Security Concerns For AZ Man On Winforms Project

Question

I'm using the enterprise library and AZ Man to authenticate users into my winforms application. I've got the code working fine using the XML file. I don't understand how to securely deploy the application though.

In app.config there is a path to the XML file. There doesn't appear to be anything stopping a user from opening this XML file in azman.msc and giving themselves access they shouldn't have.

If we put the XML file on the server and make it read-only to user, there is nothing stopping the user from copying everything locally and changing the app.config pointer to a local file they can write to.

There seems to be something major I'm missing here, but I've been reading and can't figure it out.

Answer 1

I think what you'd probably want to do is create your authorization store inside of Active Directory instead of an xml file. You can find instructions on how to do that here. Here's the interesting bit:

Working with Authorization Stores

Creating an Authorization Store

1. Open Authorization Manager, right-click Authorization Manager, click Options, select Developer mode, and then click OK.
2. In the Authorization Manager console, right-click Authorization Manager, click New, and then click Authorization Store.
3. Select either Active Directory or XML file as the store type.
4. Type a complete store name in the Store name box, or use the Locations button to select a location by using the New Authorization Store dialog box.
5. If it is an Active Directory authorization store, use the LDAP name -- for example CN=myStore,CN=Program Data,OU=Authorization,DN=myCompany,DN=com. If it is an XML authorization store, use a path and file name that will be valid at run time -- for example C:\AuthStores\MyStore.xml.
6. Type a description of the new authorization store in the Description box, and then click OK.

NOTE: Authorization stores can be created only in Developer mode. See the "Setting the Authorization Manager Options" section of this article for instructions about setting Developer mode.

Once you have the store created in Active Directory you can restrict who has write access to AD and the AzMan store. You can also create a store in SQL if you so desired.

Another option you have is to encrypt your connection strings to AzMan in your app.config. And since you're using Enterprise Library, I think you have the option of encrypting the entire AzMan xml file. None of it is completely bulletproof, but your users would have to go through a lot of trouble to hack your application. But if your users are willing to go through that much effort to break into your program, you don't have a programming issue - you have a personnel issue that needs to be addressed (my opinion, anyway).

This looks like a good walkthrough on encrypting app.config sections. Essentially, I think the idea is you create a new RSA key on your workstation and use that key to encrypt the app.config sections. Then import that key to a server and grant your users read access to that key. I'm sure there are plenty of other solutions for encryption if you Google it (or search here on stackoverflow).