login
Scenario
When an employee logs into the portal application, she is asked for a username and password. The
portal takes this information and submits it to the security system via a web service request. In the
BusinessLayer project, we will open up the SecurityLogic.cs file and look at the code for the Login
method.
Tasks
1.
Detailed steps
a.
The first section of code instantiates an object that represents the message
(AuthenticateRequest) and fills it out with the name and password provided
by the user. This is merely a formality to satisfy the GeneriCo specification.
The interesting part is really the attachment of a UsernameToken to the
message, which is the next bit of code, just inside the try block.
The UsernameToken is part of the Web Service Enhancements (WSE)
package that implements WS-Security, and its use with the web service
request causes an extra header to be added to the request which contains
the user name and password.
This header can then be validated by some plumbing in the service
implementation, which leads to an aspect-based solution for authentication
and authorization in the server. Well explore that shortly.
2.
3.
10
a.
Note that in order to call this method, the Presentation layer needs to know
the employee ID and authToken.
Once again, youll see a UsernameToken being constructed, but note that
this time the user name that is sent is the employee ID, and the password
becomes the authToken.
The pattern for using the security system is as follows: login and get a
session started, then with each subsequent call, identify and authenticate
yourself by proving knowledge of the authToken associated with the logon
session.
5.
One obvious attack against this system is to try to guess the authToken.
This would mean you could use the security system without knowing a valid
user name or password just create a UsernameToken with the desired
employee ID and the authToken you guessed.
As you can see, using a monotonically increasing counter (an integer, say)
for the token would be a very bad idea indeed!
To mitigate this threat, the GeneriCo implementation uses a GUID for the
AuthToken, and GUIDs are generated using the default cryptographic
random number generator built into Windows. GUIDs are 128 bits long, so
guessing the authToken is not feasible.
Pay attention to this issue in your own systems!
6.
a.
d. Collapse all the projects like before so you can get a feel for the layout
of the solution.
Since this is a web service implementation, youll see a ServiceLayer
project instead of a PresentationLayer.
Note the addition of a DataLayer along with a few helper projects for
dealing with Active Directory, where the Data layer stores its state.
7.
a.
In the Solution Explorer, expand the ServiceLayer node and rightclick on AuthenticateService.asmx and select View Code.
The first method on the AuthenticateService class is the one that we saw
being called earlier: Authenticate.
11
The somewhat surprising answer is that its not really validated anywhere
in the Authenticate method.
In fact, the password was validated before this method was even called!
Since the caller sent the user name and password in a WS-Security header,
some plumbing in WSE automatically validates the token before the web
service method is called. If the validation fails, the web service method is
not called at all.
Note: This is an example of a pattern that is really useful for security: it
should be as transparent as possible to application developers. By pushing
the security checks into the plumbing, an application developer doesnt
need to remember to call a method to check authentication or
authorization. Thats already been done before the call even reaches the
developers code. And if any of these security checks fail, the developers
code is never called the request is aborted right there in the plumbing.
The figure below shows this aspect-based architecture:
Web Service
Request
WSE
WSEPlumbing
Plumbing
Service
Servicecode
code
Custom
CustomUsername
Username
Token
TokenManager
Manager
9.
WSE provides built-in plumbing that can authenticate users with real
Windows accounts.
But GeneriCo has its own security system, as the spec it was based on
doesnt assume any particular platform. This means that GeneriCo must
wire up a little bit of custom plumbing
a.
In the Solution Explorer, under the ServiceLayer node and doubleclick the Web.config file.
token manager.
a.
12
It turns out that GeneriCo does indeed use Windows accounts to manage its
users. In fact, it uses an extension of the Active Directory schema to model
the employee database.
But when users log in, they dont specify a full domain account name,
rather they just specify their simple user names (Howard13, for example).
This custom plumbing looks up the domain name from the configuration
file, combines it with the users name, and then lets the existing WSE
plumbing check the login (note the call to base.AuthenticateToken).
validation.
You can see how the authToken is verified the state is simply stored in the
web services application state.
Note: One thing that is not addressed by the GeneriCo spec (or this
implementation) is logout, but this is important in real systems. Given the
way GeneriCo is implemented here, an obvious approach would be to
timeout the login after a certain amount of idle time.
13. Find where the authToken is
originally generated.
a.
Note that all this does is generate a new GUID, stringize it, add it to the
application state as a valid login identifier, and return its value to the
caller.
13
Exercise 4
Active Directory Integration
Scenario
Finally, we will examine the configuration of Active Directory to see how GeneriCo manages users
and roles. We will also consider how this configuration achieves efficiency, and how it might be
improved for other situation.
Tasks
1.
Detailed steps
a.
2.
a.
In the Solution Explorer, expand the PresentationLayer node, rightclick ExpenseReportsControl.ascx and click View Code.
Youll see a call into the Business layer SecurityLogic class to a method
called CheckAuthorization.
This helps the Presentation layer decide whether to show staffers reports or
only personal reports.
3.
a.
b.
Note the first two arguments allow the caller to provide the employee ID
and authToken, which are used to authenticate with the security system.
The third argument is an identifier for the role were checking.
As usual, we see a request message being filled out, a UsernameToken
being attached to the request, and a call to the web service.
Theres really no logic here.
4.
a.
d. Expand the region entitled UserInfo WS Logic Methods and find the
CheckAuthorization method.
14
5.
The business logic has one line of code that delegates to the Data layer, so
drill into the DataLayer project.
a.
Here youll see several calls that simply validate the input (which is always
good for security), followed by a couple of calls that lookup the user and
role objects in Active Directory.
Finally, the code checks to see if the role objects member property
contains the distinguished name of the user in question.
As you can see, the employee database is actually stored in Active
Directory.
6.
7.
Consider performance
improvements.
There are other ways of augmenting Active Directory that can give
markedly improved performance.
For example, you may prefer to keep all of your data in SQL Server,
including user data.
You can then use Microsoft Identity Integration Server (MIIS) to
synchronize your SQL Server database with the data in Active Directory.
Having access to directory data from SQL Server allows you to do
sophisticated queries, JOINs, and stored procedures, and can significantly
improve the performance of your solution.
Keep this in mind when building your own systems.
8.
15
In the SecuritySystem solution youll see three projects that help implement
custom schema extensions: ADSchemaGenerator, ADObjectGenerator, and
ADReader.
The first adds the schema classes and attributes to store the user, role, and
system data in the directory.
The second generates instances of these classes (roles like the HR
Representative, and test employees like Howard13).
The third (ADReader) simply prints out the instances; its more of a
diagnostic tool than anything else.
If youre interested in learning how to extend the Active Directory schema,
these would be useful projects to spend some time exploring.