Gallery

Application security

Posted on 17 Jan 2005 at 17:52

Simon Jones uses Windows facilities and Active Directory to implement workable levels of security in applications

Group names retrieved from the memberof property are fully qualified, as in 'CN=CRM Users,OU=Security Groups,DC=msdl,DC=co,DC=uk'. You need to know only the Common Name (CN) for the group so split this into an array, dividing at the commas, take the first element of that array and chop off its first three characters. The result can be added to your collection of names.

For Each strProperty As String In objUserEntry.Properties("memberof")

colUserGroups.Add(strProperty.Split(",")(0).Substring(3))

Next

Now you can run through the list of controls that can be secured and look to see if you have an entry for that control and any of the username/group names in the security table. See Code Listing 1 (page 5) for how to do this. This code uses the FindBy method of the data table to return a row that matches the specific values - if no row matches, the FindBy method returns Nothing. You might get zero, one or more matches for a control against all the user/group names: if there are no matches, security for this user will be set to the default security level for this control. If there is one match, you will obviously use that setting for this user. If there are multiple matches, for instance if a security level has been set for this user both directly and via one of the groups to which they belong, then err on the side of caution and give them the least level of access permitted.

Now your global data table, gdtSecurity, contains the security settings for the current user for all controls and menu items that can be secured. You can now call the same routine whenever you load a form containing a control to be secured: see Code Listing 2 (page 5). This checks the security level you have determined for this control for this user and sets the properties of the control accordingly. Code Listing 3 (page 5) shows you how to use the Directory Searcher object to find all the DirectoryEntry objects for users or groups within an Organisational Unit.

Ffenestri Cymraeg
A couple of years ago, I wrote in this column about the new Welsh spelling checker that had just become available for Office XP, and how you could convince Word to let you type the w and y characters with the circumflex accents that are relatively common in that language. I'm now pleased to be able to report that Microsoft's commitment to minority languages has resulted in three major improvements to computing in Welsh.

The first improvement is that Windows XP SP 2 introduces a new keyboard layout for Welsh. This is identical to the English (UK) layout except that it will produce all seven Welsh vowels with their grave, acute, circumflex or diaeresis accents, and the tilde accents on A, N or O. (The tilde is not used in Welsh but it is in Breton, a close relative of Welsh.)

If you have upgraded to Windows XP SP 2, you can install the Welsh keyboard layout from Control Panel | Regional and Language Options | Languages | Details. Click the Add... button under Installed Services. With the Welsh keyboard selected on the Language Bar, you can type to get or to get . The grave accent is typed as (the key to the left of the digit 1 on the main keyboard). Acute accents are produced by (the apostrophe) and diaeresis (or umlaut) by , while tilde is . These combinations work for both upper- and lower-case letters and in virtually every application.

People writing in some other languages than Welsh might be interested in typing these characters, and it may be easier to change the keyboard layout to Welsh - with its basic English keyboard layout - to get access to these characters, rather than to, say, French, which would remap the main letter keys into an AZERTY layout (Q and W go to A and Z). This will result in completely confusing you and make typing a real chore.