There are a number of different ways to integrate Active Directory with an Iron Speed Designer generated application. In this article, we’ll focus on ‘simple’ authentication based on the user’s Active Directory (Windows) user name. Our solution will easily allow users to be seamlessly signed into the application without having to type their password.

In future articles, we’ll discuss more complicated business requirements involving the use of an LDAP server.

b) Authorization: Controlling the already-authenticated user’s access to a given resource.

Notice the Users table has a UserName and Password field. These fields will be used by Iron Speed Designer’s Role-Based Security Wizard. Our custom code will use only the UserName field.

Fig. 2 - Users database table contents. This table contains a few users’ names and their passwords that we’ll use to sign the user into our application.

In IIS’ Virtual Directory Properties, navigate to the Directory Security tab and click Edit under the Anonymous access and authentication control tab.

Ensure Anonymous Access is disabled and Integrated Windows authentication is enabled. These options enable the application’s custom code to retrieve the user’s Windows account user name.

Ensure the application’s Authentication Mode in the web.config is "Windows":

<authentication mode="Windows" />

..\Security\SignIn.aspx

Fig. 3 - SignIn page. We are now ready for Iron Speed Designer to make the appropriate code customizations.

Iron Speed Designer has a great feature that automatically plumbs the basic code for the major event handlers without us having to memorize the syntax of how to hook up our own event handler. This can be accessed from your application’s Documentation.

Pull down the "Customize" menu (next to Build, etc.) and select "Customize Your Application's Documentation..." which will display a page listing the major events and describing their functionality. (Fig. 4)

Fig. 4 - Application documentation. This explains what the SignIn page’s Load event is for. It also has a feature to have Iron Speed Designer plumb the basic code shell where our customizations will go.

By right-clicking the Page’s Load routine in the tree view on the left hand side, then selecting "Insert MyLoad Method...", Iron Speed Designer automatically adds in a new MyLoad EventHandler for us (Fig. 5). The MyLoad event is fired when the page loads, before it is displayed. Just before the page is displayed, we 'hook' in to the MyLoad EventHandler and write our own code to do the actual work. This way, the code is processed before the user sees the page so we can automatically identify the user and sign them in.

Fig. 5 – Empty MyLoad EventHandler. We just added to the existing code so the EventHandler is fired when the page initializes. It is currently empty.

The following code is verbosely commented for additional clarity.

Contents of MyLoad in C#:

// Set this up because we'll need Iron Speed to set the // appropriate error later if there is a problem. string errorMessage = ""; bool isSignedIn = false;   // First, pull out the network username which includes the // domain or computername (e.g. JIMLAPTOP\Jim). string userName = HttpContext.Current.User.Identity.Name;   // Next, fetch a Users record from the Users database table // where the username matches this user's name. UsersRecord userRec = UsersTable.GetRecord("UserName = '" +     userName + "'");   // If a valid user exists with this network name, we will have // a non-null record. if (userRec != null) {     // found this user on the list. Grab the existing Password     // from the database table's record. This password has no     // relation to the users Active Directory network password.     string password = userRec.Password;       // Tell Iron Speed to SignIn this user using their username     // and password. Iron Speed will 'initialize' all of the     // security settings for this user, fetch and save their     // roles, etc. If there is a problem, Iron Speed Designer     // will put the error message in the errorMessage variable     // for us so we can display it, log it, etc.     isSignedIn = this.SystemUtils.SetLoginInfo(userName, password,       ref errorMessage);       if (isSignedIn)     {         // SignIn worked, go 'back' to the regular start page         // (the one that, because the user wasn't signed in,         // redirected the user to the signin page to begin with)             this.RedirectBack();     }     else     {     this.RedirectToForbiddenPage();     } } else {     // User Not found with this name in the system - redirect     // to the forbidden page.     this.RedirectToForbiddenPage(); }

Contents of MyLoad in Visual Basic .NET:

' Set this up because we'll need Iron Speed to set the ' appropriate error later if there is a problem. Dim errorMessage As String = "" Dim isSignedIn As Boolean = False ' First, pull out the network username which includes the ' domain or computername (e.g. JIMLAPTOP\Jim). Dim userName As String = HttpContext.Current.User.Identity.Name ' Next, fetch a Users record from the Users database table ' where the username matches this user's name. Dim userRec As UsersRecord = UsersTable.GetRecord("UserName = '" + _     userName + "'") ' If a valid user exists with this network name, we will have ' a non-null record. If (userRec IsNot Nothing) Then     ' found this user on the list. Grab the existing Password     ' from the database table's record. This password has no     ' relation to the users Active Directory network password.     Dim password As String = userRec.Password     ' Tell Iron Speed to SignIn this user using their username     ' and password. Iron Speed will 'initialize' all of the     ' security settings for this user, fetch and save their     ' roles, etc. If there is a problem, Iron Speed Designer     ' will put the error message in the errorMessage variable     ' for us so we can display it, log it, etc.     isSignedIn = Me.SystemUtils.SetLoginInfo(userName, password, _       errorMessage)     If (isSignedIn) Then           ' SignIn worked, go 'back' to the regular start page           ' (the one that, because the user wasn't signed in,           ' redirected the user to the signin page to begin with)           Me.RedirectBack()     Else           Me.RedirectToForbiddenPage()     End If Else     ' User Not found with this name in the system - redirect     ' to the forbidden page.     Me.RedirectToForbiddenPage() End If

Build and Run your application.

Because the user is not signed in, Iron Speed Designer automatically redirects the user from the Start Page to the Sign In page. Before the Sign In page appears, our new code grabs the Active Directory user’s name, retrieves their Password from the User record, and tells Iron Speed Designer to sign them in. After a successful sign in process, the user is redirected back to the application’s Start Page. All of this happens so quickly that the user is unaware that a sign in process ever took place.

There are many other scenarios involving Active Directory. For instance, perhaps the security requirements demand the user to be prompted for their Windows user name and password, so as to authenticate both against an Active Directory or Novel eDirectory LDAP server. It is also possible to integrate this feature with Iron Speed Designer, this will be the subject of a future article.

This sample project can be downloaded at http://www.rcsdev.com/files/ADIntegration.zip. This zip file contains C# and Visual Basic .NET versions of the sample application, as well as a database script that creates a Users, Users_Role and Role table and populates them with sample data.

Jim Murphy is the Owner and Chief Application Designer and Developer for River City Software Development LLC. Jim has been programming professionally for over 16 years in fields that include Health Care, Insurance, Banking/Lending, Real Estate, Oil & Gas, Manufacturing, and Government.

Jim was an early adopter of Iron Speed Designer and worked closely with Iron Speed Technical Engineers while the product was maturing. Jim’s major strengths are in Microsoft SQL Server, Microsoft Access, C#, Visual Basic .NET, XML, and Reporting.

Contact the author.