Getting Started
This documents explains the usage of Xafari Encryption Service. An assembly of Xafari.Framework.16.1.40XX is used as an example. The Tools folder of the framework contains the EncryptionServer folder (see the image below).
First, the web application is deployed. In this example, it is done through IIS, as follows:
- launch the IIS manager (for example, by pressing Win+R on the keyboard and entering the inetmgr value into the only available field of the dialog box),
- add a new application to the default list via its context menu,
- name the application xafari.encryption.service (or use any other meaningful name) and specify the physical path to its files; it is also possible to customize the applications' pool or other parameters during this step.
This service always requires some way of authentication to be added. Currently, only Windows authentication is available; the implementation of a standard one is coming in the future versions.
Now we have a web service available at "http://localhost/xafari.encryption.service/" (see the image below).
Before using Xafari Encryption Service, some more things should be done as described in the following sections of this document:
- setting the data access permissions,
- specifying the connection string,
- making the target application use the service.
Setting the data access permissions
To set the data access permissions, the executing application should be signed with a public key needed to process the encrypted data. In this sample, we suppose that the application has a digital signature and its publicKeyToken equals c9ae4f092cc930e6. The application is used by SomeUser1.
First, the UserKeys.ini file should be created. Then, the path to this file should be specified in the Web.config file of the service. See the usage of the UserPermissionsFilePath parameter below:
- xml
<!-- Place here the path to the file that contains user keys values.-->
<add key="UserPermissionsFilePath" value="Place path here" />
Finally, add a json string below into the UserKeys.ini file (using Notepad, for instance).
Now, SomeUser1 is allowed to get data from the service if accessing from the application which publicKeyToken is c9ae4f092cc930e6.
The keys should be separated with commas, as follows:
- example
{"UserName":"SomeUser1","Key":"c9ae4f092cc930e6"}
{"UserName":"SomeUser2","Key":"c9ae4f092cc930e6"}
{"UserName":"SomeUser3","Key":"c9ae4f092cc930e6"}
In case there is a domain in the user name, use the double backslash, e.g. DOMAIN\\SomeUser1.
Specifying the connection string
Create the ConnectionString.ini file and add set the desired connection string there, as in the script below.
- example
Integrated Security=SSPI;Pooling=false;Data Source=(localdb)\v11.0;Initial Catalog=webServiceDb;
The path to the file should also be set in the Web.config file. Specify the value of the ConnectionStringFilePath parameter, as follows:
- xml
<!-- Place here the path to the file that contains connection string value.-->
<add key="ConnectionStringFilePath" value="Place path here" />
Making the target application use the service
The next step is to make the target application use the service. A new XAF application is created here for demonstration purposes.
To use the connection string received from the web service, one of the following options can be chosen (both variants are described in details later in the text):
- Via Xafari AppModule by means of the UseEncryptedConnectionString checkbox.
- By customizing the CreateCustomObjectSpaceProvider event in the app.
Moreover, the XafariEncryptionServiceUrl key should be added to the configuration file where the address of the service is stored, as follows:
- xml
<appSettings>
<add key="XafariEncryptionServiceUrl" value="http://localhost/xafari.encryption.service/"/>
</appSettings>
This key should always be added in case Xafari AppModule is utilized for the setup. Otherwise, customizing through the CreateCustomObjectSpaceProvider event, it is possible to specify the URL directly when initializing the connection.
Then, a link to the Xafari.dll library should be added either to the platform-agnostic module or to AppModule, depending on the chosen scenario (the figure below shows adding to the platform-agnostic in case of using the CreateCustomObjectSpaceProvider event).
Using Xafari AppModule and its UseEncryptedConnectionString ckeckbox
In this case, the setup is done via the application's module. To find the info on how to add and configure the AppModule, refer to this document.
After adding the AppModule, modify its constructor by setting the value of the UseEncryptedConnectionString property to true (see the code sample below):
- c#
- VB
public sealed partial class SomeApplicationAppModuleAppModule : AppModuleBase
{
//...
public SomeApplicationAppModuleAppModule()
{
InitializeComponent();
this.UseEncryptedConnectionString = true;
}
//...
}
Public Partial NotInheritable Class SomeApplicationAppModuleAppModule
Inherits AppModuleBase
'...
Public Sub New()
InitializeComponent()
Me.UseEncryptedConnectionString = True
End Sub
'...
End Class
From now, the connection string is set to be received from the web-service.
To specify any additional parameters of the connection, override the CreateObjectSpaceProviders method:
- c#
- VB
public sealed partial class SomeApplicationAppModuleAppModule : AppModuleBase
{
public SomeApplicationAppModuleAppModule()
{
InitializeComponent();
this.UseEncryptedConnectionString = true;
}
protected override void CreateObjectSpaceProviders(CreateCustomObjectSpaceProviderEventArgs args)
{
//...
base.CreateObjectSpaceProviders(args);
}
}
Public Partial NotInheritable Class SomeApplicationAppModuleAppModule
Inherits AppModuleBase
Public Sub New()
InitializeComponent()
Me.UseEncryptedConnectionString = True
End Sub
Protected Overrides Sub CreateObjectSpaceProviders(ByVal args As CreateCustomObjectSpaceProviderEventArgs)
'...
MyBase.CreateObjectSpaceProviders(args)
End Sub
End Class
Customizing the application via the CreateCustomObjectSpaceProvider event
- c#
- VB
namespace SomeApplication.Module
{
public sealed partial class SomeApplicationModule : ModuleBase
{
//...
public override void Setup(XafApplication application)
{
base.Setup(application);
application.CreateCustomObjectSpaceProvider += ApplicationOnCreateCustomObjectSpaceProvider;
}
private void ApplicationOnCreateCustomObjectSpaceProvider(object sender, CreateCustomObjectSpaceProviderEventArgs e)
{//here ObjectSpaceProvider is initialized and gets м строки подключения из веб-сервиса xafari.encryption.service
}
}
}
Namespace SomeApplication.Module
Public Partial NotInheritable Class SomeApplicationModule
Inherits ModuleBase
'...
Public Overrides Sub Setup(ByVal application As XafApplication)
MyBase.Setup(application)
application.CreateCustomObjectSpaceProvider += ApplicationOnCreateCustomObjectSpaceProvider
End Sub
Private Sub ApplicationOnCreateCustomObjectSpaceProvider(ByVal sender As Object, ByVal e As CreateCustomObjectSpaceProviderEventArgs)
'here ObjectSpaceProvider is initialized and gets м строки подключения из веб-сервиса xafari.encryption.service
End Sub
End Class
End Namespace
To get the connection string from the web service, the XafariEncrypter class provides the GetConnectionString() method:
- c#
- VB
private void ApplicationOnCreateCustomObjectSpaceProvider(object sender, CreateCustomObjectSpaceProviderEventArgs e)
{
//initializing XPObjectSpaceProvider:
//url can be sent directly:
e.ObjectSpaceProvider = new XPObjectSpaceProvider(XafariEncrypter.GetConnectionString("http://localhost/xafari.encryption.service/"));
//or, for example, as follows (initializing SecuredObjectSpaceProvider),
//url is read from the configuration file:
e.ObjectSpaceProvider = new SecuredObjectSpaceProvider((SecurityStrategy)Application.Security, XafariEncrypter.GetConnectionString(System.Configuration.ConfigurationManager.AppSettings["XafariEncryptionServiceUrl"]), e.Connection);
}
Private Sub ApplicationOnCreateCustomObjectSpaceProvider(ByVal sender As Object, ByVal e As CreateCustomObjectSpaceProviderEventArgs)
'initializing XPObjectSpaceProvider:
'url can be sent directly:
e.ObjectSpaceProvider = New XPObjectSpaceProvider(XafariEncrypter.GetConnectionString("http://localhost/xafari.encryption.service/"))
'or, for example, as follows (initializing SecuredObjectSpaceProvider),
'url is read from the configuration file:
e.ObjectSpaceProvider = New SecuredObjectSpaceProvider(CType(Application.Security, SecurityStrategy), XafariEncrypter.GetConnectionString(System.Configuration.ConfigurationManager.AppSettings("XafariEncryptionServiceUrl")), e.Connection)
End Sub