Portland Financial Management Group, LTD. |
Single Sign-on Security |
"I saved two months of development time and $28,000 using Iron Speed Designer."
- Tim Titchmarsh, Chief Architect and Software Designer of Dot Net Architect
|
|
|
Single Sign-on Security |
Portland Financial Management Group, LTD.
London, UK
|
The Single Sign-on Security application allows Portland Financial to administer and configure
role based security across multiple applications with single sign-on capability.
The application has the following characteristics:
|
Provides a single sign-on capability for multiple applications. |
|
Allows page access and data filtering to be dynamically assigned to multiple Iron Speed Designer applications from a single point. |
|
Provides enhanced login with SMS challenge/response messaging confirmation. |
Configuring roles
Single Sign-on Security allows the system administrator to configure application security for the
entire company. The administrator can view, add, edit and delete application entries that make
use of the dynamic security feature. Once a new application is added to the system, the program will automatically
locate pages used by it and add them to its security store. Other items such as reports can also be secured.
Administrators can create users and assign user roles as they go. When page access is assigned to a
user, the application is automatically updated and does not need to be recompiled.
Single Sign-on Security displays filtered data to each user based on their role. As a result,
data is restricted and retrieved from the database without further coding. Various logging data
is stored when users attempt to login (ie. IP address of user, timestamp, login details, etc.).
Editing Age Access en masse
Administrators can also configure security strength with settings such as the length of passwords, special
characters/numbers in passwords, password encryption, and usual login times during the day and durations, IP restrictions
etc. In addition to the password settings, users logging in under certain conditions are required to enter
a response code sent to their mobile phone. This is implemented as an added security level when users login outside
normal working hours or consecutive multiple attempts after the first time they login that day.
|
Application size and scope |
Single Sign-on Security is comprised of one SQL Server 2005 database with 22 database tables, eight views and
50 Web pages. The largest table is ObjectAccessrule which has 12,000 records
today. The number of records in this table will grow as new applications and
roles are added to the application.
Every month, 60 system administrators access the application and process 200,000
transactions.
|
The project |
The project took me two months to implement. The Iron Speed Designer portion of
the project took 10 days.
|
Code extensions and customizations |
I wrote 1,000 lines of custom code over one month. The most important customization was the
incorporation of custom security libraries (Web Services call to the security layer).
I did not incorporate any third-party controls.
|
Page layout customizations |
I modified the page layout to accommodate extra buttons and used the standard Matterhorn page
style in Iron Speed Designer.
|
Iron Speed Designer impact |
I saved two months of development time and $28,000 using Iron Speed Designer. The project
would have been feasible without the tool, but it would have taken at least three months to build.
|
Next steps |
I plan to implement more enhanced application security as the number of websites and application
users grow.
|
About the developer |
Tim Titchmarsh has more than 25 years software development and management experience in the computer
industry. He earned a Higher National Diploma in Computer Science Studies in 1986, and set up his
own software consulting and development company in 1997. Dot Net Architect specialize in
Microsoft technologies. He has won contracts with many blue chip clients both in London and Zurich.
His clients include USB Global Asset Management, Accenture, Commerzbank and Amlin Insurance. Tim
has gained a reputation for getting things done! Tim is a member of the Microsoft MSDN Visual
Studio Team Developer and The Microsoft Partner Program.
|
|
|
|
|