ASP.NET Configuration and Group Policy, Part 2: Creating and Using Group Policy-Aware Providers : Page 6

The second installment of this three-article series discusses how to set Windows Group Policy at both the machine and domain levels to control application configuration settings from a central location.

by Alex Homer

Jun 14, 2007

Page 6 of 7

WEBINAR:

On-Demand

Application Security Testing: An Integral Part of DevOps

~~Watch~~→

Integrating Group Policy into the Configuration Provider
Using the helper class described in the preceding section, it's easy to modify the existing sample configuration provider to make it Group Policy aware. For each property accessor within the provider classes that return configurable values (from attributes in the custom section of the Web.config file), the code passes each value through the GetGPOverride method before returning it as the property value. For example, here's the code for the DeviceMode property accessor in the ConnectionItemElementCollection class:

   [ConfigurationProperty("deviceMode")]
   // returns the value of the optional "deviceMode" attribute  
   public String DeviceMode
   {
     // Pass value through the Group Policy 
     // configuration helper method 
     // that applies any Group Policy settings.
     get 
     { 
       return GPAwareHelper.GetGPOverride(true, "DeviceMode",
          this["deviceMode"]).ToString();
     }
   }

You can see that this code passes the value that the .NET configuration system extracts from the Web.config file through the static GetGPOverride helper method, and exposes the return value as the property value. In other words, if a Group Policy Object provides a value for this setting, the property accessor will return that setting rather than the value in the configuration file.

The property accessor for the AutoConnect property, for which Group Policy administration uses a CHECKBOX part, extracts the value from the local Web.config file, passes it through the GetGPOverride method, and then passes it to the ConvertInt32ObjectToBooleanObject method. This converts the underlying Int32 value returned from the RegistryKey class to a Boolean of the appropriate value, or just returns the Web.config value if there is no setting configured for this property in the registry:

   [ConfigurationProperty("autoConnect", DefaultValue = false, 
      IsRequired = false)]
   // returns the value of the optional "autoConnect" attribute  
   public Boolean AutoConnect
   {
     get 
     { 
       // Pass value through the Group Policy configuration 
       // helper method that applies any Group Policy settings.
       Object gpAwareValue = GPAwareHelper.GetGPOverride(
          true, "AutoConnect", this["autoConnect"]);
       // This is a Boolean value in the configuration but 
       // GroupPolicy returns 0 or 1 from a CHECKBOX control, so 
       // use helper method to convert it.
       return (Boolean)GPAwareHelper
         .ConvertInt32ObjectToBooleanObject(gpAwareValue); 
     }
   }

Using the Group Policy-Aware Configuration Provider
The sample application contains a class named GPAwareConfigSection that implements the Group Policy-aware configuration provider. It is the same as that described in the previous article in this series, but uses the techniques described in this article to apply Group Policy settings to the values it exposes to the hosting application.

To allow the sample application to show both the "normal" custom configuration provider and the Group Policy-aware provider in use, the Web.config file contains defines two custom configuration sections. The second of these is for the Group Policy-aware provider:








   <configSections>
     <section name="CustomConnections"
       type="CustomConfigSection.ConnectionSettingsSection"/>
     <section name="GPAwareConnections"
       type="GPAwareConfigSection.ConnectionSettingsSection"/>
   </configSections>

Then, in the main body of Web.config, you'll find the custom section containing the configuration values. Note that these are the same as used for the "normal" custom provider described in the previous article; only the section element name is different:

   <!-- configuration values for GP-aware configuration 
        provider -->
   <GPAwareConnections autoConnect="false">
     <ConnectionItems deviceMode="Static">
       <add connectionType="InternalPrice" price="2"/>
       <add connectionType="ExternalPrice" price="4"/>
       <add connectionType="WirelessPrice" price="8"/>
       <add connectionType="GPRSPrice" price="15"/>
     </ConnectionItems>
     <defaultUser userName="John Smith" location="Block 7"/>
   </GPAwareConnections>

There are only two differences in the code-behind file for Default.aspx in the sample application compared to the "normal" configuration provider used in the previous article. The handler for the button that gets configuration settings from the Group Policy-aware provider instantiates that provider instead of the "normal" provider:

   protected void btnGetGPAware_Click(object sender, EventArgs e)
   {
      // Retrieve the <GPAwareConnections> section from the 
      // configuration file
      GPAwareConfigSection.ConnectionSettingsSection configSection
         = (GPAwareConfigSection.ConnectionSettingsSection)
         WebConfigurationManager.GetSection("GPAwareConnections");
      // Get value of "autoConnect" attribute on 
      // <Connections> element
      lblAutoConnect.Text = configSection.AutoConnect.ToString();
      // Get value of "deviceMode" attribute on 
      // <ConnectionItems> element
      lblDeviceMode.Text = 
         configSection.ConnectionItems.DeviceMode;
      // Iterate through collection of <add> elements within 
      // <ConnectionItems> 
      foreach (GPAwareConfigSection.ConnectionItemElement conn 
         in configSection.ConnectionItems)
      {
         // Get value of "connectionType" and "price" on 
         // each <Add> element
         lblConnectionItems.Text += conn.ConnectionType + " = " 
            + conn.Price.ToString() + " &nbsp; ";
      }
      // Get the value of the attributes on the 
      // <defaultUser> element
      lblDefaultUser.Text = 
         configSection.DefaultUser.DefaultUserName;
      lblUserLocation.Text = 
         configSection.DefaultUser.DefaultUserLocation;
      // display the identity of the current user
      lblUserIdentity.Text = "Current user identity: <b>" 
         + User.Identity.Name + "</b><p />";
   }

The code to display the values from the configuration provider in the Label controls on the page is the same for both providers. However, as you can see in the listing above, the btnGetGPAware_Click handler also displays the name of the current user, extracted from the current User.Identity instance. You'll see why this is significant shortly.

Figure 8 shows the sample application in action when you execute the "normal" configuration provider described in the previous article. This displays the values in the local Web.config file.


Figure 8. "Normal" Value: The figure shows the values in Web.config as exposed by the "normal" custom configuration provider.


Figure 9. "Group Policy-Aware Provider Value: The configuration values exposed by the Group Policy-aware configuration provider override Web.config values with the settings defined in Group Policy. This page also displays the current user identity.

Figure 9 shows the results when you click the second button to execute the Group Policy-aware provider. You can see the values specified in Group Policy settings for the domain and the current user identity.

If you look back at Figure 4, you can see the Group Policy settings specified for this domain, and confirm that the Group Policy-aware configuration provider actually does expose the settings specified in Group Policy instead of the values in the Web.config file.