PortSight Secure Access Enterprise Edition - .NET Component - V2.3 (for .NET Framework 1.x)

Descrizione generale | Prezzi e licenze | Valutazioni e download | Compatibilità | Dati autori | Recensioni | Forum | Sommario

Ti preghiamo di notare che le informazioni su questi prodotti non sono disponibili in italiano.
Secure your WinForms, WebForms and Web Services and integrate them with Active Directory. PortSight Secure Access for .NET allows you to manage users and their access to WinForms and WebForms applications, Web Services and Web content. It features user roles, permissions, audit trail, delegation and import from Active Directory. It’s delivered with an easy-to-use Web Interface and re-usable ASP.NET and WinForms controls that make it easy to integrate security into your application.

Recensione media:   basata su: 1 recensione.

I nostri prezzi standard sono indicati sotto. Accedi per vedere i tuoi prezzi scontati.

PortSight Secure Access Enterprise Edition V2.3 (for .NET Framework 1.x)

I nostri prezzi comprendono l'assistenza tecnica ComponentSource e, per la maggior parte dei prodotti scaricabili, una copia di riserva online e un aggiornamento GRATUITO alla nuova versione, se questa viene lanciata entro 30 giorni dall'acquisto.  Tutte le vendite sono soggette ai nostri termini e condizioni standard ed alla nostra politica di rimborso.  Contattaci se necessiti di un'opzione di licenza non elencata sopra, comprese licenze multiple e versioni precedenti.

I nostri prezzi standard sono indicati sopra. Accedi per vedere i tuoi prezzi scontati.

What's New in V2.3

• ARHelper class has a public constructor
• For the following assemblies was COM Interop created:
  • ARDataService
  • ARObject
  • ARWebServiceClient
  • ARWebServiceCommon
• The following assemblies have strong names now:
  • ARCatalogs
  • ARDataServices
  • ARObjects
  • ARWebServiceClient
  • ARWebServiceCommon
• Added additional canonicalization safeguards (http request checks) to the Global.asax file - see MSDN KB 887459 for details
• To the ARPRTree server control ARPresentationLayer assembly were added property FormName for specifying the name of related form if the object is placed outside the Form tag
• All the stored procedures have now prefix dbo
• To the data grids for displaying memberships were added column with the object alias. This is just for better distinguish between objects with the same name
• To the web.config was added new parameter SecureAccessLogonMixedMode. This parameter is aplicable only if used with Windows authentication.  If set to true allows both Windows NT and Form Authentication, i.e. Windows authentication is preferred authentication mechanism but the user may explicitly invoke logon form and log in using Form authentication. Nevertheless this behaviour would be undesirable if the user accounts are imported from LDAP and thus their passwords are blank by default - this represents a security issue if an attacker guess someone's login name and misuse LogonForm.aspx to log in under this account without providing a password. Set the SecureAccessLogonMixedMode parameter to false if you use NT authentication and would like to disallow this behaviour. Default value if false

What's New in V2.1.3

• Greatly improved performance
• Password can be optionally sent to the user when administrator creates a new user account or changes password of an existing user account
• Password is reset in case it is stored in a hash format and sent to the user by e-mail
• New custom field AR_Object.ObjectCustomField2 of GUID type was added
• Support for AES256 password encryption was added
• Support for reading connection string from custom storage was added to the Secure Access Web user interface
• Several changes were made in the Web user interface so that it can be used with large amounts of data
• Indexes were added to all tables for better performance
• All references to the Microsoft.ApplicationBlocks.Data.dll library were removed due to several complaints of customers who were using a different version
• Increased timeout for reading data from the Active Directory (LDAP)
• Updated Secure Access licensing policy to accept both Secure Access and Meta Tree serial numbers
• Known bugs were fixed

PortSight Secure Access provides a comprehensive security solution for your .NET applications. It covers all security issues – authentication, authorization and auditing in WinForms and WebForms applications and in Web Services.

The only difference between the Standard and the Enterprise Edition is that the Enterprise Edition allows you to import user accounts, user groups and organizational units including membership information. The supported sources for import are Microsoft Active Directory, Windows domains and ODBC-enabled databases, such as Microsoft SQL Server, Microsoft Access and others.

Architecture

PortSight Secure Access is written as a three-tier .NET application. You can use its application programming interface (API) and user controls to check user name and password, control user permissions in your application, log user activities in the audit trail and store user preferences.

It uses Microsoft SQL Server (or MSDE) to store information about users, their permissions, etc.

PortSight Secure Access doesn’t replace the .NET Framework or Windows security, but it extends it and makes its management much easier.

You can manage the PortSight Secure Access system using its Web-based user interface and re-usable user controls.

Supported Environments

• ASP.NET WebForms – PortSight Secure Access supports both Forms and Windows authentication. ASP.NET applications can use the complete Secure Access API and user controls. The Application Configuration Wizard helps you integrate Secure Access into your ASP.NET applications in a few simple steps
• WinForms can consume Secure Access Web Service that provides the most important methods of PortSight Secure Access API. Logon form and “Change Password” controls for WinForms are also included
• Web Services can use the complete Secure Access API. PortSight Secure Access supports WS-Security standard for securing your Web Services

Main Features:

• User Management - PortSight Secure Access includes a comfortable web-based user management interface. It allows you to manage user accounts, set user properties, preferences and passwords and organize users into (nested) groups, organizational units and roles. The concepts are very similar to those found in Microsoft Windows
• Authentication Models - PortSight Secure Access supports both Forms and Windows authentication. The Forms authentication requires user to enter user name and password, the Windows authentication uses the user’s identity in the Windows domain
• Users, User Groups and Organizational Units - A user can be member of any number of user groups, organizational units and roles. Groups, units and roles can be nested. Organizational units can describe the hierarchical structure of your organization
• Role-Based security - The list of your web applications is also stored in the PortSight Secure Access catalog. Each application can have several user roles defined – e.g. “Editor”, “Chief-Editor”, “Designer” and “Administrator”. You can assign users, groups or organizational units to a particular role and then simply call the IsInRole method in your application – e.g. ARHelper.IsInRole(“JosephG”, “WebPublishingSystem.Editor”)
• Permission-Based Security (Permission Matrix) represents the most flexible model. You can define modules for each application – e.g. “News”, “Articles” and “Links” section of a Web site – and your set of permissions – e.g. “Read”, “Edit” and “Administration”. Then you simply grant permissions to users, user groups, organizational units or roles. Such permissions can be easily managed in the permission matrix. You can check permissions using simple methods, such as ARHelper.IsAuthorized(“JosephG”, “WebPublishingSystem.News”, “ApproveContent”)
• Securing Web Content - PortSight Secure Access allows you to control access to the content of your Web site (such as media files, documents, files for download and others). You can specify the content using wild cards, such as “/images/*.jpg”
• Audit Trail - PortSight Secure Access allows you to track user actions which gives you a good overview of possible attacks, attempts to access restricted zones as well as changes made to your data – e.g.: ARHelper.Log('JohnF', 'User approved news #141.', 'News_Approved', “WebPublishingSystem.News”)
• Delegation - The administrator can delegate management of membership for particular user group, role or organizational unit, as well as management of permissions for particular application. This allows you to avoid administrator bottle-neck and make your system more flexible
• User Preferences - You can store user preferences in the database instead of unreliable cookies. You can define any number of preferences, such as newsletter subscription, preferred colors and culture, etc.
• Re-Usable ASP.NET Controls - PortSight Secure Access is delivered with ASP.NET controls that can be incorporated into your application, such as:
  • Logon form, sign out button and registration form
  • Dialogs for selection of one or more users from a list box, drop-down list or from the organizational chart
  • Controls for setting password and sending forgotten password
  • Controls for delegated administration
  • List of users with sorting, paging and filtering that allows you to display list of all users with chosen properties and use it as a company phone book
  • Re-Usable WinForms controls include the logon form control and the change password dialog.
• Multiple User Catalogs - You can create and manage any number of user catalogs with one PortSight Secure Access license, which makes it an ideal solution for Web-hosting companies that want to offer well-secured Web sites to their customers
• Import from Active Directory, Windows domain and ODBC-enabled databases (Enterprise Edition only) – you can import users, user groups and organizational units, including their membership. You can map source properties to target properties of objects in the Secure Access database. The import can be run either manually or periodically