Role-based Security Within VB

Security is a necessity in any program, in any system, for every action. Okay, I suppose I went a bit too far now, but I cannot stress enough how important some sort of security is for your applications.

Put on your reading glasses and let’s see how easy it can be to implement Role-based Security in your Visual Basic applications.

Security

Security is quite a broad term that will take me until infinity to explain, so here are a few links to help you understand Application Security:

Role-based Security

Add the following code behind the btnAdd button’s click event:

   Private Sub btnAdd_Click(ByVal sender As System.Object, _
      ByVal e As System.EventArgs) Handles btnAdd.Click

      Try

         Dim ppUser As PrincipalPermission = _
            New PrincipalPermission(Nothing, "BUILTIN\Users")
         ppUser.Demand(

         Dim intAnswer As Integer = (Integer.Parse(txtInput1.Text) _
            + Integer.Parse(txtInput2.Text))
         lblAnswer.Text = intAnswer.ToString()
      Catch ex As System.Security.SecurityException

         MessageBox.Show("You have been denied access: " _
            + ex.Message)

      End Try
   End Sub

The PrincipalPermission class is used to create a new permission instance. Here, you first specify the Principal and then demand it. If anyone else except the specified principal tries to access the underlying code, they will be denied access. Here is more information about the PrincipalPermission class: https://msdn.microsoft.com/en-us/library/system.security.permissions.principalpermission%28v=vs.110%29.aspx.

Add the following code behind btnSubtract:

   Private Sub btnSubtract_Click(ByVal sender As System.Object, _
      ByVal e As System.EventArgs) Handles btnSubtract.Click

      Dim intAnswer As Integer = (Integer.Parse(txtInput1.Text) _
         - Integer.Parse(txtInput2.Text))
      lblAnswer.Text = intAnswer.ToString

   End Sub

Nothing special here. The preceding code simply subtracts two values.

Add the following code behind the btnDivide button’s click event:

   Private Sub btnDivide_Click(ByVal sender As System.Object, _
      ByVal e As System.EventArgs) Handles btnDivide.Click

      Dim strUser As String = System.Environment.MachineName _
         + "\HTG"

      Try

         Dim ppPermission As PrincipalPermission = _
            New PrincipalPermission(strUser, Nothing)
         ppPermission.Demand()

         Dim DecAnswer As Decimal = (Decimal.Parse(txtInput1.Text) _
            / Decimal.Parse(txtInput2.Text))
         lblAnswer.Text = Decimal.Round(DecAnswer, 2).ToString()

      Catch ex As System.Security.SecurityException

         MessageBox.Show("You have been denied access: " _
            + ex.Message)

      End Try

   End Sub

The btnDivide button’s code works exactly as the btnAdd button’s code except for the Principal being different.

Lastly, add the next code behind btnMultiply:

   Private Sub btnMultiply_Click(ByVal sender As System.Object, _
      ByVal e As System.EventArgs) Handles btnMultiply.Click

      lblAnswer.Text = Multiply(Integer.Parse(txtInput1.Text), _
         Integer.Parse(txtInput2.Text)).ToString

   End Sub

   <PrincipalPermission(SecurityAction.Demand, _
      Role:="BUILTIN\Administrators")> _
   Private Function Multiply(ByVal int1 As Integer, _
      ByVal int2 As Integer) As Integer

      Return int1 * int2

   End Function

This prevents anyone except the Administrators from running this code.

Hannes DuPreez
Ockert J. du Preez is a passionate coder and always willing to learn. He has written hundreds of developer articles over the years detailing his programming quests and adventures. He has written the following books: Visual Studio 2019 In-Depth (BpB Publications) JavaScript for Gurus (BpB Publications) He was the Technical Editor for Professional C++, 5th Edition (Wiley) He was a Microsoft Most Valuable Professional for .NET (2008–2017).

More by Author

Must Read