Moravia IT, a.s
Hilleho 4, Brno, 602 00
Phone: + 420 545 552 552
Pricing & Licensing
Free Trial Edition
Server License: USD 249
About the Author
Anand Narayanaswamy, a Microsoft Most Valuable Professional (MVP) in Visual C# is an independent writer, web developer and technical consultant based in Trivandrum, India. Anand runs learnXpress.com and specializes in ASP, ASP.NET, C#, Visual Basic .NET and Visual Basic 6.0 and in the development of courseware, technical articles, documentation, and reviews of products and books. He is available for writing documentations, help files, product reviews and for other development related projects. Reach him at firstname.lastname@example.org
|Security is one of the most important factors which every developer should consider before developing and deploying a web application. Users have to be properly authenticated and authorized to access any critical contents on a website. That means you have to secure your application in such a way that will enable you to upgrade and easily maintain your website later on. It should be also in a user friendly manner so that your users will appreciate and will return back to the site. The whole process can be done by employing a proper registration system wherein users have to feed in their Username and Password that they have created earlier. These credentials are preferably stored in a database on the server. ASP.NET offered many improvements for enabling security over Classic ASP. You can now store all vital information in an encrypted manner on a database or in a special file called Web.Config.
This review focuses on an interesting product called Secure Access. The product was developed by PortSight, an international company specializing in the development of reusable components with the .NET Framework. The product enables you to secure and personalize your ASP.NET applications and web sites on a fly. With secure Access you can easily check user names and passwords and track user activities. You can control access rights to each and every page very easily and in quick time. It can be also integrated with databases and windows active directory. The product provides a comprehensive user management features with which you can store any type of information. The product supports both Forms and Windows authentication.
One of the interesting features of this product is that it supports three different ways of authorization. They include Role-based and Resource-based. The final one is little different and it authorizes the content according to chosen wild card masks. You can find more details about these features from the online help which comes with the product. The product allows you to log user activities in the auditing log. This log is stored on a database and it provides information like who changed a particular record or who accessed your application during the previous week and so on.
The product ships with a utility called Catalog Manager. With the help of this tool, you can create and manage SQL Server user databases. You can access this utility from the start menu. Actually, you have to follow few steps which the wizard guides you. The catalog manager also creates lot of additional files other than a database. At the end of the process, the manager automatically creates a web based management system. You can then change your settings after logging into the system. The catalog manager stores the passwords in an encrypted XML file thus providing some kind of security to your applications. The whole procedure took less than 5 minutes and it completed without any hassles.
You can also develop ASP.NET applications with the help of the product’s Application Programming Interface (API). Even though it provides the similar kind of functionality as that of catalog manager, you have to provide some code to make the component work. I feel that the catalog manager largely simplifies the coding and hence it should be tried first before using its API methods. Another interesting fact is that the API commands can be used in Web application, Web Services and in Win Forms applications. No other security product can give this much functionality as Secure Access does. It is really a 3 in 1 package.
The trial edition of the product comes in a single installation file with around 10 MB in size. I downloaded the product within 10-15 minutes without any troubles using a broadband connection. The disappointing factor of the product is that the current version doesn’t support other databases like Microsoft Access, Oracle etc. The product comes with an excellent set of documentation in HTML help format. It ships with Quick Reference sheets for C# and Visual Basic .NET in addition to a comprehensive user guide. The guide covers each and every aspect regarding the product in the form of detailed tutorial and it includes a useful developer’s guide with step-by-step explanation with relevant screenshots and source codes.
The source codes are followed by a note titled “What you did”. With these short notes, you can understand the real meaning of the code and most importantly its purpose. You just have to rightly copy and paste the codes in to your application in order to make it to work. Even though the content of the documentation is perfect, the look and feel of the same is not good at all. Firstly, it should be converted into standard Microsoft format. Secondly, the vendor should remove horizontal scrolling. This is because in some sections I have had to scroll a long way horizontally to view the contents even with a 17’ inch monitor. I wonder what will be the situation for a user with 14 and 15 inch monitors. Secure Access also comes with a detailed documentation of classes along with demo projects in C# and Visual Basic .NET. Some of these documents can be downloaded for free from the vendor’s website. The vendor provides excellent technical support through e-mail and they clarified all of my doubts on the same day itself.
Finally, if you are planning to implement security features for your website, look no further and check out Secure Access. It gives you the power to lock anonymous users.