WEBINAR:
On-Demand
Application Security Testing: An Integral Part of DevOps
Integrating Group Policy into the Configuration Provider
Using the helper class described in the preceding section, it's easy to modify the existing sample configuration provider to make it Group Policy aware. For each property accessor within the provider classes that return configurable values (from attributes in the custom section of the
Web.config file), the code passes each value through the
GetGPOverride method before returning it as the property value. For example, here's the code for the
DeviceMode property accessor in the ConnectionItemElementCollection class:
[ConfigurationProperty("deviceMode")]
// returns the value of the optional "deviceMode" attribute
public String DeviceMode
{
// Pass value through the Group Policy
// configuration helper method
// that applies any Group Policy settings.
get
{
return GPAwareHelper.GetGPOverride(true, "DeviceMode",
this["deviceMode"]).ToString();
}
}
You can see that this code passes the value that the .NET configuration system extracts from the
Web.config file through the static
GetGPOverride helper method, and exposes the return value as the property value. In other words, if a Group Policy Object provides a value for this setting, the property accessor will return that setting rather than the value in the configuration file.
The property accessor for the
AutoConnect property, for which Group Policy administration uses a
CHECKBOX part, extracts the value from the local
Web.config file, passes it through the
GetGPOverride method, and then passes it to the
ConvertInt32ObjectToBooleanObject method. This converts the underlying Int32 value returned from the RegistryKey class to a Boolean of the appropriate value, or just returns the
Web.config value if there is no setting configured for this property in the registry:
[ConfigurationProperty("autoConnect", DefaultValue = false,
IsRequired = false)]
// returns the value of the optional "autoConnect" attribute
public Boolean AutoConnect
{
get
{
// Pass value through the Group Policy configuration
// helper method that applies any Group Policy settings.
Object gpAwareValue = GPAwareHelper.GetGPOverride(
true, "AutoConnect", this["autoConnect"]);
// This is a Boolean value in the configuration but
// GroupPolicy returns 0 or 1 from a CHECKBOX control, so
// use helper method to convert it.
return (Boolean)GPAwareHelper
.ConvertInt32ObjectToBooleanObject(gpAwareValue);
}
}
Using the Group Policy-Aware Configuration Provider
The sample application contains a class named GPAwareConfigSection that implements the Group Policy-aware configuration provider. It is the same as that described in the
previous article in this series, but uses the techniques described in this article to apply Group Policy settings to the values it exposes to the hosting application.
To allow the sample application to show both the "normal" custom configuration provider and the Group Policy-aware provider in use, the
Web.config file contains defines two custom configuration sections. The second of these is for the Group Policy-aware provider:
<configSections>
<section name="CustomConnections"
type="CustomConfigSection.ConnectionSettingsSection"/>
<section name="GPAwareConnections"
type="GPAwareConfigSection.ConnectionSettingsSection"/>
</configSections>
Then, in the main body of
Web.config, you'll find the custom section containing the configuration values. Note that these are the same as used for the "normal" custom provider described in the previous article; only the section element name is different:
<!-- configuration values for GP-aware configuration
provider -->
<GPAwareConnections autoConnect="false">
<ConnectionItems deviceMode="Static">
<add connectionType="InternalPrice" price="2"/>
<add connectionType="ExternalPrice" price="4"/>
<add connectionType="WirelessPrice" price="8"/>
<add connectionType="GPRSPrice" price="15"/>
</ConnectionItems>
<defaultUser userName="John Smith" location="Block 7"/>
</GPAwareConnections>
There are only two differences in the code-behind file for
Default.aspx in the sample application compared to the "normal" configuration provider used in the previous article. The handler for the button that gets configuration settings from the Group Policy-aware provider instantiates that provider instead of the "normal" provider:
protected void btnGetGPAware_Click(object sender, EventArgs e)
{
// Retrieve the <GPAwareConnections> section from the
// configuration file
GPAwareConfigSection.ConnectionSettingsSection configSection
= (GPAwareConfigSection.ConnectionSettingsSection)
WebConfigurationManager.GetSection("GPAwareConnections");
// Get value of "autoConnect" attribute on
// <Connections> element
lblAutoConnect.Text = configSection.AutoConnect.ToString();
// Get value of "deviceMode" attribute on
// <ConnectionItems> element
lblDeviceMode.Text =
configSection.ConnectionItems.DeviceMode;
// Iterate through collection of <add> elements within
// <ConnectionItems>
foreach (GPAwareConfigSection.ConnectionItemElement conn
in configSection.ConnectionItems)
{
// Get value of "connectionType" and "price" on
// each <Add> element
lblConnectionItems.Text += conn.ConnectionType + " = "
+ conn.Price.ToString() + " ";
}
// Get the value of the attributes on the
// <defaultUser> element
lblDefaultUser.Text =
configSection.DefaultUser.DefaultUserName;
lblUserLocation.Text =
configSection.DefaultUser.DefaultUserLocation;
// display the identity of the current user
lblUserIdentity.Text = "Current user identity: <b>"
+ User.Identity.Name + "</b><p />";
}
The code to display the values from the configuration provider in the Label controls on the page is the same for both providers. However, as you can see in the listing above, the
btnGetGPAware_Click handler also displays the name of the current user, extracted from the current
User.Identity instance. You'll see why this is significant shortly.
Figure 8 shows the sample application in action when you execute the "normal" configuration provider described in the previous article. This displays the values in the local
Web.config file.
 | |
Figure 8. "Normal" Value: The figure shows the values in Web.config as exposed by the "normal" custom configuration provider. |
|
 | |
Figure 9. "Group Policy-Aware Provider Value: The configuration values exposed by the Group Policy-aware configuration provider override Web.config values with the settings defined in Group Policy. This page also displays the current user identity. |
|
|
Figure 9 shows the results when you click the second button to execute the Group Policy-aware provider. You can see the values specified in Group Policy settings for the domain and the current user identity.
If you look back at
Figure 4, you can see the Group Policy settings specified for this domain, and confirm that the Group Policy-aware configuration provider actually does expose the settings specified in Group Policy instead of the values in the
Web.config file.