dcsimg

Role-based Security Within VB

WEBINAR:
On-Demand

Desktop-as-a-Service Designed for Any Cloud ? Nutanix Frame


Security is a necessity in any program, in any system, for every action. Okay, I suppose I went a bit too far now, but I cannot stress enough how important some sort of security is for your applications.

Put on your reading glasses and let's see how easy it can be to implement Role-based Security in your Visual Basic applications.

Security

Security is quite a broad term that will take me until infinity to explain, so here are a few links to help you understand Application Security:

Role-based Security

https://msdn.microsoft.com/en-us/library/shz8h065%28v=vs.110%29.aspx

Let's do a program. Start a new Visual Basic Windows Forms project and design it to resemble Figure 1.


Figure 1: Our design

Add these two Namespaces:

Imports System.Security.Principal
Imports System.Security.Permissions

System.Security Namespace

https://msdn.microsoft.com/en-us/library/system.security%28v=vs.110%29.aspx

Add the following code behind the btnAdd button's click event:

   Private Sub btnAdd_Click(ByVal sender As System.Object, _
      ByVal e As System.EventArgs) Handles btnAdd.Click

      Try

         Dim ppUser As PrincipalPermission = _
            New PrincipalPermission(Nothing, "BUILTIN\Users")
         ppUser.Demand(

         Dim intAnswer As Integer = (Integer.Parse(txtInput1.Text) _
            + Integer.Parse(txtInput2.Text))
         lblAnswer.Text = intAnswer.ToString()
      Catch ex As System.Security.SecurityException

         MessageBox.Show("You have been denied access: " _
            + ex.Message)

      End Try
   End Sub

The PrincipalPermission class is used to create a new permission instance. Here, you first specify the Principal and then demand it. If anyone else except the specified principal tries to access the underlying code, they will be denied access. Here is more information about the PrincipalPermission class: https://msdn.microsoft.com/en-us/library/system.security.permissions.principalpermission%28v=vs.110%29.aspx.

Add the following code behind btnSubtract:

   Private Sub btnSubtract_Click(ByVal sender As System.Object, _
      ByVal e As System.EventArgs) Handles btnSubtract.Click

      Dim intAnswer As Integer = (Integer.Parse(txtInput1.Text) _
         - Integer.Parse(txtInput2.Text))
      lblAnswer.Text = intAnswer.ToString

   End Sub

Nothing special here. The preceding code simply subtracts two values.

Add the following code behind the btnDivide button's click event:

   Private Sub btnDivide_Click(ByVal sender As System.Object, _
      ByVal e As System.EventArgs) Handles btnDivide.Click

      Dim strUser As String = System.Environment.MachineName _
         + "\HTG"

      Try

         Dim ppPermission As PrincipalPermission = _
            New PrincipalPermission(strUser, Nothing)
         ppPermission.Demand()

         Dim DecAnswer As Decimal = (Decimal.Parse(txtInput1.Text) _
            / Decimal.Parse(txtInput2.Text))
         lblAnswer.Text = Decimal.Round(DecAnswer, 2).ToString()

      Catch ex As System.Security.SecurityException

         MessageBox.Show("You have been denied access: " _
            + ex.Message)

      End Try

   End Sub

The btnDivide button's code works exactly as the btnAdd button's code except for the Principal being different.

Lastly, add the next code behind btnMultiply:

   Private Sub btnMultiply_Click(ByVal sender As System.Object, _
      ByVal e As System.EventArgs) Handles btnMultiply.Click

      lblAnswer.Text = Multiply(Integer.Parse(txtInput1.Text), _
         Integer.Parse(txtInput2.Text)).ToString

   End Sub

   <PrincipalPermission(SecurityAction.Demand, _
      Role:="BUILTIN\Administrators")> _
   Private Function Multiply(ByVal int1 As Integer, _
      ByVal int2 As Integer) As Integer

      Return int1 * int2

   End Function

This prevents anyone except the Administrators from running this code.



About the Author

Hannes DuPreez

Hannes du Preez is a self-taught developer who started learning to program in the days of QBasic. He has written several articles over the years detailing his programming quests and adventures. .NET is his second love, just after his wife and kid. He has always been an avid supporter of .NET since the beginning and is an expert in VB and C#. He was given the Microsoft Most Valuable Professional Award for .NET (2008–2017). He has worked as a moderator and an article reviewer on online forums and currently works as a C# developer and writes articles for CodeGuru.com, Developer.com, DevX.com, and the Database journal.
His first book Visual Studio 2019 In Depth is currently on sale on Amazon and Bpb Publications.

You could reach him at: ojdupreez1978[at]gmail[dot]com

Related Articles

Most Popular Programming Stories

More for Developers

RSS Feeds

Thanks for your registration, follow us on our social networks to keep up-to-date