How to register a Security Provider
KB000186
DOWNLOADSSEE ALSO How to register labels against multiple domains
TAGSÂ
Introduction | ||
K2 allows for multiple security providers to be used for authentication purposes. This allows a customer’s security provider to be modified when business requirements change, or to allow for multiple security providers for use with K2 Host Server.
| ||
This document will walk you through how to register a security provider. Typically, the authentication mechanism is Active Directory (AD) or SQL. Both AD and SQL providers ship in the box with K2. However, custom security providers can be written for other sources (such as Oracle, LDAP).
|
Â
Â
How to Register a Security Provider
- AssemblyRegistration – Register the assembly so K2 can use it.
- SecurityProvider – In order to register the security provider as a Type that implements IHostableSecurityProvider
- SecurityLabel – This table maps the security provider to a label and stores initialization data
Code the Security Provider
Note: Please see the Download section for the Sample Security Provider attachment. In this sample, there are some comments in the methods that must be implemented for the provider. This is a sample for reference only. |
This requirement applies to the assembly that implements the security interface, for example, IHostableSecurityProvider and excludes the assemblies that are referenced by the assembly implementing the interface.Â
To illustrate: If assembly A implements IHostableSecurityProvider, and assembly A references assembly B, then you only need to register Assembly Ain the K2 database. You must copy Assembly A into the <install folder>Host ServerinSecuirtyProviders and copy Assembly B, the referenced assembly, to <install folder>Host Serverin.
How to Register the Assembly
Use these steps to register the assembly.Â
- The assembly that contains your Security Provider, must be signed. Get the public key token for the assembly. To obtain the Public token key do the following
- Open the Visual Studio command prompt
- Type: sn.exe -T pfull path to strongly named assembly]
- Run the following script against the Host Server database: INSERT INTO HostServer].1AssemblyRegistration]
   (eAssemblyID]
   ,>AssemblyName]
   ,/PublicKeyToken]
   , Enabled])
VALUES
   (newid()
   ,'rAssemblyName]'
   ,'wPublicKeyToken]'
   ,1)Where lAssemblyName] is the name of the assembly example: SourceCode.Security.Providers.SampleProvider (excluding the ‘.dll’, i.e. not the strong name) and where PublicKeyToken] is the public key token that you signed the assembly with, obtained in step 1.
- Make the following change to the nK2 Install Dir]Host ServerBinK2HostServer.exe.config file <appSettings>
...
<add key="useassemblyregistration" value="true" />
...
</appSettings> - Restart the K2Server.
        <install folder>Host ServerBinSecurityProviders
Register the Security Provider in the Database
Note: The following code sample has place holders for the security provider information. They are marked with {}. Be sure to replace the place holder text with your security provider’s information. |
            (IRoleProvider)}'
Important: Please note it is imperative that the }AuthInit] and ÂRoleInit] values in the dSecurityLabel] table are NOT NULL. |
Resolving Users in the Context of Multiple Labels
When multiple security providers are used, multiple labels are registered with K2. This should be taken into account when creating a new security provider.
Note: The Label is a user-friendly representation of the Security Provider. |
Note: When no security tag or label is specified, the default domain label will be used. |
- BPUser – This user will resolve with the default label (K2), with the default domain (K2DEMO). The internal result used by K2 will be K2:K2DEMOBPUser
- K2DEMOBPUser – This user will resolve with the default label (K2). The internal result used by K2 will be K2:K2DEMOBPUser
- K2:K2DEMOBPUser – This is the fully qualified name with the label and domain specified. K2 will use this result as is.
Â