-
Notifications
You must be signed in to change notification settings - Fork 0
Security Services
Cosmo provide both authentication and authorization mechanisms to control the application access by the users (or other processes).
The security service is a modular service (like all other Cosmo services). It means that Cosmo support multiple security mechanisms like database, OS native, LDAP, oAuth...
To develop a security module you must implement the abstract class Cosmo.Security.Auth.SecurityModule.
At this moment Cosmo provide a security provider based on accounts stored in SQL Server database. The module is implemented in class Cosmo.Security.Auth.Impl.SqlServerSecurityModule.
All security operations of the current security module configured are exposed through Workspace.SecurityService property.
As all Cosmo configurations, the security configuration is defined in cosmo.config.xml file and all security parameters are englobed into security-services section.
<!-- SECURITY SERVICES -->
<security-services default="sqlsrv" login-page="LoginPage">
<authentication-module id="sqlsrv" driver="Cosmo.Security.Auth.Impl.SqlServerSecurityModule">
<param key="security.LoginView" value="UserAuth"/>
<param key="security.Enabled" value="1"/>
<param key="security.bloquedip" value=""/>
<param key="security.verifymail" value="1"/>
<param key="security.encryptionkey" value="abcdefghijklmnopqrst"/>
</authentication-module>
</security-services>
Actually Cosmo only use one module to authenticate and/or authorize. We can define multiple security modules in the configuration, but only the specified in default attribute (on tag security-services) is used.
Authentication is the mechanism that allows known who is the user that access to the application.
Depending to the security module enabled, the authentication mechanism require that the users provide their credentials (usually login and password) to access to the application.
To authenticate a user:
string login = "jdoe";
string password = "mypass";
if (!Workspace.SecurityService.IsAuthenticated)
{
User user = Workspace.SecurityService.Autenticate(login, password);
Console.Write("Welcome again " + user.GetDisplayName() + "!");
}
To access the current authenticated user session there are the Workspace.SecurityService.CurrentUser property. This instance of UserSession provide the user data (User property) and utilities to check authorization for current user. In addition, UserSession class adds the possibility to generate and work with tickets to validate user sessions.
Authorization is the mechanism that software have to allow or deny users to use (or access) certains actions, views or processes in the application.