Entering Configuration Information

Retired Content

This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This page may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

The latest Enterprise Library information can be found at the Enterprise Library site.

These procedures explain how to configure the Security Application Block. Properties associated with the nodes appear in the right pane.

To add the Security Application Block

  1. Open the configuration file. For more information, see Configuring the Application Blocks
  2. Right-click Application Configuration, point to New, and then click Security Application Block.
  3. Click the Security Application Block node.
  4. In the right pane, set the DefaultAuthorizationInstance property if you want to. This is the authorization instance to use if none is specified in the code. The default is none.
  5. (Optional) In the right pane, set the DefaultSecurityCacheInstance property. This is the security caching instance to use if none is specified in the code. The default is none.
  6. Right-click the Authorization node, point to New, and then click AuthorizationRuleProvider, AzMan Provider, or CustomRuleProvider.

To configure an AzMan Provider

  1. (Optional) In the right pane, enter the Application name. The default is Application.
  2. Enter the AuditIdentifierPrefix. This is a prefix that precedes the audit identifier. The form is prefixuser name:operation. The default prefix is AzManAuthorizationProvider.
  3. Enter the Name. This is the name of the node. The default is AzManProvider.
  4. (Optional) Enter the Scope. Using scopes, you can have different authorization settings for different parts of your application.
  5. Enter the StoreLocation. This is the location of the authorization store. It can be either an XML file or a part of Active Directory. The default location for an XML file is msxml://c:/myAuthStore.xml. The default for Active Directory is msldap://myserver/CN=MyStore,OU=AzMan,DC=MyDomain,DC=Com.

To configure a Custom Authorization Provider

  1. In the right pane, click the Attributes property.
  2. Click the ellipsis button (…) in the Attributes property section of the right pane.
  3. In the EditableKeyValueCollectionEditor dialog box, click Add to add a new name/value pair.
  4. In the right pane of the EditableKeyValueCollectionEditor dialog box, enter the key name and the value of the property.
  5. Add more name/value pairs as appropriate, and then click OK.
  6. In the Name property section located in the right pane of the configuration console, change the name of the authorization provider. The default name is CustomAuthorizationProvider.
  7. In the right pane, click the Type property.
  8. Click the ellipsis button (…) in the Type property section of the right pane. If the type you want is not included in the Assemblies folder, click LoadAssembly in the Type Selector to find the assembly that contains the type you want.

If you are using the Authorization Rule Provider, you will have to enter the authorization rule(s). An authorization rule specifies the circumstances under which a user is authorized to perform some task. The expression must be a string with a Boolean predicate. The configuration console includes a Rule Expression Editor you can use to create the rule. With the editor, you can enter identities, roles, and Boolean operators.

Valid identities are the following:

  • Specific (for example, "Bob")
  • Anonymous (symbolized as "?")
  • Any (symbolized as "*")

Valid roles are the following:

  • Specific (for example, "Managers")
  • Any (symbolized as "*")

Valid operators are the following:

  • AND
  • OR
  • NOT
  • (
  • )

These identities, roles, and operators are combined in rules, which can be simple or complex. Examples of rules include the following:

  • I: Bob. This rule indicates that only a user with the identity Bob is authorized.
  • ((R:HumanResources OR R:GeneralManagers) AND (NOT R:HRSpecialist)). This rule indicates that only users that are in either the HumanResources or GeneralManagers roles and are not in the HRSpecialist role are authorized.

The Rule Expression Editor also includes a feature to test whether users with particular roles or identities are authorized using the rule you have specified. This can be useful to help confirm that you have phrased the rule correctly. To use this feature, enter the role and/or identity you want to test against the rule, and then click the Test button. The Expression Editor will display Authorized or Not Authorized, or it will display an error message indicating that the rule is not correctly defined.

The following procedure shows how to configure the Authorization Rule Provider.

To configure the Authorization Rule Provider

  1. Click the RuleProvider node.
  2. (Optional) In the right pane, change the name of the node. The default name is RuleProvider.
  3. To add a rule, right-click the RuleProvider node, point to New, and then click Rule.
  4. In the right pane, click the Expression property.
  5. Click the ellipsis button (…). Use the Rule Expression Editor to enter the authorization rule.
  6. (Optional) In the right pane, change the name of the rule. The default name is Rule.

You can use a security cache to store security-related information. The following procedure describes how to configure the security cache.

To select the Security Cache

  1. Right-click the SecurityCache node, point to New, click either CachingStoreProvider or CustomStoreProvider. The caching store provider uses the Caching Application Block as the security cache.
  2. If you selected the CachingStoreProvider, the Caching Application Block gets added automatically. For more information, see the Caching Application Block documentation.

The next two procedures describe how to configure the Caching Store Provider and the Custom Cache Provider.

To configure the Caching Store Provider

  1. Set the AbsoluteExpiration property. This is the amount of time it takes for an item that is added to the cache to expire. The unit of time is minutes. The default is 60.
  2. Set the CacheManager property. This is the name of this instance of the Caching Application Block. Change the name if you want to by either typing a new name or selecting a name from the drop-down list. The default is none.
  3. (Optional) Change the Name property. This is the name of the node. The default is CachingStoreProvider.
  4. Set the SlidingExpiration property. This is the interval between the time an item in the cache was last accessed and when it expires. The unit of time is minutes. The default is 10.

To configure the Custom Cache Provider

  1. (Optional) Set the Attributes property.
  2. In the Attributes property section of the right pane, click the ellipsis button (…).
  3. In the EditableKeyValueCollectionEditor dialog box, click Add to add a new name/value pair.
  4. In the right pane of the EditableKeyValueCollectionEditor dialog box, enter the key name and the value of the property.
  5. Add more name/value pairs as appropriate, and then click OK.
  6. Change the Name property (optional). The default name is CustomCacheProvider.
  7. Click the Type property. Click the ellipsis button (…). If the type you want is not included in the Assemblies folder, click LoadAssembly on the TypeSelector to find the assembly that contains the type you want.

Retired Content

This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This page may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

The latest Enterprise Library information can be found at the Enterprise Library site.
Show: