1 / 27

TULIP

TULIP. The UI Login Portal. Presented by: Adam Huffman McKendree University May 21, 2013. Introduction - TULIP - The UI Login Portal. TULIP is a website that adds additional security to any web resource Developed for UI 4.4 but can be used for any web resource

chaz
Download Presentation

TULIP

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. TULIP The UI Login Portal Presented by: Adam Huffman McKendree University May 21, 2013

  2. Introduction - TULIP - The UI Login Portal TULIP is a website that adds additional security to any web resource Developed for UI 4.4 but can be used for any web resource Technologies Used: IIS 7+ with the IIS URL Rewrite, HTML 5, CSS 3, C# .NET 4.0, Microsoft Active Directory, and Microsoft SQL

  3. Agenda – TULIP • The need for TULIP • High-level overview • Demonstrations • GitHub • How McKendree University uses TULIP • Code • GitHub • What customizations need to be made

  4. The need for TULIP How to allow for offsite access to UI 4 without giving student workers access offsite or in their residence hall?

  5. The need for TULIP Provide offsite access to UI 4.X Prevent student workers from accessing UI 4.X in their residence halls and off campus Prevent anonymous access to the UI 4.X login

  6. High-level overview How it works

  7. High-level overview 1 of 4 default.aspx Login Campus Login redirect.aspx windows_authentication.aspx

  8. High-level overview 2 of 4 redirect.aspx Insert into database to create a new GUID with usernameand timestamp Retrieve the newly created GUID Protected Page Redirect to the protected page appending the GUID to the URL GET request as the ?key=

  9. High-level overview 3 of 4 Parts of the Protected Page begin_key_security.asp Protected Page Page to be protected (.asp) end_key_security.asp

  10. High-level overview 4 of 4 Protected Page Retrieve the timestamp from the database that correlates to the GUID Verify that the GUID is not older then ten seconds The Protected Page’s Content

  11. Demonstrations Show and tell.

  12. Demo – GitHub – default.aspx 1 of 3 default.aspx windows_authentication.aspx

  13. Demo – GitHub – Protected Page 2 of 3 /default.asp?key=9775826a-111e-4d25-98fc-fb6a434dd32a Example of the GUID The GUID was valid and less than 10 seconds old *Instead of Success! the page that is meant to be protected would be displayed. The GUID was invalid or more than 10 seconds old

  14. Demo – GitHub– Demo 3 of 3 GitHub Demo A temporary demo site will be available during the ellucianIL presentation.

  15. Demo – McKendree – default.aspx 1 of 3 default.aspx windows_authentication.aspx This takes the place of index.asp page that is delivered with UI 4

  16. Demo – McKendree – launch.asp 2 of 3 The Protected Page is now launch.asp which is in its own application live43 /live43/launch.asp?key=9775826a-111e-4d25-98fc-fb6a434dd32a Example of the GUID The GUID was valid and less than 10 seconds old

  17. Demo – McKendree 3 of 3 McKendree Demo The link will be available during the ellucianIL presentation.

  18. The Code Not as scary as it sounds.

  19. The Code – Overview 1 of 8 • GitHub • Servers IIS 7+ and MS SQL • Files to modify (C#) • web.config • tulip.cs • windows_authentication.aspx.cs • redirect.aspx.cs • begin_key_security.asp

  20. The Code – GitHub 2 of 8 • Create an account • Go to github.com/adam-huffman/tulip • Download the zip file or use GitHub for Windows • Setup IIS 7+ and Microsoft SQL Server • Open project in Microsoft Visual Studio • Tweak, Deploy, Repeat 

  21. The Code – IIS 7+ and SQL 3 of 8 • Microsoft IIS • 7+ (Server 2008+) • IIS URL Rewrite • AppPool with .Net 4 and Integrated Pipeline • Microsoft SQL Server • SQL Server 2005 • Should be compatible with newer version of SQL as long as the uniqueidentifer is available

  22. The Code – web.config 4 of 8 <connectionStrings> <addname="tulip“ providerName="System.Data.SQLClient" connectionString=“” </connectionStrings> *Add in your connection string <system.webServer><rewrite><rules> … *Change subdomain domain and top level domain to the apocopate values

  23. The Code – tulip.cs 5 of 8 public tulip(){ ActiveDirectoryRoot = "LDAP://DC=domain,DC=topleveldomain"; ActiveDirectoryDomain = "domain.topleveldomain“; ActiveDirectorySearcherUserName = "ActiveDirectorySearcher" + "@" + ActiveDirectoryDomain; ActiveDirectorySearcherPassword = "Password for Active Directory Search Account"; ActiveDirectoryGroupsGrantAccess.Add ("CN=GroupThatHasAccess,OU=SomeOU,DC=domain,DC=topleveldomain“); ActiveDirectoryGroupsDenyAccess.Add ("CN=GroupThatDoesNotHasAccess,OU=SomeOU,DC=domain,DC=topleveldomain“); }

  24. The Code – windows_authentication.aspx.cs 6 of 8 // If the URL contains our main application web address then // we can assume that we redirected the user to the page. if ( this.Request.UrlReferrer.ToString().Contains ("https://subdomain.domain.topleveldomain")) { . . . *Change subdomain domain and top level domain to the apocopate values

  25. The Code – redirect.aspx 7 of 8 //Insert into the table SqlCommandmyCommand_INSERT=newSqlCommand("INSERT INTO database_table_name VALUES (NEWID(), '"+ str_UserName + "', '" + datetime_NOW + "', 'dev');",conn); //Select from the table SqlCommandmyCommand_SELECT=newSqlCommand("SELECT [uid] FROM database_table_name WHERE [username] = '" + str_UserName +"' AND [timestamp] = '" + datetime_NOW +"';", conn); *Change Insert and Select statements where needed str_Redirect_Path = "https://subdomain.domain.topleveldomain/protected/default.asp?key=" + reader["uid"].ToString(); *Change the redirect path, it can be outside of the application

  26. The Code – begin_key_security.asp 8 of 8 Conn.Open "PROVIDER=SQLOLEDB;DATA SOURCE=database_server\database_server_instance;UID=database_user_name;PWD=database_user_password;DATABASE=database_name" *Modify the connection string sql = "SELECT [timestamp] FROM [database_table_name] WHERE [uid] = '" + strKey + '" *Modify the select statement where needed If strDifference < 10 Then *Modify the number of seconds if needed

  27. Questions & Answers Thank You! https://github.com/adam-huffman/tulip Adam Huffman athuffman@mckendree.edu

More Related