Knowledgebase: Security and compliance
Can permissions be overwritten ?
Posted by z Jean-jacques Jouanneaux on 25 August 2010 03:44 PM
If Visual Guard applies security settings when the form is loaded, can these control settings be overwritten with other code? For example, if cmdSave is disabled when a form loads for a specific user, can another procedure re-enable this button if it's coded within the form? Or is there a way to ensure that the permissions set in the console application are not circumvented? Our goal is to make sure that ALL application security is controlled through Visual Guard and password protected.
You can run the permission after the change done by the application: you can decide to apply a permission on an event of the application rather than on the initialization of the object.
For example, you can disable (or enable) a control on the event 'EnabledChange' of the control(WinForm application) or on the 'PreRender' event (WebForm)application) or on an event which indicates that the state of the control has to be calculated again.
You are able to test directly in your application if the user has a permission and integrate this test in the logic of your application to determine if the control should be enabled or disabled.
Example: If <MYLogic> = true and VGSecurityManager.Principal.HasPermission("MyPermission") then mybutton.Enabled = true
Visual Guard .NET - Version 2.8.812.19