PortSight Secure Access is a component for .NET developers. It can be used with any CLR-compliant language, such as Visual Basic.NET or C#. It is focused on securing ASP.NET applications, WinForms applications, Web content and Web Services.
PortSight Secure Access is available in two editions: Standard Edition and Enterprise Edition. The Enterprise Edition provides all features of the Standard Edition and extends them with import of existing accounts from Windows NT domain, Microsoft Active Directory or ODBC data sources.
Secure Access Overview
PortSight Secure Access provides the following services:
PortSight Secure Access contains database of users that is used for Authentication, which is verifying a user identity. You can store user name, full name, password and other user properties in this database.
You can use following Authentication methods with PortSight Secure Access:
Forms Authentication - it's usually used in the Web environment. User must provide valid user name and password in the log on form to sign in.
Windows authentication - it's usually used for intranet and extranet applications. User must successfully log on into Windows NT domain before accessing your application. You can then map user's Windows identity to the user account in the PortSight Secure Access user catalog.
The following list describes Secure Access user management features:
Storing user information, including job position, contact and shipping address, etc.
Storing unlimited number of user preferences, such as preferred language, colors, layout, etc.
User account validity can be restricted to particular time period - outside this period the account is locked and users cannot log on.
User self-service registration can be used with Forms authentication on your Web sites. Users can register by themselves, which creates their account.
Users can be organized into user groups. These user groups can be nested (e.g. user group "Project Managers" can contain groups "Internal Project Managers" and "External Project Managers".
You can define organizational units according to the organization chart of your company and place users and groups into these units. Organizational units can be stored in a tree hierarchy.
You can delegate administration of user group, organizational unit and role members as well as administration of permissions to privileged users, such as team leaders.
You can import existing user accounts from Windows NT domain, Microsoft Active Directory and ODBC data sources. This feature is available only for PortSight Secure Access Enterprise Edition. Import can be run only once or on a regular basis.
PortSight Secure Access allows you to control access to your applications, controls and Web content. For example, you can allow approving of reports only to managers or you can allow editing of news on your Web site only to news editors. The process of checking user's access rights is called Authorization.
PortSight Secure Access provides the following ways of Authorization:
Role-based authorization that requires users to be members of a particular user role. User role is a special kind of group that can contain users, user groups and organizational units. It's always associated with just one application.
Resource-based authorization that requires users to be granted with particular permission for the resource (such as "read" or "approve"). The resource can be application or application part (such as "Work Reports").
Web Content Authorization - authorization for accessing content of your Web site, such as HTML pages, images, PDF documents, or any other files or folders according to chosen wild cards mask.
Web Content Authorization
If you want to use role- or resource-based authorization, you need to define your application in the PortSight Secure Access database - e. g. "Expense Reports Application". This database item represents your application and you can refer to it using its alias.
After you define your application you can define user roles for your application - e. g. "Report Manager", "Report Reader", etc.
You can define application parts (modules) of your application for higher granularity of permissions.
If you decide to use resource-based authorization, you need to define permission types in the PortSight Secure Access database, such as "Read", "Create", "Approve" and "Delete", for each application or application part. Then you can grant users, user groups, organizational units or roles with permissions. This approach is more flexible than simple role-based authorization, since you can define the security business logic in the database instead of hard-coding it in your application - for example you can specify that "Approver" role members can "approve" and "delete" in the "Expense Reports" application).
You can use PortSight Secure Access application programming interface (API) to check current user's permissions from your code - e. g. "Is user 'JohnS' allowed to 'approve' report in the 'Expense Reports Application'?", or "Is user 'JohnS' in role 'Report Approvers'?". Then you can decide - for instance - if you display the button for approving the report.
You can secure not only the ASPX pages and their parts, but also other content of your Web site. You can combine role-based and resource-based authorization to define rules for accessing the content and check these permissions every time user tries to download a file. For example - you can restrict reading of the folder with sensitive documents only to members of the "Managers" group. This feature works as a filter that checks all requests and controls the access according to your rules.
PortSight Secure Access allows you to log user activities in the auditing log that is stored in the database. You can find out who changed particular records or who accessed your application during the last week. You only need to call one method to add a new record to the auditing log and you have full control of what is being logged.
PortSight Secure Access can be used in two ways:
As a Web-based user interface that allows administrators, developers and privileged users to manage all security features - e.g. create new users, define new applications and grant permissions to users. Delegated users can use this application to manage their groups, organizational units and applications.
As an Application Programming Interface (API) that is used by developers in their applications to query database for information about users and their permissions. It provides the same functionality as the user interface, but it is used from within your application code. The most common commands can be written in one line of code only. You can use this API in your Web applications, Web Services (together with Microsoft Web Services Enhancements) and Windows Forms applications.