Developer Resources:

Customer Quotes:

WebORB for .NET Security

Securing services for rich client applications is a critical task. Failure to protect production systems may result in malicious attacks, service outages, system downtime and loss of revenue. Therefore, it is extremely important to restrict unwanted access to services exposed via WebORB. WebORB Security provides a powerful and flexible framework for securing access to the exposed services. This framework consists of the following modules:

.NET Authentication

Authentication is the process of determining a user's identity and typically involves using a password, certificate, personal identification number (PIN), or other information to validate the identity over a computer network. WebORB provides an extensible framework for handling user authentication and delegates to a pluggable authentication handler to determine if the user's identity is authenticated. The authentication handler API ties WebORB security model with the one in .NET.  Learn More About Authentication>

WebORB also contains special logic for handling the scenario when a user logs in using Forms Authentication and proceeds to a rich client. In this case, WebORB ensures that the rich client will use the same user identity established during Forms Authentication. Learn More About Forms Authentication>

.NET Authorization

Authorization is the process of evaluating applicable access control information to determine whether a user is allowed to have the specified types of access to a particular resource. Typically, authorization is performed in the context of authentication. Once a user is authenticated, he/she may be authorized to perform different types of actions.

WebORB separates the process of authentication from authorization using a two-tier authorization mechanism. An application can be configured with a default authorization handler which is used every time a resource (service object, web service) is accessed. Each WebORB-enabled service can be assigned its own authorization handler. If an authorization handler is assigned to a resource, it overrides the default authorization handler. Learn More About Authorization>

Role-Based Security

Roles-based security allows restricting access to methods based on the roles of the currently logged in user. For instance, a user in the 'administrator' role could have access to a method while a user in the role 'guest' may not. When a user logs in through a rich client application, WebORB can enforce access to the server-side methods based on the roles of that user.  Learn More About Access Constraints>

.NET Code Access Security

WebORB security system can leverage the native .NET code-access security. Application developers can restrict access to methods using .NET declarative code-access security. For instance, the following C# method can be invoked only by authenticated users in the Administrator role:

[PrincipalPermission(SecurityAction.Demand, Authenticated=true, Role = "Administrators")]
public DataTable GetCustomers()

Learn More About Code Access Security>

Graphical Security Configurator

Establishing access rights and privileges is really easy using WebORB's Security Module, which supports a graphical way to configure and manage security policies for any service.  Authentication, authorization, user roles, native .NET code level security and custom security policies can all be configured right from within WebORB's graphical security configuration interface.  Learn More About Graphical Security Configuration>