Introduction to the Security Application Block

Article
07/14/2010

Retired Content
This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This page may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.
The latest Enterprise Library information can be found at the Enterprise Library site.

The Microsoft Enterprise Library Security Application Block helps developers implement common authorization-related functionality in their applications. Applications can use the Security Application Block to support authorization and to cache a user's authorization and authentication data. Together with the Microsoft .NET Framework 2.0 features, developers can easily implement common security-related functionality.

The Security Application Block has the following features:

It reduces the requirement to write boilerplate code to perform standard tasks.
It helps maintain consistent security practices, both within an application and across the enterprise.
It eases the learning curve for developers by using a consistent architectural model across the various areas of functionality provided.
It provides implementations that you can use to solve common application security problems
It is extensible; it supports custom implementations of security providers.

Common Scenarios

Developers frequently write applications that must authorize users using one or more security providers such as Microsoft Active Directory directory service, Authorization Manager, Active Directory Application Mode (ADAM), and custom authorization providers. These applications may also need to cache authentication or authorization data for the duration of a logon session.

The Security Application Block simplifies these tasks by handling them in a consistent manner, abstracting the application code from the specific security providers. You can even change underlying providers through configuration changes without changing the underlying application code.

The Security Application Block provides code that will help you with the following scenarios:

Authorization
Caching security-related credentials

Example Application Code

The following code shows how to determine if a user is authorized to perform a task.

IPrincipal principal = new GenericPrincipal(new GenericIdentity("Username"), new string[]{"Manager"});

IAuthorizationProvider ruleProvider = AuthorizationFactory.GetAuthorizationProvider("RuleProvider");

// Determine whether user is authorized for the rule defined as "Print Document".
bool authorized = ruleProvider.Authorize(principal, "Print Document");

'Usage
Dim principal As IPrincipal = New GenericPrincipal(New GenericIdentity("Username"), New String() {"Manager"})

Dim ruleProvider As IAuthorizationProvider = AuthorizationFactory.GetAuthorizationProvider("RuleProvider")

' Determine whether user is authorized for the rule defined as "Print Document".
Dim authorized As Boolean = ruleProvider.Authorize(principal, "Print Document")

Audience Requirements

This guide is intended for software architects and software developers. To benefit fully from this guide, you should have an understanding of the following technologies:

Microsoft Visual Studio 2005 development system (any of the following editions): Visual Studio 2005 Professional Edition, Visual Studio 2005 Team System Edition, Visual Studio 2005 Standard Edition
.NET Framework version 2.0

System Requirements

The requirements for the Security Application Block are the following:

Microsoft Windows XP Professional, Windows Server 2003, or Windows Vista operating system
Microsoft .NET Framework 2.0
Microsoft Visual Studio 2005 development system (any of the following editions):

Microsoft Visual Studio 2005 Standard Edition

Microsoft Visual Studio 2005 Professional Edition

Microsoft Visual Studio 2005 Team Edition for Software Developers

Microsoft Visual Studio 2005 Team Edition for Software Testers

Microsoft Visual Studio 2005 Team Edition for Software Architects

Microsoft Visual Studio 2005 Team Suite

Note

The Security Application Block Authorization Manager provider requires Authorization Manager and the AzMan primary interop assembly. Authorization Manager is included with Microsoft Windows 2000 Server with Service Pack 4 and Microsoft Windows Server 2003. You can install Authorization Manager on Microsoft Windows XP by installing the Windows Server 2003 Administration Tools Pack. For information about how to install and use Authorization Manager and the primary interop assembly, see How To: Use Authorization Manager (AzMan) with ASP.NET 2.0.

Security Application Block Dependencies

The Security Application Block depends on the following code that is included in the Enterprise Library:

Core library functionality. The Enterprise Library Core provides services, such as instrumentation and configuration, and is a shared dependency of all Enterprise Library application blocks. The core library functionality is contained in the assembly Microsoft.Practices.EnterpriseLibrary.Common.dll.
The ObjectBuilder subsystem. The ObjectBuilder subsystem performs all of the repetitive and necessary tasks for creating and disposing of object instances, while still providing a high level of flexibility. Enterprise Library uses the ObjectBuilder subsystem for tasks such as injecting configuration into block classes and connecting instrumentation classes to application blocks. The ObjectBuilder subsystem is contained in the assembly Microsoft.Practices.ObjectBuilder.dll.

Depending on the specific functionality you require from the Security Application Block, you may also require the following application block contained in the Enterprise Library:
The Caching Application Block. The Security Application Block uses the Caching Application Block to cache security information and then retrieve it when required. You can replace the Caching Application Block with your own caching provider. Depending on how you configure the Caching Application Block, you may also require the Data Access Application Block. For more information, see the Caching Application Block documentation.

The recommended way to modify the configuration settings for the Security Application Block is to use the Enterprise Library Configuration Console.

Security Application Block Documentation

Together with the introduction, the documentation contains the following topics:

Design of the Security Application Block. This topic explains the decisions that went into designing the application block and the rationale behind those decisions.
Developing Applications with the Security Application Block. This topic explains how to download and install the application block so you can use it in your applications. It also is divided into several subsections. The first subsection, Entering Configuration Information, demonstrates how to configure the application block to perform common tasks. The next subsection, Key Scenarios, demonstrates how to use the application block to perform the most typical security operations.
Extending and Modifying the Security Application Block. This topic explains how to extend the application block by creating your own providers and how to modify the source code.
Deployment and Operations. This topic explains how to deploy and update the application block's assemblies and also contains information about configuration.
QuickStarts. This topic explains how to install and configure the QuickStart applications and contains a series of walkthroughs that demonstrate how to incorporate common security operations into an application.

For more information, see the following patterns & practices guides:

Retired Content
This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This page may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.
The latest Enterprise Library information can be found at the Enterprise Library site.