PRODUCTS

Features

General

PortSight Secure Access doesn’t replace the .NET Framework or Windows security, but it extends it and makes its management and integration to your applications much easier. It supports WebForms, WinForms and Web Services.

User Management

PortSight Secure Access is delivered with a comfortable web-based user management interface. It allows you to manage user accounts, passwords and organize users into (nested) groups and organizational units. Beside the predefined fields, you can define any number of custom properties for each object (user, group, unit).

Object Ownership Management

This flexible feature allows tenants to delegate management of users, user groups, organizational units and applications to their customers.

Each owner defined in Secure Access can have its own set of accounts (users, user groups, organizational units and applications) independent on other owners. Operators can then be delegated to manage these objects without necessity to have full Secure Access administrative privileges and without visibility private objects (accounts) to other owners.

Authentication

You can authenticate users (check user name and password) in ASP.NET, WinForms and Web Services. You can use either forms authentication or leverage integrated Windows authentication that automatically recognizes the current domain user.

Access Control

You can control access to the whole application, to particular modules, features or files (in ASP.NET) in one line of code.

Role-Based Security

Roles represent typical users – e.g. Administrator, Editor, Manager. You can define any number of roles for your application and assign users to these roles. Then you can simply check in your code if current user is allowed to use your application:

[VB.NET] 
If ARHelper.IsInRole("JohnD", _
"WorkReports.Manager") Then ...
[C#] 
If (ARHelper.IsInRole("JohnD",
"WorkReports.Manager")) { ...

Permissions

Permission-based security offers a more flexible solution for controlling access. You can define any number of permission types, such as Read, Modify, Delete or Approve. Then you can grant default permissions to roles. When business logic changes later, you can easily modify the permission matrix without recompiling the application. In your code you only write:

[VB.NET] 
If ARHelper.IsAuthorized("JohnD", _
"WorkReports.ReportViewer", "Read") Then ...
[C#] 
If (ARHelper.IsAuthorized("JohnD",
"WorkReports.ReportViewer", "Read")) {...

Secure any Web Content

You can control access to any Web content (*.doc, *.jpg, etc), not only to ASPX files. The secured area can be specified using wild cards (e.g. /documents/secret/*).

Auditing Trail

An important feature of the application security is auditing of user activities. It can help you detect attacks and attempts at unauthorized access to secret data and also keep track of data modifications. Last but not least, some laws, including the HIPAA rules, require the auditing trail. Again, one line of code is enough:

[VB.NET] 
ARHelper.Log("JohnD", "User changed amount to USD 5.90", _
"WorkReports.TravelExpenses")
[C#] 
ARHelper.Log("JohnD", "User changed amount to USD 5.90",
"WorkReports.TravelExpenses");

Delegation

You can delegate administration of membership in groups, roles and organizational units as well as management of the permission matrix to privileged users. It helps you avoid administrator bottleneck and keep access rights up-to-date.

Import from Active Directory, Windows Domains and ODBC

You can easily set up regular import from Active Directory, Windows domains and existing ODBC databases. The Import Wizard helps you map source and target fields and choose objects to be imported. Integrating with existing systems ensures that you always work with latest data and makes user management much easier.

Support for ASP.NET (WebForms)

PortSight Secure Access comes with several ASP.NET user controls, such as:

  • Logon Form
  • Send Forgotten Password
  • Change Password
  • List of Users
  • Control for selection of single or multiple users
  • Control for management of delegated groups, units, roles and permissions
  • ... and others.

Support for WinForms

In WinForms applications, you can either directly access the Secure Access API or (preferably) you can consume Secure Access Web service that provides the most important features (checking user name and password, checking roles and permissions, auditing).

You also get “Logon Form” and “Change Password” user controls for WinForms applications.

Support for Web Services

Secure Access uses Microsoft Web Services Enhancements to implement WS-Security, the industry standard for securing SOAP messages. You can use Secure Access together with symmetric or assymetric (X.509 certificates) encryption and check user name, password and access rights of the user accessing your Web Service.

Secure Access Web Service

Secure Access can also be accessed through a Web Service interface that provides the most important features (checking user name and password, checking roles and permissions, auditing). Using this Web Service, you can use Secure Access features on virtually any platform or device with Web Services support.

Feature Comparison

PortSight Secure Access is currently available in three editions:

  • Community Edition (COMPLETELY FREE)
  • Standard Edition
  • Enterprise Edition

The Community Edition is intended to be used for smaller projects. There's no license fee and you can use it also for your commercial projects. If you decide to upgrade to one of the paid editions, you can just enter the new license key.

The only difference between the Standard and the Enterprise edition is that the Enterprise Edition supports import from external data sources, such as Microsoft Active Directory, Microsoft Windows NT domains and ODBC databases.

Feature

Community

Standard Enterprise
Unlimited Number of User Accounts

NO (100)

YES

YES

Management of User Profiles and Passwords

YES

YES

YES

Management of User Groups

YES

YES

YES

Management of Organizational Units

NO

YES

YES

Management of Applications

YES

YES

YES

Management of Application Parts (Modules)

NO

YES

YES

Nested Application Parts

NO

YES

YES

Object Ownership Management

YES

YES

YES

Application Configuration Wizard for ASP.NET

YES

YES

YES

ASP.NET - Web Forms Authentication

YES

YES

YES

ASP.NET - Windows Authentication

YES

YES

YES

ASP.NET - Role-Based Authorization

YES

YES

YES

ASP.NET - Permission-Based Authorization

NO

YES

YES

ASP.NET - Auditing

YES

YES

YES

ASP.NET - Management of Preferences

YES

YES

YES

ASP.NET - Web Farms support

YES

YES

YES

ASP.NET - User Controls

YES

YES

YES

ASP.NET - Delegation of Administration

YES

YES

YES

ASP.NET - Controlling Access to Web Content

YES

YES

YES

ASP.NET - Locking Accounts after N unsuccessful attempts YES YES YES
.NET WinForms Applications - Forms Authentication

YES

YES

YES

.NET WinForms Applications - Windows Authentication

YES

YES

YES

.NET WinForms Applications - Role-Based Authorization

YES

YES

YES

.NET WinForms Applications - Permission-Based Authorization

NO

YES

YES

.NET WinForms Applications - Auditing

YES

YES

YES

.NET WinForms Applications - Management of Preferences

YES

YES

YES

.NET WinForms Applications - Delegation of Administration

YES

YES

YES

.NET WinForms Applications - Logon Control

YES

YES

YES

SecureAccess Web Services based on WSE 1.0 YES YES YES
SecureAccess Web Services based on WCF YES YES YES
ASP.NET Web Services - Authentication using WS-Security

YES

YES

YES

ASP.NET Web Services - Role-Based Authorization

YES

YES

YES

ASP.NET Web Services - Permission-Based Authorization

NO

YES

YES

ASP.NET Web Services - Auditing

YES

YES

YES

ASP.NET Web Services - Management of Preferences

YES

YES

YES

ASP.NET Web Services - Delegation of Administration

YES

YES

YES

ASP.NET 2.0 Profile Provider YES YES YES
ASP.NET 2.0 Role Provider YES YES YES
ASP.NET 2.0 Membership Provider YES YES YES
ASP.NET 2.0 Authentication Http Module YES YES YES
Implementation of the IPrincipal and IIdentity interface YES YES YES
Import from Microsoft Active Directory

NO

NO

YES

Import from Microsoft Windows NT Domains

NO

NO

YES

Import from ODBC databases

NO

NO

YES


Take a Tour
On-line Training
Testimonials
"It's not buggy, it's very well documented and the support is very good,"
 
Martin Massé, facturation.net

ASPAlliance Review:

If you are planning to implement security features for your website, look no further and check out Secure Access. It gives you the power to lock anonymous users.
 
Anand Narayanaswamy, Microsoft MVPs
 

Rated:
by 411ASP.NET users
What do you think?



Copyright © 2014 Moravia IT. All rights reserved. PortSight is a business unit of Moravia IT.