PortSight Secure Access Documentation

Version History

 

  • Version 3.1 (Build 2365) - released on December 24, 2007

    New Features:

    • SecureAccess is converted to .NET 1.1

    • Assemblies are signed with attribute AllowPartiallyTrustedCallers()

    • All types are fully serializable for web services.

    • ARWebSecurity for .NET 2.0 has new class ARIdentity - Secure Access implementation of the IIdentity interface

    • ARWebSecurity for .NET 2.0 has new class ARPrincipal - Secure Access implementation of the IPrincipal interface

    • ARHelper has new public shared method GetARObjects - returns ARObjectsCollection with reguested object type

    Bugs Fixed:
    • The following assemblies now have fixed names in a root namespace from "Portsight.SecureAccess." to "PortSight.SecureAccess.":
      • ARConnectors.dll
      • ARConnector_WinNT.dll
      • ARConnector_LDAP.dll
      • ARConnector_ODBC.dll
      • ARImportEventHandlers.dll
      • ARImportHandler_Rename.dll
      • ARIntegration.dll

     

  • Version 3.0 (Build 2196) - released on July 24, 2006

    New Features:

    • ASP.NET 2.0 C# sample project in directory \3.0\Examples\CS\CSSample2005

    • ASP.NET 2.0 VB sample project in directory \3.0\Examples\VB\VBSample2005

    Bugs Fixed:
    • Bug fixed in the database : Wrong name parsing of nested application parts.

    • Bug fixed in the Web user interface: Wrong refresh in the ARUIOrgUnitList.ascx.vb

    • Bug fixed in the Business logic: Wrong collection of ARObjects - duplicity of objects in collection.

    • Bug fixed in the Web user interface: Missing Java Script reference in the PermissionDetails.aspx ,UserDetailsCustomFields.aspx

    • Bug fixed in the Web user interface: Missing Catalog Setting button in CatalogMenu.ascx.vb

    • Bug fixed in the Web user interface: Faster reading members in ARUIDelegatedUsers.ascx.vb , ARUIMembershipMemberOf.ascx.vb , ARUIMembershipMembers.ascx.vb , ARUIMembershipOwners.ascx.vb

     

  • Version 3.0 (Build 2195) - released on June 16, 2006

    Bugs Fixed:
    • Bug fixed in the Catalog Manager: ARIntegration.dll doesn't throw a closed sql connection with Active Directory import.

    • Bug fixed in the Web user interface: Wrong text in the ARUIAuditLogList.ascx.vb resource.

    • Bug fixed in the Web user interface: Missing Java Script reference in the UserDetailsPassword.aspx.

    • Bug fixed in the Web user interface: Removed empty item in PortSight.SecureAccess.ARPresentationLayer.ARPRDataGridPlus filter expression.

     

  • Version 3.0 (Build 2194) - released on March 31, 2006

    New Features:

    • ASP.NET 2.0 Membership Provider Implementation

    • ASP.NET 2.0 Role Provider Implementation

    • Support for ASP.NET 2.0 Web Site Administration Tool
    Changes:

    • ARApplication.GetApplicationParts() includes an optional parameter that determines whether to return only direct parts or all nested subparts.

    • ARApplicationPart.GetNestingParts() includes an optional parameter that determines whether to return only direct parts or all nested subparts.

    Bugs Fixed:
    • ARHelper.IsInRole() doesn't throw a NullReferenceException if the specified role alias doesn't exist in the database.

    • ARApplication.GetApplicationParts() doesn't throw "@ParentObjectID is not a parameter of procedure Proc_AR_ApplicationPart_SelectApplicationParts".

    • ARRelationshipTypesCollection.GetDataSet() doesn't throw "There is no row at position 0" if the collection contains data.

    • ARConnection.GetOperatorByID() takes an integer parameter.

    • Projects modified by the 'Configure You App' command in the Catatalog Manager do not fail to build successfully.

     

  • Version 3.0 (Build 2193) - released on February 24, 2006

    Changes:

    • Corrected graphics design

    • Added missing column OwnerID to DB view View_AR_Relationship_Child_Valid


    This version of Secure Access is still based on .Net Framework 1.0 (VS.NET 2002) but is optimized for usage with VS.NET 2005 and the Secure Access Web Interface can be easily converted to VS.NET 2005. 

     

  • Version 3.0 (Build 2192) - released on February 16, 2006

    Changes:

    • Enabled highlighting of the select item from the tree menu

    • Corrected samples

    • Issued new valid test certificates

     

  • Version 3.0 RC 1 (Build 2191) - released on February 9, 2006

    New Features:

    • Support for non-IE browsers

    • Compatibility with SQL 2005 and VS.NET 2005

    • Nested application parts

    • Object ownership ~ flexible feature allowing tenants to delegate management of users, user groups, organizational units and applications to their customers

    • New fresh design

    • Redeveloped user controls and styles

    Changes:

    • Closing SQL connections implicitly after each operation instead of relying on their explicit closing on developer's side

    • Controls for selecting objects (roles, user group, org. units, ? newly displays also name object aliases

    • Improved management of memberships

    • Collections used in API inherited from CollectionBase class

    • Enhanced set of API functions

    • Fixed known bugs

     

  • Version 2.3 (Build 1576) - released on September 20, 2005

    Changes:

    Bugs Fixed:

    • ARResource.GetPermissionType() - fixed bug in a method for constructing pseudo SQL query that failed if the permission alias contained apostrophe (').

    • Secure Access Web Inteface Help Files - incorrectly generated Table of Contents (htmltoc.html file)

     

    Changes:
    • ARHelper class has a public constructor.
    • For the following assemblies was COM Interop created:
      1. ARDataService
      2. ARObject
      3. ARWebServiceClient
      4. ARWebServiceCommon
    • The following assemblies have strong names now:
      • ARCatalogs
      • ARDataServices
      • ARObjects
      • ARWebServiceClient
      • ARWebServiceCommon
    • Added additional canonicalization safeguards (http request checks) to the Global.asax file - see MSDN KB 887459 for details.
    • To the ARPRTree server control ARPresentationLayer assembly were added property FormName for specifying the name of related form if the object is placed outside the Form tag.
    • All the stored procedures have now prefix dbo.
    • To the data grids for displaying memberships were added column with the object alias. This is just for better distinguish between objects with the same name.

    • To the web.config was added new parameter SecureAccessLogonMixedMode. This parameter is aplicable only if used with Windows authentication.  If set to true allows both Windows NT and Form Authentication, i.e. Windows authentication is preferred authentication mechanism but the user may explicitly invoke logon form and log in using Form authentication. Nevertheless this behaviour would be undesirable if the user accounts are imported from LDAP and thus their passwords are blank by default - this represents a security issue if an attacker guess someone's login name and misuse LogonForm.aspx to log in under this account without providing a password. Set the SecureAccessLogonMixedMode parameter to false if you use NT authentication and would like to disallow this behaviour. Default value if false.

    Bugs Fixed:

    • In ARUILogonForm.ascx user control were corrected actions performed according to ContinueLogon property value that could be set or cleared in LogonSuccessful event handlers.
    • Fixed bug in ARUIMembership.ascx user control that caused JavaScript error when trying to delete object.
    • AccessDenied.aspx page abandoned the session and caused user log out. This behaviour is undesirable because this page is also used for displaying various warning messages.
    • Fixed bugs in samples for GrantAccess, DenyAccess and RemoveAccess methods (ARResource). In parameter PermissionType was not specified the full namespace.
    • Fixed bug in ARUILogonForm.ascx user control that allowed Froms Authentication even if the web site was configured for the Windows Authentication. That represented a problem if the solution rely on Windows Authentication and does not store the user passwords in database (e.g. this is usual when user accounts were imported from Active Directory). Malicious user then could launch LogonForm.aspx page and authenticate as any user just by guessing the correct login name. Now the Forms Authentication is disabled by default if the web application is configured for Windows Authentication. It is possible to override this behaviour when necessary by setting the SecureAccessLogonMixedMode parameter in Web.Config to True.
    • Fixed bug in ARUISignOut.ascx user control that continued processing the page after sign out and redirecting to the specified URL abd target frame.
    • Added datbase connection closing where missing in ARObjects (API) assembly.
    • Fixed bug in user control for selecting memberships. The backslash was not displayed for domain users login names.
    • Fixed bug in ARResource.GetAuthorizedOperators method that returned no results. Also corrected method ARObject.GetDataTable that omited columns ObjectTypeNamespace and ObjectTypeAlias in results.
    • Fixed bug in stored procedure Proc_AR_Object_Delete that caused that the permission types were not correctly deleted when removing application part.
    • Fixed bug in stored procedure Proc_AR_Object_SelectPermissionMatrix that incorrectly included application parts between operators in the application permission matrix.
    • Fixed bug in ARResource.DenyAccess methods that caused exception if called from inherited classes such as ARApplication or ARApplicationPart.

     

    Bugs Fixed:

    • Added more detailed description of errors that may occur during importing memberships.

     

    Bugs Fixed:

    • Fixed known bugs.

    • Optimized code for creating collections of Secure Access objects.

    • To the API were added classes ARRelationshipType and ARRelationshipTypeCollection for manipulation with Permission Types.

    • In the Web interface improved user control for listing Secure Access objects (users, groups, org. units, ? in the datagrid ?the control now remembers the settings between postbacks, extends the filtering capabilities by allowing up to 6 filtering conditions to be specified at once and searching using substition characters (asterisk *).

    • Import enables registration of custom components for handling various events (such as PreInsert, PostInsert, PreUpdate, PostUpdate, PreDelete, PostDelete) raised during import process.

    • Allowed import of large data sets from LDAP by using paging function.

     

    Bugs Fixed:

    • A bug in the ARHelper.IsAuthorized and AROperator.IsAuthorized methods.

    • Increased timeout for reading data from the Active Directory (LDAP).

    • Updated Secure Access licensing policy to accept both Secure Access and Meta Tree serial numbers.

     

  • Version 2.1 Update 2 (Build 1569) - released on April 23, 2004

    Changes:
    • All references to the Microsoft.ApplicationBlocks.Data.dll library were removed due to several complaints of customers who were using a different version.

    Bugs Fixed:

    • ARHelper.IsAuthorized and AROperator.IsAuthorized methods returned false in case a user was granted with permission directly. Note: the authorization worked correctly for user groups, roles and organizational units.

    • ARHelper.AuthenticateUser method failed when a connection string was passed explicitly using an overloaded method.

    • ARHelper.Log method failed when a connection string was passed explicitly using an overloaded method.

     

     

    • Several changes were made in the Web user interface so that it can be used with large amounts of data.
    • ARHelper class was extended with overridden  methods allowing you to provide ConnectionString externally without storing it in the configuration file.
    • ARUISetPassword.ascx control has been enhanced with support for sending the changed password to the user by e-mail.
    • ARUISendPassword.ascx control has been enhanced with support for resetting hashed passwords and sending a new password to the user by e-mail.
    • ARUIAuditLogList.ascx control is now sorted descending by time.
    • All ARUI*List.ascx controls now have a new property OrderBy that allows you to set the default sorting of the grid.
    • Several database objects in the database views and stored procedures were modified.
    • Indexes were added to all tables for better performance.
    • ARConnection class was extended with new properties: EncryptionKey, EncryptionInitializationVector, CipherStringFormat.

            Bugs Fixed:

    • Bug fixed in the ARObjects.dll library: The AROperator.GetDataTable method didn't work.

    • Bug fixed in the ARObjects.dll library: Password was always stored as plaintext when creating a new user using ARUser.Insert.

    • Bug fixed in the documentation: Secure Access Guide contained wrong information about database structure for import. 

    • User name now allows also the "." (point) character, "@" character and spaces so that it can be used for storing user e-mails.
    • The ARConnection.GetObjectsDatasetByType method now returns DataSet object type instead of general object. The returned remains the same.
    • Object Custom Field 1 is now editable in the General properties of User, User Group, Organizational Unit, Role, Application and Application Part.
    • ARUILogonForm.SecureAccessLogonFormRedirectsTo property was added.
    • The ObjectAlias property now allows also the "@" character and spaces.
    • The ObjectAlias property of users now allows also "." (point) character.
    • Organizational units display only contained organizational units. They no longer display all members including users and user groups, which was rather confusing.

            Bugs Fixed:

    • Bug fixed in the ARObjects.dll library: The AROperator.IsMember method didn't work due to wrong version of the View_AR_RelationshipValid view.

    • Bug fixed in the ARObjects.dll library: ARConnection.GetObjectsDatasetByType method didn't return correct .NET type (dataset).

    • Bug fixed in the ARObjects.dll library: The ARConnection.GetCatalogObject method created a new connection instead of using the existing one.

    • Bug fixed in the ARObjects.dll library: If the default password expiration period (ar_PasswordExpiresAfterDays) in the catalog settings was left blank, the user couldn't change the password and the password was set as expired if the period was 0. Now both blank and 0 value indicates that the changed password never expires.

    • Bug fixed in the ARObjects.dll library: ObjectAlias wasn't automatically set correctly when it was not specified.

    • Bug fixed in the documentation: Database documentation contained wrong product name.

    • Bug fixed in the documentation: View_AR_AllApplicationParts was not included in the documentation.

    • Bug fixed in the documentation: Wrong images in the Catalog Manager help.

    • Bug fixed in the documentation: Wrong sample code in the Windows Authentication chapter in the Developer's Guide.
    • Bug fixed in the database: New users were not added to the "All Users" user group correctly which caused that they were not included in groups the "All Users" group was member of.

    • Bug fixed in the database: The View_AR_AllUserGroups view didn't display any user groups.

    • Bug fixed in the database: There was no reference integrity constraint between the ARObject and ARUser tables.

    • Bug fixed in the database: Cursor was not deallocated in these SPs: Proc_AR_Object_Insert, Proc_AR_Object_Update, Proc_AR_User_Insert, Proc_AR_User_InsertShort, Proc_AR_User_Update and Proc_AR_User_UpdateShort which lead to a failure when they were run in one SQL Server session more than once.

    • Bug fixed in the Web user interface: Organizational units were not sorted alphabetically in the tree.

    • Bug fixed in the Web user interface: ARUILogonForm didn't set focus on the User Name textbox.

    • Bug fixed in the Web user interface: The logon form was displayed in a poor design when password was being changed and a validation error occured.
    • Bug fixed in the Web user interface: Table paging in the Web user interface didn't validate the entered number of the page.

    • Bug fixed in the Catalog Manager: The Catalog Manager didn't work correctly with SQL Servers using other than the default English collation.

    • Bug fixed in the Web user interface: The "Sign Out" button in the Secure Access user interface didn't reflect the "SecureAccessParentFrameName" configuration settings key.

    • Bug fixed in the Web user interface: The "This page contains both secure and nonsecure items. Do you want to display the nonsecure items?" dialog appears when using SecureAccess through HTTPS (SSL) protocol.