advanced authentication in dotnetnukeblogs.harvard.edu/brandonhaynes/files/2009/06/... ·...
TRANSCRIPT
![Page 1: Advanced Authentication in DotNetNukeblogs.harvard.edu/brandonhaynes/files/2009/06/... · (Shameless Plug: If you’re interested in this stuff, be sure to attend Open Force 2009,](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92e3b6714ca7f47694b9d/html5/thumbnails/1.jpg)
Advanced Authorization in DotNetNuke
Brandon Haynes
1
![Page 2: Advanced Authentication in DotNetNukeblogs.harvard.edu/brandonhaynes/files/2009/06/... · (Shameless Plug: If you’re interested in this stuff, be sure to attend Open Force 2009,](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92e3b6714ca7f47694b9d/html5/thumbnails/2.jpg)
Hi, I’m Brandon.
2
![Page 3: Advanced Authentication in DotNetNukeblogs.harvard.edu/brandonhaynes/files/2009/06/... · (Shameless Plug: If you’re interested in this stuff, be sure to attend Open Force 2009,](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92e3b6714ca7f47694b9d/html5/thumbnails/3.jpg)
Research Interests
3
![Page 4: Advanced Authentication in DotNetNukeblogs.harvard.edu/brandonhaynes/files/2009/06/... · (Shameless Plug: If you’re interested in this stuff, be sure to attend Open Force 2009,](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92e3b6714ca7f47694b9d/html5/thumbnails/4.jpg)
Professional Interests
4
![Page 5: Advanced Authentication in DotNetNukeblogs.harvard.edu/brandonhaynes/files/2009/06/... · (Shameless Plug: If you’re interested in this stuff, be sure to attend Open Force 2009,](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92e3b6714ca7f47694b9d/html5/thumbnails/5.jpg)
DotNetNuke Activities
• Core Team Member (Security)
• Framework and Module Security Guidance
• Current Research
– Multi-Factor Authentication
– Model Adaptation
– Cloud Integration
5
![Page 6: Advanced Authentication in DotNetNukeblogs.harvard.edu/brandonhaynes/files/2009/06/... · (Shameless Plug: If you’re interested in this stuff, be sure to attend Open Force 2009,](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92e3b6714ca7f47694b9d/html5/thumbnails/6.jpg)
Our agenda.
1. What is this all about?
2. How does this relate to DotNetNuke?
3. Show me something concrete, already.
6
![Page 7: Advanced Authentication in DotNetNukeblogs.harvard.edu/brandonhaynes/files/2009/06/... · (Shameless Plug: If you’re interested in this stuff, be sure to attend Open Force 2009,](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92e3b6714ca7f47694b9d/html5/thumbnails/7.jpg)
You promised me authorization. Doesn’t that mean passwords and
fingerprints and stuff?
Act 1
7
![Page 8: Advanced Authentication in DotNetNukeblogs.harvard.edu/brandonhaynes/files/2009/06/... · (Shameless Plug: If you’re interested in this stuff, be sure to attend Open Force 2009,](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92e3b6714ca7f47694b9d/html5/thumbnails/8.jpg)
8
PrincipalSomething that can be authenticated.You. A machine. A service.
IdentifierUnique value used to reference a principal.
![Page 9: Advanced Authentication in DotNetNukeblogs.harvard.edu/brandonhaynes/files/2009/06/... · (Shameless Plug: If you’re interested in this stuff, be sure to attend Open Force 2009,](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92e3b6714ca7f47694b9d/html5/thumbnails/9.jpg)
Thus, Authentication(Matching principals to factors)
9
Knowledge PossessionInherence
![Page 10: Advanced Authentication in DotNetNukeblogs.harvard.edu/brandonhaynes/files/2009/06/... · (Shameless Plug: If you’re interested in this stuff, be sure to attend Open Force 2009,](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92e3b6714ca7f47694b9d/html5/thumbnails/10.jpg)
We’re here to talk about what happens after authentication:
Authorization.
(Shameless Plug: If you’re interested in this stuff, be sure to attend Open Force 2009, where I will be talking about module security in much greater detail!) 10
![Page 11: Advanced Authentication in DotNetNukeblogs.harvard.edu/brandonhaynes/files/2009/06/... · (Shameless Plug: If you’re interested in this stuff, be sure to attend Open Force 2009,](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92e3b6714ca7f47694b9d/html5/thumbnails/11.jpg)
Authorization
• I know who you are.
• But what can you do?
– Or access?
• Involves two things:
– Policy definition (who can do what)
– Policy enforcement (no, you can’t do that)
11
![Page 12: Advanced Authentication in DotNetNukeblogs.harvard.edu/brandonhaynes/files/2009/06/... · (Shameless Plug: If you’re interested in this stuff, be sure to attend Open Force 2009,](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92e3b6714ca7f47694b9d/html5/thumbnails/12.jpg)
Act 2What does this have to do with
DotNetNuke, anyway?
12
![Page 13: Advanced Authentication in DotNetNukeblogs.harvard.edu/brandonhaynes/files/2009/06/... · (Shameless Plug: If you’re interested in this stuff, be sure to attend Open Force 2009,](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92e3b6714ca7f47694b9d/html5/thumbnails/13.jpg)
Pre-5.1 Authorization: Architecture
13
![Page 14: Advanced Authentication in DotNetNukeblogs.harvard.edu/brandonhaynes/files/2009/06/... · (Shameless Plug: If you’re interested in this stuff, be sure to attend Open Force 2009,](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92e3b6714ca7f47694b9d/html5/thumbnails/14.jpg)
Pre-5.1 Authorization: Classes
Boring CRUD
Operations
Sexy,Interesting
Method
14
![Page 15: Advanced Authentication in DotNetNukeblogs.harvard.edu/brandonhaynes/files/2009/06/... · (Shameless Plug: If you’re interested in this stuff, be sure to attend Open Force 2009,](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92e3b6714ca7f47694b9d/html5/thumbnails/15.jpg)
Pre-5.1 Authorization: Methods
Public Shared Function HasModulePermission _
(ByVal permissions As ModulePermissionCollection, _
ByVal key As String) As Boolean
Return PortalSecurity.IsInRoles(permissions.ToString(key))
End Function
15
![Page 16: Advanced Authentication in DotNetNukeblogs.harvard.edu/brandonhaynes/files/2009/06/... · (Shameless Plug: If you’re interested in this stuff, be sure to attend Open Force 2009,](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92e3b6714ca7f47694b9d/html5/thumbnails/16.jpg)
Okay, so what’s new?
16
![Page 17: Advanced Authentication in DotNetNukeblogs.harvard.edu/brandonhaynes/files/2009/06/... · (Shameless Plug: If you’re interested in this stuff, be sure to attend Open Force 2009,](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92e3b6714ca7f47694b9d/html5/thumbnails/17.jpg)
5.1 CE Authorization Provider
17
![Page 18: Advanced Authentication in DotNetNukeblogs.harvard.edu/brandonhaynes/files/2009/06/... · (Shameless Plug: If you’re interested in this stuff, be sure to attend Open Force 2009,](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92e3b6714ca7f47694b9d/html5/thumbnails/18.jpg)
5.1 CE CorePermissionProviderCategory Overridable Methods
Module Permissions
CanAdminModule CanImportModule
CanDeleteModule CanManageModule
CanEditModuleContent CanViewModule
CanExportModule HasModulePermission
GetModulePermissions
DeleteModulePermissionsByUser
Page Permissions
CanAddContentToPage CanExportPage
CanAddPage CanImportPage
CanAdminPage CanManagePage
CanCopyPage CanNavigateToPage
CanDeletePage CanViewPage
DeleteTabPermissionsByUser
Folder Permissions
CanAdminFolder CanDeleteFolder
CanAddFolder CanManageFolder
CanCopyFolder CanViewFolder
HasFolderPermission SaveFolderPermissions
DeleteFolderPermissionsByUser
GetFolderPermissionsCollectionByFolder
18
Attack of the giant
table!
![Page 19: Advanced Authentication in DotNetNukeblogs.harvard.edu/brandonhaynes/files/2009/06/... · (Shameless Plug: If you’re interested in this stuff, be sure to attend Open Force 2009,](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92e3b6714ca7f47694b9d/html5/thumbnails/19.jpg)
5.1 CE CorePermissionProviderCategory Overridable Methods
Module Permissions
CanViewModule
CanDeleteModule
CanAdminModule…
Page Permissions
CanViewPage
CanAddPage
CanDeletePage…
Folder Permissions
CanViewFolder
CanAddFolder
CanDeleteFolder… 19
![Page 20: Advanced Authentication in DotNetNukeblogs.harvard.edu/brandonhaynes/files/2009/06/... · (Shameless Plug: If you’re interested in this stuff, be sure to attend Open Force 2009,](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92e3b6714ca7f47694b9d/html5/thumbnails/20.jpg)
If TabPermissionController.CanAddPage Then
Dim controller As New TabController
Controller.AddTab(…)
End If
5.1 Authorization: The Big Picture
20
1
2
3
4
![Page 21: Advanced Authentication in DotNetNukeblogs.harvard.edu/brandonhaynes/files/2009/06/... · (Shameless Plug: If you’re interested in this stuff, be sure to attend Open Force 2009,](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92e3b6714ca7f47694b9d/html5/thumbnails/21.jpg)
Act 3Show me how to use it.
21
![Page 22: Advanced Authentication in DotNetNukeblogs.harvard.edu/brandonhaynes/files/2009/06/... · (Shameless Plug: If you’re interested in this stuff, be sure to attend Open Force 2009,](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92e3b6714ca7f47694b9d/html5/thumbnails/22.jpg)
Hello World Demo
– MagicUsernamePermissionProvider
– Gives Brandon page admin rights across all portals
– About the simplest PermissionProvider possible
22
![Page 23: Advanced Authentication in DotNetNukeblogs.harvard.edu/brandonhaynes/files/2009/06/... · (Shameless Plug: If you’re interested in this stuff, be sure to attend Open Force 2009,](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92e3b6714ca7f47694b9d/html5/thumbnails/23.jpg)
Hello World: Configuration
23
![Page 24: Advanced Authentication in DotNetNukeblogs.harvard.edu/brandonhaynes/files/2009/06/... · (Shameless Plug: If you’re interested in this stuff, be sure to attend Open Force 2009,](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92e3b6714ca7f47694b9d/html5/thumbnails/24.jpg)
MagicUsernamePermissionProvider Implementation
24
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
![Page 25: Advanced Authentication in DotNetNukeblogs.harvard.edu/brandonhaynes/files/2009/06/... · (Shameless Plug: If you’re interested in this stuff, be sure to attend Open Force 2009,](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92e3b6714ca7f47694b9d/html5/thumbnails/25.jpg)
Now for some fun.
25
![Page 26: Advanced Authentication in DotNetNukeblogs.harvard.edu/brandonhaynes/files/2009/06/... · (Shameless Plug: If you’re interested in this stuff, be sure to attend Open Force 2009,](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92e3b6714ca7f47694b9d/html5/thumbnails/26.jpg)
“
Amazon Simple Storage Service (S3)
Amazon S3 is storage for the Internet. It isdesigned to make web-scale computing easierfor developers.
”26
![Page 27: Advanced Authentication in DotNetNukeblogs.harvard.edu/brandonhaynes/files/2009/06/... · (Shameless Plug: If you’re interested in this stuff, be sure to attend Open Force 2009,](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92e3b6714ca7f47694b9d/html5/thumbnails/27.jpg)
Amazon S3 is intentionally built with a minimal feature set.
Amazon Simple Storage Service (S3)
• Accounts
• Buckets
• Abstract objects
• Simple Permissions
• Very simple web service API– Access via shared secret
“ ”
27
![Page 28: Advanced Authentication in DotNetNukeblogs.harvard.edu/brandonhaynes/files/2009/06/... · (Shameless Plug: If you’re interested in this stuff, be sure to attend Open Force 2009,](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92e3b6714ca7f47694b9d/html5/thumbnails/28.jpg)
DotNetNuke S3 Integration
• Data Provider
• Authorization Provider
28
![Page 29: Advanced Authentication in DotNetNukeblogs.harvard.edu/brandonhaynes/files/2009/06/... · (Shameless Plug: If you’re interested in this stuff, be sure to attend Open Force 2009,](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92e3b6714ca7f47694b9d/html5/thumbnails/29.jpg)
S3 Provider Architecture: Data
SQL Server
…29
![Page 30: Advanced Authentication in DotNetNukeblogs.harvard.edu/brandonhaynes/files/2009/06/... · (Shameless Plug: If you’re interested in this stuff, be sure to attend Open Force 2009,](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92e3b6714ca7f47694b9d/html5/thumbnails/30.jpg)
S3 Provider Implementation: Data
* Code simplified for reading30
![Page 31: Advanced Authentication in DotNetNukeblogs.harvard.edu/brandonhaynes/files/2009/06/... · (Shameless Plug: If you’re interested in this stuff, be sure to attend Open Force 2009,](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92e3b6714ca7f47694b9d/html5/thumbnails/31.jpg)
S3 Architecture: Authorization
31
![Page 32: Advanced Authentication in DotNetNukeblogs.harvard.edu/brandonhaynes/files/2009/06/... · (Shameless Plug: If you’re interested in this stuff, be sure to attend Open Force 2009,](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92e3b6714ca7f47694b9d/html5/thumbnails/32.jpg)
S3 Implementation: Authorization
32
1
2
3
4
5
6
7
8
9
10
11
12
13
14
![Page 33: Advanced Authentication in DotNetNukeblogs.harvard.edu/brandonhaynes/files/2009/06/... · (Shameless Plug: If you’re interested in this stuff, be sure to attend Open Force 2009,](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92e3b6714ca7f47694b9d/html5/thumbnails/33.jpg)
DotNetNuke and S3: Discussion
• File-based permissions
• CRUD
• Shared secrets
• Performance
• Available at brandonhaynes.org.
33
![Page 34: Advanced Authentication in DotNetNukeblogs.harvard.edu/brandonhaynes/files/2009/06/... · (Shameless Plug: If you’re interested in this stuff, be sure to attend Open Force 2009,](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92e3b6714ca7f47694b9d/html5/thumbnails/34.jpg)
Points to Remember
• Authorization is a first-class extension point as of version 5.1.
• It is extended via the provider pattern, just like any other DotNetNuke provider would be
• The provider deals with page-, module-, and folder-related authorizations.
• Custom authorization allows for framework extension to interesting and novel scenarios.
34
![Page 35: Advanced Authentication in DotNetNukeblogs.harvard.edu/brandonhaynes/files/2009/06/... · (Shameless Plug: If you’re interested in this stuff, be sure to attend Open Force 2009,](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92e3b6714ca7f47694b9d/html5/thumbnails/35.jpg)
Thanks to:Will Strohl, Darrell Hardy, Ryan
Morgan, Stan Schultes and all the DoDNN Organizers.
All of the DotNetNuke Core Team, Corporation, and Community.
And all the volunteers, sponsors, and participants that made this event
possible. 35
![Page 36: Advanced Authentication in DotNetNukeblogs.harvard.edu/brandonhaynes/files/2009/06/... · (Shameless Plug: If you’re interested in this stuff, be sure to attend Open Force 2009,](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92e3b6714ca7f47694b9d/html5/thumbnails/36.jpg)
Insert questions here.
36
More questions? Contact me via brandonhaynes.org.