There are times when AD just isn’t going to work for you and you need to use your own authentication system. K2 provides an excellent pluggable architecture which you can extend to allow you to do this. Writing a customer security provider is not a challenging task at all – there are some interfaces you need to implement and that’s about it. Once you’ve done that you need to deploy your security provider to each K2 server, configure it and turn your hard work into a security label. This article is focused on deploying and configuring a security label.
(If you would like an article on creating a custom security provider, contact me. If there’s enough interest I’ll put one together).
Before you go about deploying your security provider there are some properties we need to check up on in your Visual Studio project:
- Make sure your class is strongly typed.
- Make sure the assembly is signed by doing the following:
- Right-click your project and select properties
- Select the ‘Signing’ tab
- Check ‘Sign the assembly’
- In the drop down, select <New…>
- Type in a name (you don’t need it to be password protected)
- Get your assembly’s public key token:
- Run the Visual Studio Command Prompt and navigate to the bin/Debug folder where your security provider dll is.
- Run the following command: sn.exe -Tp MySecurityProvider.dll
Now you’re ready to deploy your security provider. From a high level perspective, here’s what you’re going to do:
- Copy the dll(s) to the K2 server
- Edit the K2HostServer.config file
- Run a SQL script to register and configure the security label
- Restart K2
1. Copy the dll(s) to the K2 Server
Build your project and then locate the resulting dll in your bin\Debug folder. Copy this dll (and the pdb file as well) and paste it into your K2 server’s security provider folder (by default it is [C:\Program Files (x86)\K2 blackpearl\Host Server\Bin\securityproviders])
2. Edit the K2HostServer.config file
Set the useassemblyregistration appSetting in the [K2 Install]\Host Server\bin\K2HostServer.config file as follows:
< appSettings > ... < add key=”useassemblyregistration” value=”true” / > ... < /appSettings >
3. Insert some entries into K2’s databases
Before you can run the SQL and register your security label, make sure you have the following information on hand:
Your assembly’s public key token
Your security provider dll filename (without the .dll of course).
Your security provider’s fully qualified name (ProjectName.ClassName).
What you want to call your security label.
Open SQL Management Studio and run the following SQL:
-- Replace the following text with your values. You don't need to add any apostrophes - if I haven't included it you don't need it. -- SECURITYPROVIDER_FILENAME: Your security provider dll filename (without the .dll of course). -- ASSEMBLY_TOKEN: Your assembly’s public key token. -- SECURITYPROVIDER_FQN: Your security provider’s fully qualified name (ProjectName.ClassName). -- LABEL_NAME: What you want to call your security label. USE K2HostServer GO DECLARE @UNIQUE_ID UNIQUEIDENTIFIER SET @UNIQUE_ID = NEWID() -- Step 1: Add the dll to the Assembly Registration table. INSERT INTO [dbo].[AssemblyRegistration] ([AssemblyID] ,[AssemblyName] ,[PublicKeyToken] ,[Enabled]) VALUES (NEWID() , 'SECURITYPROVIDER_FILENAME' , 'ASSEMBLY_TOKEN' , 1) -- Step 2: Add the security provider to the list of available providers. INSERT INTO [dbo].[SecurityProviders] ([SecurityProviderID] ,[ProviderClassName]) VALUES (@UNIQUE_ID , 'SECURITYPROVIDER_FQN') -- Step 2: Create a security label by configuring an instance of the provider you just added INSERT INTO [dbo].[SecurityLabels] ([SecurityLabelID] ,[SecurityLabelName] ,[AuthSecurityProviderID] ,[AuthInit] ,[RoleSecurityProviderID] ,[RoleInit] ,[DefaultLabel]) VALUES (NEWID() ,'LABEL_NAME' ,@UNIQUE_ID ,'
' ,@UNIQUE_ID ,' ' ,0) GO
If you ever want to roll your system back and remove the security label you need to stop the K2 service, run the following SQL and then start K2 up again.
-- Replace the following text with your values. You don't need to add any apostrophes - if I haven't included it you don't need it. -- ASSEMBLY_TOKEN: Your assembly’s public key token. -- SECURITYPROVIDER_FQN: Your security provider’s fully qualified name (ProjectName.ClassName). -- LABEL_NAME: What you want to call your security label. use K2HostServer delete from AssemblyRegistration where PublicKeyToken = 'ASSEMBLY_TOKEN' delete from SecurityLabels where SecurityLabelName = 'LABEL_NAME' delete from SecurityProviders where ProviderClassName = 'SECURITYPROVIDER_FQN'