I think any developer will agree with me that adding security features to an application can be an absolute pain. This is especially true if you don’t have a set template or module that you can slot into your application.
Well with Visual Guard from Novalys, the integration of security features is no longer a slog. Visual Guard makes this process very easy to do indeed. In a two part review, I looked at the functionality of Visual Guard. Below you will find a Visual Guard Summary which highlights areas of interest in my previous two detailed review posts (Part 1 & Part 2) of Visual Guard.
You can use Visual Guard with a plain simple Windows Forms Application, but Visual Guard can be integrated with .NET 2.0 and above, C#, vb.net, asp.net, Winforms, WCF, WPF, Silverlight, MVC3, MVC4, Windows Azure, and basically any technologies supporting HTTP Requests (Java, C++…). I have to admit that while much of the integration processes should be quite straight forward for most developers, the extensive help files and Developer’s Guide do warrant a read though in order to grasp some of the more advanced features of Visual Guard. You can also read my article on how I integrated Visual Guard here.
Visual Guard Summary
My overall experience thus far with Visual Guard has been a very positive one. In a matter of minutes I was able to secure my application with a Login form and have a level of control over the users of my application that normally would take some coding to include, if done as part of the normal development process. In my article, Securing Your Application With Visual Guard – Part 1, we were introduced to some basic features of this fantastic product. The level of granularity in the security settings makes Visual Guard a really easy and secure way to add security features to your application.
In my second post I dive a little deeper and get to grips with some of the more advanced features of Visual Guard. Below is a summary of the topics I covered in my second post, you can refer to the link right above to get more details on how I integrated these features.
Visual Guard Dynamic Permissions
If you need to define permissions at the component level of your application, you can use dynamic permissions. This will dynamically modify the components of your application by modifying the value of certain properties. Visual Guard also negates the need for any security code inside your application. All the security functionality is defined, stored and applied to your application by Visual Guard. This means that your application can already be used in a live or production environment and will not need to be rebuild or redeployed when permissions are added or changed. You can see how I tested the permission functions here.
If you prefer to continue managing your permissions by code, Visual Guard also offers you the possibility of doing this.
With Visual Guard you can easily:
- Change any Visual Studio property
- Show/Hide certain buttons from a user
- Hide a column from a grid
- Filter information depending on the user/role(s)
Visual Guard Document Generation
One of the great Visual Guard features is the document generation functionality. In a small application like in the sample, the documentation is by no means sparse. Where the real value lies is in the fact that succinct, concise and accurate information is generated about the current security configuration of your application. You can see where this becomes valuable when you have many users, roles, permissions and permission sets. Generating this documentation is a breeze. The document generation has been made really easy to accomplish. This ensures that whenever anything changes with regards to permissions, the documentation can easily be regenerated assuring that it will always be correct.
The Event Viewer allows you to view various events that have occurred in the system (Visual Guard or Application) over a defined period of time. This is easily done (again without any extra work on your part) by right clicking on the application in the Visual Guard Windows Console. With Visual Guard you are able to track all sensitive operations done by the users, for example, you can see when the user logged into the application, if he made a financial transaction as well as the amount. Visual Guard is compatible with security standards such as HIPPA and SOX and allows for full auditing and documentation.
Visual Guard Console
Visual Guard allows you to define many systems (utilizing different technologies) from one console. You can manage them all including their securities from one central place. This is the beauty of Visual Guard. Visual Guard also supports complex configurations such as SAAS or multi-tenant (Visual Guard Groups and Active Directory).
Visual Guard also allows for the management of the repository via the Windows or a Web Console. It is therefore possible to split the responsibilities of the management of the repository. You can delegate the basic administration of users and permissions to a single user that can access the repository via the Web Console. You can then also allow the technical department to access the same repository via the Windows Console to allow for the configuration of more technical settings and actions. This allows for a clear separation of responsibilities.
Final Thoughts
Visual Guard is an excellent out-of-the-box choice for developers or organizations looking to secure their investment of source code. The granularity with which Visual Guard secures your application provides developers the best possible flexibility and configuration of permissions and securities without having to invest the time it takes to develop it themselves. If you enjoyed this Visual Guard Summary, be sure to check out the more detailed Part 1 and Part 2 of the series. I recommend downloading a trial version here, and checking out for yourself the features that I’ve reviewed.
Disclosure of Material Connection: I received one or more of the products or services mentioned above for free in the hope that I would mention it on my blog. Regardless, I only recommend products or services I use personally and believe my readers will enjoy. I am disclosing this in accordance with the Federal Trade Commission’s 16 CFR, Part 255: “Guides Concerning the Use of Endorsements and Testimonials in Advertising.”