PortSight Secure Access Standard Edition - .NET Component - V2.3 (for .NET Framework 1.x) - Récapitulatif

Présentation | Prix et licences | Évaluations et téléchargements | Compatibilité | Infos éditeur | Revues | Forums | Récapitulatif

Récapitulatif

PortSight Secure Access Standard Edition - .NET Component - V2.3 (for .NET Framework 1.x) by PortSight

Secure your WinForms, WebForms and Web Services and integrate them with Active Directory. PortSight Secure Access for .NET allows you to manage users and their access to WinForms and WebForms applications, Web Services and Web content. It features user roles, permissions, audit trail, delegation and import from Active Directory. It’s delivered with an easy-to-use Web Interface and re-usable ASP.NET and WinForms controls that make it easy to integrate security into your application.

PortSight Secure Access provides a comprehensive security solution for your .NET applications. It covers all security issues – authentication, authorization and auditing in WinForms and WebForms applications and in Web Services.

The only difference between the Standard and the Enterprise Edition is that the Enterprise Edition allows you to import user accounts, user groups and organizational units including membership information. The supported sources for import are Microsoft Active Directory, Windows domains and ODBC-enabled databases, such as Microsoft SQL Server, Microsoft Access and others.

Architecture

PortSight Secure Access is written as a three-tier .NET application. You can use its application programming interface (API) and user controls to check user name and password, control user permissions in your application, log user activities in the audit trail and store user preferences.

It uses Microsoft SQL Server (or MSDE) to store information about users, their permissions, etc.

PortSight Secure Access doesn’t replace the .NET Framework or Windows security, but it extends it and makes its management much easier.

You can manage the PortSight Secure Access system using its Web-based user interface and re-usable user controls.

Supported Environments

ASP.NET WebForms – PortSight Secure Access supports both Forms and Windows authentication. ASP.NET applications can use the complete Secure Access API and user controls. The Application Configuration Wizard helps you integrate Secure Access into your ASP.NET applications in a few simple steps

WinForms can consume Secure Access Web Service that provides the most important methods of PortSight Secure Access API. Logon form and “Change Password” controls for WinForms are also included

Web Services can use the complete Secure Access API. PortSight Secure Access supports WS-Security standard for securing your Web Services

Main Features:

User Management - PortSight Secure Access includes a comfortable web-based user management interface. It allows you to manage user accounts, set user properties, preferences and passwords and organize users into (nested) groups, organizational units and roles. The concepts are very similar to those found in Microsoft Windows

Authentication Models - PortSight Secure Access supports both Forms and Windows authentication. The Forms authentication requires user to enter user name and password, the Windows authentication uses the user’s identity in the Windows domain

Users, User Groups and Organizational Units - A user can be member of any number of user groups, organizational units and roles. Groups, units and roles can be nested. Organizational units can describe the hierarchical structure of your organization

Role-Based security - The list of your web applications is also stored in the PortSight Secure Access catalog. Each application can have several user roles defined – e.g. “Editor”, “Chief-Editor”, “Designer” and “Administrator”. You can assign users, groups or organizational units to a particular role and then simply call the IsInRole method in your application – e.g. ARHelper.IsInRole(“JosephG”, “WebPublishingSystem.Editor”)

Permission-Based Security (Permission Matrix) represents the most flexible model. You can define modules for each application – e.g. “News”, “Articles” and “Links” section of a Web site – and your set of permissions – e.g. “Read”, “Edit” and “Administration”. Then you simply grant permissions to users, user groups, organizational units or roles. Such permissions can be easily managed in the permission matrix. You can check permissions using simple methods, such as ARHelper.IsAuthorized(“JosephG”, “WebPublishingSystem.News”, “ApproveContent”)

Securing Web Content - PortSight Secure Access allows you to control access to the content of your Web site (such as media files, documents, files for download and others). You can specify the content using wild cards, such as “/images/*.jpg”

Audit Trail - PortSight Secure Access allows you to track user actions which gives you a good overview of possible attacks, attempts to access restricted zones as well as changes made to your data – e.g.: ARHelper.Log('JohnF', 'User approved news #141.', 'News_Approved', “WebPublishingSystem.News”)

Delegation - The administrator can delegate management of membership for particular user group, role or organizational unit, as well as management of permissions for particular application. This allows you to avoid administrator bottle-neck and make your system more flexible

User Preferences - You can store user preferences in the database instead of unreliable cookies. You can define any number of preferences, such as newsletter subscription, preferred colors and culture, etc.

Re-Usable ASP.NET Controls - PortSight Secure Access is delivered with ASP.NET controls that can be incorporated into your application, such as:

Logon form, sign out button and registration form

Dialogs for selection of one or more users from a list box, drop-down list or from the organizational chart

Controls for setting password and sending forgotten password

Controls for delegated administration

List of users with sorting, paging and filtering that allows you to display list of all users with chosen properties and use it as a company phone book

Re-Usable WinForms controls include the logon form control and the change password dialog.

Multiple User Catalogs - You can create and manage any number of user catalogs with one PortSight Secure Access license, which makes it an ideal solution for Web-hosting companies that want to offer well-secured Web sites to their customers

Import from Active Directory, Windows domain and ODBC-enabled databases (Enterprise Edition only) – you can import users, user groups and organizational units, including their membership. You can map source properties to target properties of objects in the Secure Access database. The import can be run either manually or periodically

What's New in V2.3

ARHelper class has a public constructor

For the following assemblies was COM Interop created:

ARDataService

ARObject

ARWebServiceClient

ARWebServiceCommon

The following assemblies have strong names now:

ARCatalogs

ARDataServices

ARObjects

ARWebServiceClient

ARWebServiceCommon

Added additional canonicalization safeguards (http request checks) to the Global.asax file - see MSDN KB 887459 for details

To the ARPRTree server control ARPresentationLayer assembly were added property FormName for specifying the name of related form if the object is placed outside the Form tag

All the stored procedures have now prefix dbo

To the data grids for displaying memberships were added column with the object alias. This is just for better distinguish between objects with the same name

To the web.config was added new parameter SecureAccessLogonMixedMode. This parameter is aplicable only if used with Windows authentication. If set to true allows both Windows NT and Form Authentication, i.e. Windows authentication is preferred authentication mechanism but the user may explicitly invoke logon form and log in using Form authentication. Nevertheless this behaviour would be undesirable if the user accounts are imported from LDAP and thus their passwords are blank by default - this represents a security issue if an attacker guess someone's login name and misuse LogonForm.aspx to log in under this account without providing a password. Set the SecureAccessLogonMixedMode parameter to false if you use NT authentication and would like to disallow this behaviour. Default value if false

What's New in V2.1.3

Greatly improved performance

Password can be optionally sent to the user when administrator creates a new user account or changes password of an existing user account

Password is reset in case it is stored in a hash format and sent to the user by e-mail

New custom field AR_Object.ObjectCustomField2 of GUID type was added

Support for AES256 password encryption was added

Support for reading connection string from custom storage was added to the Secure Access Web user interface

Several changes were made in the Web user interface so that it can be used with large amounts of data

Indexes were added to all tables for better performance

All references to the Microsoft.ApplicationBlocks.Data.dll library were removed due to several complaints of customers who were using a different version

Increased timeout for reading data from the Active Directory (LDAP)

Updated Secure Access licensing policy to accept both Secure Access and Meta Tree serial numbers

Known bugs were fixed

PartNumbers: PC-514411-43095 514411-43095 PC-514411-43096 514411-43096 PC-514411-43097 514411-43097 PC-514411-43098 514411-43098 PC-514411-43099 514411-43099 PC-514411-43100 514411-43100 PC-514411-43101 514411-43101 PC-514411-43102 514411-43102 PC-514411-43103 514411-43103

PurchaseOptions: PortSight Secure Access Standard Edition V2.3 (for .NET Framework 1.x) 1 Server License , PortSight Secure Access Standard Edition V2.3 (for .NET Framework 1.x) 1 Server License - INETA Members , PortSight Secure Access Standard Edition V2.3 (for .NET Framework 1.x) 1 Server License - PortSight Hosting Partners , PortSight Secure Access Standard Edition V2.3 (for .NET Framework 1.x) 4 Server License , PortSight Secure Access Standard Edition V2.3 (for .NET Framework 1.x) 4 Server License - INETA Members , PortSight Secure Access Standard Edition V2.3 (for .NET Framework 1.x) 4 Server License - PortSight Hosting Partners , PortSight Secure Access Standard Edition V2.3 (for .NET Framework 1.x) 1 Site Wide License (Allows Unlimited Servers at a Single Physical Address) , PortSight Secure Access Standard Edition V2.3 (for .NET Framework 1.x) 1 Site Wide License - INETA Members , PortSight Secure Access Standard Edition V2.3 (for .NET Framework 1.x) 1 Site Wide License - PortSight Hosting Partners

Resources: Read the Portsight Secure Access API reference guide, Read the Portsight Secure Access guide, Read the Portsight Secure Access database reference guide, Portsight Secure Access quick reference guide for C# - Requires Acrobat Reader, Portsight Secure Access quick reference guide for VB .NET - Requires Acrobat Reader, Read the Portsight Secure Access performance test report - Requires Acrobat Reader, Read the Portsight Secure Access import capabilities document, Read the Portsight Secure Access end user license agreement, Download the Portsight Secure Access V2.3 evaluation on to your computer - Limited to 5 user accounts

Operating System for Deployment: Windows XP, Windows Server 2003, Windows 2000

Architecture of Product: 32Bit

Product Type: Component, Application

Component Type: ASP.NET WebForms, .NET WinForms, .NET Class, .NET Web Service, 100% Managed Code

Web Services: Supports SOAP 1.2, Supports SOAP 1.1, Supports SOAP 1.0, Implements WS Security

Built Using: Visual Basic .NET

Compatible Containers: Microsoft Visual Studio .NET 2003, Microsoft Visual Studio .NET, Microsoft Visual Basic .NET 2003, Microsoft Visual Basic .NET, Microsoft Visual C++ .NET 2003, Microsoft Visual C++ .NET, Microsoft Visual C# .NET 2003, Microsoft Visual C# .NET, .NET Framework 1.1, .NET Framework 1.0

Product Class: Business Components

Search Items: New Version Feb 04, New Product Mar 04, New Product June 04, New Product Aug 05, New Product Sep 05

Keywords: Security secure Administration adminstrator admin administrates Author security permissions password user protect Moravia Moravia-IT