Monday, 2 April 2012

Encrypting your settings in your App.config files

I’m currently brushing up on my WCF after my exposure to WSE 3.0 a few years ago. In anticipation of upcoming client work and lack of a TS: WCF Application with the .NET Framework 4 book based material (note it is only course-based), I opted for a good solid book that covered the subject matter in a thorough way.

I opted for WCF 4 Step by Step by John Sharp, as I had purchased the previous WCF book he published a few years ago. I did like his thorough style because I needed to learn it from scratch.

In Chapter 4, “Protecting an Enterprise WCF Service”, he uses some examples where you enter your domain, username and password directly into the code(!). BUT – he does have a warning on every code sample:
Warning: This code is for illustrative purposes in this exercise only. In a production application, you should prompt the user for their name and password. You should never hard-code these details into an application.
Now, I do nearly all of my development on my work laptop. The thought of someone just searching my computer remotely for files with my well-known domain and username puts me off completely. So instead, I decided to apply encryption to it and looked for a way which did not require me to write another program.

Using existing tools to apply the encryption

In the TS: Web Applications with the .NET Framework 4, they discussed how to encrypt the <connectionStrings> section in your web.config. However, I want to leverage this to encrypt my <appSettings> section instead.

First thing, start up a Visual Studio Command Prompt and CD to your location. We want to rename the app.config (prior to the build process) to web.config. For this example, we’ll assume my application in development is at C:\Projects\EncryptConfig directory.
C:\> cd C:\Projects\EncryptConfig
C:\Projects\EncryptConfig> ren app.config web.config
Next is to leverage the encryption utilities in the aspnet_regiis utility. All we provide is the section to encrypt and the file to apply the encryption to:
aspnet_regiis –pef “appSettings” .
The –pef indicates we want to encrypt a specific section and provide the filename. If you have CD’d to the directory, you can just use –pe “appSettings” and it will look for the web.config file.

The next step is to rename the file back to an app.config:
ren web.config app.config
You will notice that the app.config has encrypted this section like this:
<appSettings configProtectionProvider="DataProtectionConfigurationProvider">
   <EncryptedData>
      <CipherData>
         <CipherValue>AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAaUZOOb4EQkGNPyy5tzAjBgQAAAACAAAAAAADZgAAwAAAABAAAADQc+YHWZxsOuA55uoTOnvLAAAAAASAAACgAAAAEAAAAPYMaWCQj/hrK3T9DwGH2rxQAQAAyGBicUMztQUL+3cm7QJa5Nxf0NIlHv8WcT7rog67OaMFFc09qVZjmoloAaSsSZMLJC+Xof42NQ1H+x90kOASWvyWibqXkczP7bIy5/9whKb9T0eoHgpnqKu+WmiQQCf7pnM5XIY25TJ1uxzSu+pWZfabLkzfFZah6PaT/fLNCR7DLraewvX7LMmQk2+YLhEot+RDrXAtum7qpCweFFLCS8g8L9tTpz/XzKFjaXJqlJAGru8f9+PgEDOBCVxic8cvzjKizyxSQlS55ht0bJUD1NO6LGOQwtek7SKX2DjOCqQoWGf1uVXePtft73eN+JY7wcCjftu6IWQqUYdj2DMCFn6vZhaNYF5TkHtKv4kpZtNer+s50Yc8E2uUPq99ZZ8vZQMiGdQ8xopIWwx5F/WFUxpeQ5/hG4A4IKhY2njSC3m/efH4M28MWET34HTXVx1gFAAAAGC4o4MxMGI73etkgTMojENDadwS
         </CipherValue>
      </CipherData>
   </EncryptedData>
</appSettings>
The thing to note here is it is using the DataProtectionConfigurationProvider accesses the Data Protection API which is a user-specific API. It is fine as long as you always log in with your user, on your domain. But if you tried to distribute this application, the section would never be able to be read by another computer.

The RSAProtectedConfigurationProvider allows you to encrypt specific to the user or the machine. It also allows you to export the key so that it can be moved to another machine. This would be useful over a web farm (this is an IIS tool after all), where the <machineKey> can be shared across computers.

In any case, if you are looking to distribute this application and encrypt the contents of a configuration file, be sure you understand what encryption methods are available to you.

SyntaxHighlighter - a syntax highlighter for blog posts

I usually use Windows Live Writer to do my blogs. I also have some add-ins to support the syntax highlight, which embeds the CSS into the page.

Today, I viewed the source on my own page, and here is an example of what the "Insert Code Snippet" generated:

// Original formatting with no CSS
Console.WriteLine("Hello World!");
Console.WriteLine("Hello World!");
Console.WriteLine("Hello World!");
Gets rendered to ....


<div id="codeSnippetWrapper">
<br>
<div style="border-bottom-style: none; text-align: left; padding-bottom: 0px; line-height: 12pt;
background-color: #f4f4f4; border-left-style: none; padding-left: 0px; width: 100%;
padding-right: 0px; font-family: 'Courier New', courier, monospace; direction: ltr;
border-top-style: none; color: black; border-right-style: none; font-size: 8pt;
overflow: visible; padding-top: 0px" id="codeSnippet">
<br />
<pre style="border-bottom-style: none; text-align: left; padding-bottom: 0px; line-height: 12pt;
background-color: white; margin: 0em; border-left-style: none; padding-left: 0px;
width: 100%; padding-right: 0px; font-family: 'Courier New', courier, monospace;
direction: ltr; border-top-style: none; color: black; border-right-style: none;
font-size: 8pt; overflow: visible; padding-top: 0px"><br />
<span style="color: #606060" id="lnum1">1:</span><br />
Console.WriteLine(<span style="color: #006080">"Hello World!"</span>);</pre>
<br />
<!--CRLF-->
<pre style="border-bottom-style: none; text-align: left; padding-bottom: 0px; line-height: 12pt;
background-color: #f4f4f4; margin: 0em; border-left-style: none; padding-left: 0px;
width: 100%; padding-right: 0px; font-family: 'Courier New', courier, monospace;
direction: ltr; border-top-style: none; color: black; border-right-style: none;
font-size: 8pt; overflow: visible; padding-top: 0px"><span style="color: #606060"
id="lnum2">2:</span><br />
Console.WriteLine(<span style="color: #006080">"Hello World!"</span>);</pre>
<!--CRLF-->
<pre style="border-bottom-style: none; text-align: left; padding-bottom: 0px; line-height: 12pt;
background-color: white; margin: 0em; border-left-style: none; padding-left: 0px;
width: 100%; padding-right: 0px; font-family: 'Courier New', courier, monospace;
direction: ltr; border-top-style: none; color: black; border-right-style: none;
font-size: 8pt; overflow: visible; padding-top: 0px"><span style="color: #606060"
id="lnum3">3:</span> <br/>
Console.WriteLine(<span style="color: #006080">"Hello World!"</span>);</pre>
<!--CRLF-->
</div>
</div>
Okay, that is pretty horrific. Does the job, no doubt but when it comes to editing this in the application, it is a complete nightmare. It selects single rows, changes their width accidently. When you have a bit of luck actually selecting the outer div, the Code Snippet editor even warns you that it is going to attempt to read it. When viewing this on a mobile device, it looks even worse. Much worse trust me!

At the same time I was catching up with my Google Reader and was looking through posts I'd missed by Scott Hanselman. He was looking for a syntax highlighter for Windows Live Writer a few years ago. He also went to the trouble of writing a Windows Live Writer plug-in for it. But luckily, things have been made much easier.

How to add SyntaxHighlighter to your site

  1. Download the Javascript and CSS libraries from the SyntaxHighligter authors site. (Alternatively reference them as described)
  2. Add a few lines of script, referencing the code types you wish to use, including the core libraries.
    <script src="shCore.js" type="text/javascript"></script>
    <script src="shAutoloader.js" type="text/javascript"></script>
    <script type="text/javascript">SyntaxHighlighter.autoloader(
    'js jscript javascript /js/shBrushJScript.js',
    'csharp c-sharp /js/shBrushCSharp.js',
    'xml /js/shBrushXml.js'
    );


    SyntaxHighlighter.all();
              http://alexgorbatchev.com/SyntaxHighlighter/manual/api/autoloader.html
In your HTML of your blog post, or site, all you do is add the nice and friendly <pre> tag that we all know and love, applied with a 'class' attribute with your programming language - simples!.

So here is a code sample (from a previous post) and the newer way I will be blogging from now on:

Before


   1: # PowerShell script to modify the 'timeout' value in the specified web.config    
   2: # when no Sessions are in use.    
   3:  
   4: # Constants used throughout application    
   5: $webConfig = "d:\web.config"    
   6: $newTimeout = "20"    
   7: $sessionCount = 0    
   8:  
   9: ## BEGIN   
  10: write-host Getting performance counters ...   
  11:  
  12: $perfCounterString = "\asp.net applications(__total__)\sessions total"    
  13: $perfCounter = get-counter -counter $perfCounterString    
  14: $rawValue = $perfCounter .CounterSamples[0].CookedValue    
  15:  
  16: write-host Session Count is $rawValue   
  17:  
  18: if( $rawValue -gt $sessionCount)   
  19: {   
  20:    write-host Session Count = $rawValue - exiting   
  21:    exit   
  22: }   
  23:  
  24: write-host Stopping IIS   
  25: stop-service "IISAdmin"   
  26:  
  27: # Open file and change value   
  28: $doc = new-object System.Xml.XmlDocument   
  29: $doc.Load($webConfig)   
  30: $doc.SelectSingleNode("//sessionState").timeout = $newTimeout    
  31: $doc.Save($webConfig)   
  32:  
  33: write-host Starting IIS   
  34: start-service "IISAdmin"   
  35:  
  36: write-host Done!   
  37: ## END

After


# PowerShell script to modify the 'timeout' value in the specified web.config    
# when no Sessions are in use.

# Constants used throughout application
$webConfig = "d:\web.config"
$newTimeout = "20"
$sessionCount = 0

## BEGIN
write-host Getting performance counters ...
$perfCounterString = "\asp.net applications(__total__)\sessions total"
$perfCounter = get-counter -counter $perfCounterString
$rawValue = $perfCounter .CounterSamples[0].CookedValue

write-host Session Count is $rawValue

if( $rawValue -gt $sessionCount)
{
write-host Session Count = $rawValue - exiting
exit
}

write-host Stopping IIS
stop-service "IISAdmin"

# Open file and change value
$doc = new-object System.Xml.XmlDocument
$doc.Load($webConfig)
$doc.SelectSingleNode("//sessionState").timeout = $newTimeout
$doc.Save($webConfig)

write-host Starting IIS
start-service "IISAdmin"
write-host Done!
## END

Have a look at the source of this page to see how readable each section is.

Tuesday, 27 March 2012

Using PowerShell to modify configuration files in IIS when the Session Count is 0

(Apologies for re-posting this – I thought I was deleting a draft post and ended up deleting the actual post!)
I was looking at Stack Overflow today and I saw a question where a user wanted to change the Web.config when the number of Sessions reaches 0. He wasn’t aware of any way to find out the Session Count, or any automated way to do this. I thought I’d have a go anyway using a C# .NET Console Application anyway … but then I discovered PowerShell!

To summarise PowerShell, think of it like a command prompt on steroids! Not only can you do the usual process starting, killing and file system navigation, but it provides a much more streamlined command system. You also have hundreds, if not thousands of commands at your disposal.
So let me talk you through how I would have done this in .NET and then the equivalent PowerShell implementation I used.

Goals of the application

  1. Get the Session Count of IIS in total from a performance counter
  2. If Count > 0, quit
  3. Stop IIS
  4. Change web.config
  5. Start IIS

Retrieving performance counters in .NET for the Session Count

I’ve recently passed my TS: Data Applications in the .NET 4 Framework exam, which covered how to create and retrieve performance counter data into your applications. So there’s step one – wait until the Active Session Count is 0. An example of retrieving this is:

var counter = new PerformanceCounter(
  "ASP.NET Applications",    
  "Sessions Active",    
  "__Total__",    
  true);   

var sessionCount = counter.RawValue;   

if( sessionCount > 0 )  
{  
   Console.WriteLine("Session Count is {0} - exiting", sessionCount );  
   return;  
}

These values match up to those in the Performance Monitor (perfmon.exe).

In PowerShell, performance counters are easily retrieved as well. There is a specific command for retrieving them. PowerShell declares variables inline using a $ prefix, so here is how to retrieve the same counter in PowerShell. I saved these to a file called “ChangeIIS.ps1”:



   1: # Set up the string
   2: $perfCounterString = "\asp.net applications(__total__)\sessions active"
   3:  
   4: # Retrieve the counter
   5: $perfCounter = get-counter -counter $perfCounterString 
   6:  
   7: # Retrieve the raw value for the first (and only) counter
   8: $rawValue = $counter.CounterSamples[0].CookedValue 
   9:  
  10: if( $rawValue -gt 0 )
  11: {
  12:     write-host Session Count is $rawValue - exiting
  13:     exit
  14: }

Stopping & Starting IIS

This process is straightforward as well in both languages. First C#:



   1: var iisProcess = ServiceController.GetServices().First(s => s.ServiceName == "IISADMIN");
   2: iisProcess.Stop();
   3: 
   4: // Perform tasks
   5:  
   6: iisProcess.Start();

Now PowerShell:



   1: stop-service "IISADMIN"
   2:  
   3: # Perform tasks
   4:  
   5: start-service "IISADMIN"

Modifying the web.config

Unfortunately, I couldn’t find a way of using the in-built System.Configuration classes to open configuration files that are outside of your application. Instead, I just resorted to XmlDocument:



   1: var location = "d:\\web.config";
   2: var newTimeout = "20";
   3:  
   4: var xmlDoc = new XmlDocument();
   5: xmlDoc.Load(location);
   6: xmlDoc.SelectSingleNode("//sessionState").Attributes["timeout"].Value = newTimeout;
   7: xmlDoc.Save(location);

I know what your thinking. How can we access the file in PowerShell? One of the fantastic things with PowerShell is that you have access to all of the .NET classes (including static methods and classes) at your disposal. So here is the same code in PowerShell:



   1: # Set values 
   2: $location = "d:\web.config"
   3: $newTimeout = "20"
   4:  
   5:  # Open file and change value
   6: $doc = new-object System.Xml.XmlDocument
   7: $doc.Load($location)
   8: $doc.SelectSingleNode("//sessionState").timeout = $newTimeout 
   9: $doc.Save($location)

Notice how I am using a “timeout” variable directly. PowerShell has exposed the attribute as a property of the .SelectSingleNode() method. How do I know that? Well, if you execute this in isolation, you’ll get a nice helpful output on all of the properties available to use directly:



PS C:\> $doc.SelectSingleNode("//sessionState")
 
timeout                                                     #text
-------                                                     -----
20                                                          20

Now we have a PowerShell script in its entirety:



   1: # PowerShell script to modify the 'timeout' value in the specified web.config
   2: # when no Sessions are in use.
   3:  
   4: # Constants used throughout application
   5: $webConfig = "d:\web.config"
   6: $newTimeout = "20"
   7: $sessionCount = 0
   8:  
   9: ## BEGIN
  10: write-host Getting performance counters ...
  11:  
  12: $perfCounterString = "\asp.net applications(__total__)\sessions total" 
  13: $perfCounter = get-counter -counter $perfCounterString 
  14: $rawValue = $perfCounter .CounterSamples[0].CookedValue 
  15:  
  16: write-host Session Count is $rawValue
  17:  
  18: if( $rawValue -gt $sessionCount)
  19: {
  20:     write-host Session Count = $rawValue - exiting
  21:     exit
  22: }
  23:  
  24: write-host Stopping IIS
  25: stop-service "IISAdmin"
  26:  
  27: # Open file and change value
  28: $doc = new-object System.Xml.XmlDocument
  29: $doc.Load($webConfig)
  30: $doc.SelectSingleNode("//sessionState").timeout = $newTimeout 
  31: $doc.Save($webConfig)
  32:  
  33: write-host Starting IIS
  34: start-service "IISAdmin"
  35:  
  36: write-host Done!
  37: ## END

Granting permissions to the Script

We’re not done yet. PowerShell also has a security feature that doesn’t allow users to just run PowerShell scripts as soon as they are created. They have to come from a credible source to be run straight away.
In order to run this script, we need to tell PowerShell to bypass security checks for this specific process (or user). For security reasons, I will grant access for this process, as we will only want to run this script once.


  1. Open a Command Prompt – Right Click – Properties - "Run As Administrator"
  2. Type powershell.exe
  3. Type Set-ExecutionPolicy –scope Process Bypass
  4. Type sl <directory of file>sl acts like cd on the command prompt
  5. Type $ ‘.\ChangeIIS.ps1’
And off we go!

Summary

Where opportunities arise to try out new technologies, it is always work having a go. PowerShell isn’t difficult to learn. In fact, its actually very powerful and intuitive. It is also a great ‘Immediate Window’ style interface to try out .NET code. I’m starting to use it quite a lot for even simple calculations:


224 ==> [System.Math]::Pow(2,24)

And more importantly – I hope I win that bounty question!





Recent Edits:



  • 28/3/12 - Changed performance counter to use "Sessions Active" instead of "Sessions Total" as Sessions Total inclues Abandoned (forcefully ended), Timed Out and Active.

Monday, 27 February 2012

How do you test a project without affecting the database?

Today I sat with a colleague and went through how we could implement testing on existing code, without affecting the data in the database. For anyone who answers that question the words “Dependency Injection” – well done! Maybe this post isn’t for you! Smile with tongue out
But I wanted to give anyone asking themselves this question a short guide on how to get this working, as it is a common problem faced when adapting an existing project to include unit testing.

An example

So first of all, lets get some basic code together to try this out:

namespace Model
{
     public class User
     {
          public User (int userId) { this.UserId = userId; }

          public int? UserId { get; private set;}
          public string UserName { get; set; }
          public string Password { get; set; }
     }
}

Next, lets pretend we’ve got some existing DB code, possibly Entity Framework, to get this data out of the database:

namespace DataAccess
{
     public class SqlRepository : DbContext
     {
          public User CreateUser() { /*..*/ }
          public User ReadUser(int id) { /*..*/ }
          public void UpdateUser(User userToUpdate)  { /*..*/ }
          public void DeleteUser(int userId) { /*..*/ }
     }
}

You also have a Business Logic layer, which will interface with the SqlRepository for us. For simplicity, I will only deal with the UpdateUser() method:

namespace Logic
{
     public class UserService
     {
          private SqlRepository repository = null;

          public UserService() 
          {
               this.repository = new SqlRepository();
          } 

          public void UpdateUser(User updatedUser)
          {
               if ( updatedUser == null ) 
               {
                    throw new ArgumentNullException("updatedUser");
               }
               else if ( updatedUser.UserId == null )
               {
                    throw new ArgumentException("UserId must be set.");
               }
               else if ( String.IsNullOrEmpty(updatedUser.UserName) )
               {
                    throw new ArgumentException("Username is not valid.");
               }
               else if ( !PasswordIsComplexEnough( updateUser.Password ) )
               {
                    throw new PasswordNotSecureException("Password must meet the minimum security requirements.");
               }
               else
               {
                    this.repository.UpdateUser (updatedUser);
               }
          }
     }
}

Now when we get to writing integration tests, we’ll find that we update users directly in the database, leaving the database in a possibly invalid state. A test might take the format of:

namespace Tests.Integration
{
     [TestClass]
     public class UserServiceTests
     {
          [TestMethod]
          public void WhenAServiceIsCreated_AndAnExistingUserIsUpdated_TheUserIsSavedSucessfully()
          {
              // Arrange
              var userService = new Logic.UserService();
              var existingUser = userService.ReadUser(1);
              
              existingUser.Password = StringFunctions.BuildRandomString(50); // 50 chars of text
             
              // Act
              userService.UpdateUser ( existingUser );
              
              // Assert - assume we have implemented Equals() to compare their content
              var updatedUser = userService.ReadUser(1);
              Assert.AreNotEqual(existingUser, updatedUser);
          }
     }
}

The problem is now, you’ve wiped the password for that user. If it is hashed in the database, you have no way of retrieving it without modifying it manually. I suppose you could re-apply the original user, but then you are now having to do a tidy up exercise after every test. If another test depends on that user account being valid (e.g. a UI test to log that user in), then you’re going to fail more tests and the problem will only get worse.

Dependency Injection

Dependency Injection allows us to “inject” the database we would like to modify. Some developers like to have their own database that can be freely modified whenever. But in the long term, the maintenance of tidying this database, coupled with the speed of database connections for thousands of tests becomes unmanageable. Ideally, you want these tests to pass as soon as possible so you can get on with your work.

But as this code stands, we will always point at the database. So we’ll need to do some slight modifications to get this code more flexible, without breaking existing code.

Step 1 – Extract an interface

The easiest step is to use Visual Studio to extract an interface for you. You do this by right clicking on the class name of the DataAccess layer > Refactor > Extract Interface

blog

Once you’ve clicked “Select All” and “OK”, this gives you your current code, implementing a newly created interface, which I will rename IRepository (and make public).

namespace DataAccess
{
   public interface IRepository
   {
      User CreateUser();
      void DeleteUser(int userId);
      User ReadUser(int id);
      void UpdateUser(User userToUpdate);
   }
 
   public class SqlRepository : DbContext, IRepository
   {
      /* As before */
   }
}

So now we have the ability to create a TestRepository, based on IRepository, that can act like a database. So lets quickly make a TestRepository:

namespace Tests.Helper
{
   public class TestRepository : IRepository
   {
       /** Methods leaving the NotImplementedException code in place **/
   }
}



Step 2 - Adapt the service layer to accept an IRepository


Next, we adapt the UserService class to accept a new parameter, to allow us to “inject” the database into the class. This way, existing code still works and the test code can take advantage of the new constructor.

public class UserService
{
     private IRepository repository;

     public UserService() : 
         this ( new SqlRepository() )
     {
     }

     internal UserService (IRepository injectedRepository)
     {
          this.repository = injectedRepository;
     }

     /* As before */
}

Notice I’m using an internal constructor intentionally, as I don’t want to expose this to just anyone. What I can do is instruct the CLR that internals are visible to another assembly. This is done in the AssemblyInfo.cs class for the DataAccess layer like this:

[assembly: InternalsVisibleTo("Tests")]

Note that I have used the Assembly Name of the assembly to which the internal fields, properties, methods and constructors can be accessed.


Step 3 - Inject the new repository

Now, we are able to modify our test to pass in the TestRepository class we created, so that when the UserService is created, it will access our implementation.

namespace Tests.Integration
{
     [TestClass]
     public class UserServiceTests
     {
          [TestMethod]
          public void WhenAServiceIsCreated_AndAnExistingUserIsUpdated_TheUserIsSavedSucessfully()
          {
              // Arrange
              var userService = new Logic.UserService(new TestRepository());
              var existingUser = userService.ReadUser(1);
              
              existingUser.Password = StringFunctions.BuildRandomString(50); // 50 chars of text
             
              // Act
              userService.UpdateUser ( existingUser );
              
              // Assert - assume we have implemented Equals() to compare their content
              var updatedUser = userService.ReadUser(1);
              Assert.AreNotEqual(existingUser, updatedUser);
          }
     }
}

Now – okay – the application will throw an exception! Because we haven’t implemented the TestRepository class and left it at its default implemention, the methods will throw errors. But by writing some simple code, which does as much as we need to get going, we no longer rely on running our tests through the DB:

namespace Tests.Helper
{
     public class TestRepository : IRepository
     {
         private List<User> users = null;
  
         public TestRepository() { users = new List<Users>(); }

         public void UpdateUser(User user)
         {
              var storedUser = users.Where(u => u.UserId == user.UserId).SingleOrDefault();

              // Do some exception handling here, just to throw an error if it doesn't exist.
              // This way it 'sort-of' acts like a database.

              storedUser.UserName = user.UserName;
              storedUser.Password = user.Password;
         }
     }
}

And now we have a testable repository.

There are frameworks called Mocking frameworks, that can even alleviate you of this burden. But I’ve yet to explore them enough to include in this blog.

Summary


In this blog, we have looked at a common example that many developers face. We have adapted the existing functionality, without breaking existing code, but extending it for use with a testing framework.
This adaptation allows you to concentrate on testing all of those permutations within the UserService, which is what we actually want to test.

I will adapt a full tutorial of this blog, so that users can try out the refactoring for themselves.

Sunday, 19 February 2012

How to implement best practices with the .NET Framework

One area that I know I’ve needed to improve is implementing some best practices within a team of developers.
The areas I am aiming to improve are:
  1. Developers being forced to use a code analysis tool, instead of ignoring the warnings
  2. Run unit tests or integration tests on a regular basis without developer intervention
  3. A way to build, package and deploy them without user intervention – including databases
  4. A report to generate automated processes
  5. (Optional) Developers following some kind of coding convention
My only interaction with any tool that pulls this together (via manual intervention to my experience) was Team Foundation Server. Since this was the choice of most clients I had worked with, I was interested in improving my own skills so that when new or existing projects come along, I could implement some standards. Therefore code quality and development become my main priorities. Manual intervention would be little or none.
I have read Rapid Development by Steve McConnell. This book to me was a bible of information on project management, team building and development practices. However I found that many of the examples were widely applicable, giving no examples of technologies due to its generality. RD is very broadly applicable to all development practices, but with this purchase I was specifically looking for something with products, processes and examples to implement them with.
I’ve started reading a book called Pro .NET Best Practices and this was exactly what I was after.
‘Best Practices’ is not a term the author chooses to use. Instead, he chose ‘Ruthlessly Helpful’ – the title of his blog site.
‘Best’ implies there is nothing better. However, a ‘better’ practice may suffice as each practice is different to one another. Some work better with small teams, some with bigger teams. The author chose ‘Ruthless’ – something that requires thought and consideration which will be able to you and your team size.
But by adding ‘Helpful’ also implies that the process will only serve as a benefit to you and your team. Whether you want to reduce bugs, improve product delivery or automate your deployment, any helpful practice is one worthy of consideration.
And so the term ‘Ruthlessly Helpful’ was born.
Pro .NET Best Practices covers a whole plethora of information for applying the development lifecycle properly. Everything from the tools used for development of the product, right through to the deliverable. This book isn’t another book full of code examples – although many are provided for clarity. The books goal is to educate and motivate readers on better practices of software development.
I see it has all 5 star ratings on the Amazon.com site. And it is well deserved!

Wednesday, 1 February 2012

Restricting URL access without using the web.config

I’ve been lucky enough to work with 2 major clients that do not use the out-of-the-box user-role association of security. If your site is not restricted by a user’s role or user name, how do you implement security? Good question!

So some examples of custom URL authorization is:

  • Access to a page is not determined solely on a role or username.
  • Allow admins to change web page access permissions on-the-fly from a maintenance page.
  • Allow pages to be restricted via a timeframe. Admin users may still be allowed access after working hours.

An example

Imagine a site that has 4 user roles:

  • Manager
  • Supervisor
  • Employee
  • Administrator

You might have a requirement that:

“An access control page needs to be created so that we (the administrators) can select the permissions of the pages through a UI. One week we might decide to extend a supervisors to a subset of the manager pages. These changes may be permanent or temporary. Either way we need an admin screen to selectively choose the permissions for each page from an admin screen and restrict access this way.”

Equipped with your vast ASP.NET knowledge, you could advise them to create an intermediate role of “Super-supervisor” and use web.config files to restrict user access. Responses are:

  • The existing system embeds the role so tightly, that this requires too much work to implement across the business logic and reporting structure.
  • Changes to web.config to incorporate page access will require direct access to the Web box. Our application’s sys admins are not technical users and could bring down the site.
  • We have already decided to split the site into 3 sections – Public, Secure and Admin sections. However you choose to implement it, this is the only 3 categories we care about.
  • We also want the sitemap to update dynamically with these changes.

So lets see what API we could use …. hmmm … unfortunately:

  • Membership providers only help us identify who a logged in user is – no go.
  • Role providers only help us identify what role a specific user has – no go.

What we need is a way to check the access types allowed upon access to a page. Then restrict page from there.

How does ASP.NET do it?

It does so by use of the UrlAuthorizationModule, which looks through the Web.config locating the page or directory. Then using the defined rules, it will either allow access, or send a 401 (Unauthorized) response to the pipeline. Later on in the pipeline, the FormsAuthenticationModule sees the 401 and pushes them to the login screen.

Good news is works in a very similar way to how we want. Sadly, it isn’t inheritable so we have to roll our own one. So lets have a stab at it.

Rolling our on UrlAuthorizationModule

Modules work by plugging into the HTTP pipeline for all requests. So just implement IHttpModule, add code to the Init method, and hook into the AuthorizeRequest event.

public class CustomUrlAuthorizationModule : IHttpModule
{
private const int Unauthorised = 401;

#region IHttpModule Members

public void Dispose()
{
// Do nothing
}

public void Init(HttpApplication context)
{
context.AuthorizeRequest += new EventHandler(context_AuthorizeRequest);
}

void context_AuthorizeRequest(object sender, EventArgs e)
{
// Work out access from the URL
}

#endregion
}

Nearly there! Okay, so the second-to-last thing you need to do is look at the page coming in, get the information about what users/roles can access that page. So here’s some sample code for it.

void context_AuthorizeRequest(object sender, EventArgs e)
{
var context = HttpContext.Current;

// Use custom logic to determine access criteria
bool accessAllowed = IsUserAuthorizedToSeePage(
context.User.Identity.IsAuthenticated,
context.User.Identity.Name,
context.Request.Path);

if (accessAllowed)
{
return;
}
else
{
// Set status code to 'Unauthorized' and bypass all other components
context.Response.StatusCode = 401;
context.ApplicationInstance.CompleteRequest();
}
}


And lastly, some sample logic to check if a user has access:


private bool IsUserAuthorizedToSeePage(bool isAuthenticated, string userName, string url)
{
using(Data.DbEntities db = new Data.DbEntities())
{
var dbUrl = db.PageAccess.Where(row => row.PageUrl.Equals(url,StringComparison.OrdinalIgnoreCase)).FirstOrDefault();

if(dbUrl == null)
{
logger.Error("Cannot find access rights for {0}", url);
return DenyAccess("Page access rights cannot be found.");
}
else if (dbUrl.Public)
{
return true;
}
else if(!isAuthenticated)
{
logger.Warn("Unauthenticated request for URL {0}",url);
return false;
}
else if(dbUrl.Secure)
{
return true;
}
else if (dbUrl.Admin)
{
var userInfo = db.Users.Where(user => user.UserName == userName).FirstOrDefault();

if (userInfo == null)
{
logger.Error("Cannot find access rights for {0} to {1}", userName, url);
return false;
}
else if (userInfo.Role == "Admin")
{
return true;
}
else
{
logger.Warn("User {0} attempted to access {1}, but was disallowed due to access rights", userName, url);
return false;
}
}
else
{
logger.Error("Unable to determine if user should access page. User: {0} -- URL: {1}", userName, url);
return false;
}
}

And that’s all you need to do really. I pull the role out of the database, but if you have decided to store the users role in Session, you can still pull their roles through from the HttpContext.Current.Session object.


(BTW, the “logger” would be some implementation of a logger, I use NLog)