Role-based Security Within VB

Security is a necessity in any program, in any system, for every action. Okay, I suppose I went a bit too far now, but I cannot stress enough how important some sort of security is for your applications.

Put on your reading glasses and let's see how easy it can be to implement Role-based Security in your Visual Basic applications.

Security

Security is quite a broad term that will take me until infinity to explain, so here are a few links to help you understand Application Security:

Role-based Security

https://msdn.microsoft.com/en-us/library/shz8h065%28v=vs.110%29.aspx

Let's do a program. Start a new Visual Basic Windows Forms project and design it to resemble Figure 1.


Figure 1: Our design

Add these two Namespaces:

Imports System.Security.Principal
Imports System.Security.Permissions

System.Security Namespace

https://msdn.microsoft.com/en-us/library/system.security%28v=vs.110%29.aspx

Add the following code behind the btnAdd button's click event:

   Private Sub btnAdd_Click(ByVal sender As System.Object, _
      ByVal e As System.EventArgs) Handles btnAdd.Click

      Try

         Dim ppUser As PrincipalPermission = _
            New PrincipalPermission(Nothing, "BUILTIN\Users")
         ppUser.Demand(

         Dim intAnswer As Integer = (Integer.Parse(txtInput1.Text) _
            + Integer.Parse(txtInput2.Text))
         lblAnswer.Text = intAnswer.ToString()
      Catch ex As System.Security.SecurityException

         MessageBox.Show("You have been denied access: " _
            + ex.Message)

      End Try
   End Sub

The PrincipalPermission class is used to create a new permission instance. Here, you first specify the Principal and then demand it. If anyone else except the specified principal tries to access the underlying code, they will be denied access. Here is more information about the PrincipalPermission class: https://msdn.microsoft.com/en-us/library/system.security.permissions.principalpermission%28v=vs.110%29.aspx.

Add the following code behind btnSubtract:

   Private Sub btnSubtract_Click(ByVal sender As System.Object, _
      ByVal e As System.EventArgs) Handles btnSubtract.Click

      Dim intAnswer As Integer = (Integer.Parse(txtInput1.Text) _
         - Integer.Parse(txtInput2.Text))
      lblAnswer.Text = intAnswer.ToString

   End Sub

Nothing special here. The preceding code simply subtracts two values.

Add the following code behind the btnDivide button's click event:

   Private Sub btnDivide_Click(ByVal sender As System.Object, _
      ByVal e As System.EventArgs) Handles btnDivide.Click

      Dim strUser As String = System.Environment.MachineName _
         + "\HTG"

      Try

         Dim ppPermission As PrincipalPermission = _
            New PrincipalPermission(strUser, Nothing)
         ppPermission.Demand()

         Dim DecAnswer As Decimal = (Decimal.Parse(txtInput1.Text) _
            / Decimal.Parse(txtInput2.Text))
         lblAnswer.Text = Decimal.Round(DecAnswer, 2).ToString()

      Catch ex As System.Security.SecurityException

         MessageBox.Show("You have been denied access: " _
            + ex.Message)

      End Try

   End Sub

The btnDivide button's code works exactly as the btnAdd button's code except for the Principal being different.

Lastly, add the next code behind btnMultiply:

   Private Sub btnMultiply_Click(ByVal sender As System.Object, _
      ByVal e As System.EventArgs) Handles btnMultiply.Click

      lblAnswer.Text = Multiply(Integer.Parse(txtInput1.Text), _
         Integer.Parse(txtInput2.Text)).ToString

   End Sub

   <PrincipalPermission(SecurityAction.Demand, _
      Role:="BUILTIN\Administrators")> _
   Private Function Multiply(ByVal int1 As Integer, _
      ByVal int2 As Integer) As Integer

      Return int1 * int2

   End Function

This prevents anyone except the Administrators from running this code.



About the Author

Hannes DuPreez

Hannes du Preez is a Microsoft MVP for Visual Basic for the ninth consecutive year. He loves technology and loves Visual Basic. He loves writing articles and proving that Visual Basic is more powerful than what most believe. His ultimate dream is to write a Visual Basic book, hopefully one day that dream will come true. You are most welcome to reach him at: ojdupreez1978@gmail.com

Related Articles

Comments

  • There are no comments yet. Be the first to comment!

Leave a Comment
  • Your email address will not be published. All fields are required.

Top White Papers and Webcasts

Most Popular Programming Stories

More for Developers

RSS Feeds

Thanks for your registration, follow us on our social networks to keep up-to-date