Entering Configuration Information of Validation Application Block

These procedures explain how to configure the Validation Application Block with the configuration tools. Properties associated with the nodes appear in the right pane of the Configuration Console or the Properties window of the Visual Studio Configuration Editor.

The Validation Application Block allows you to use attributes and code to perform many of the tasks described here. For information about how to use attributes and code, see Using the Provided Validators. For information about properties that are associated with validators such as Tag and MessageTemplate, see Understanding Common Validator Properties.

This procedure explains how to add the Validation Application Block to the configuration file. For details of the schema for the Validation Application Block configuration, see Source Schema for the Validation Application Block.

To add the Validation Application Block

1. Open the configuration file. For more information, see Configuring Enterprise Library.
2. Right-click Application Configuration, point to New, and then click Validation Application Block.
3. (Optional) If you want to encrypt the configuration file, click in the ProtectionProvider field, and then select a protection provider from the drop-down list.

The next procedure shows how to define a rule set for the members of a type. Members of a type can be fields, methods, or properties. Note that it is possible for a type to have multiple rule sets associated with it. The procedure assumes that you have already added the Validation Application Block to your configuration.

To define a rule set for members of a type

1. Right-click Validation Application Block, point to New, and click Type.
2. In the Type Selector — System.Object dialog box, expand the assembly you want to use. To filter the list, in the Filter edit box type the string to use to filter the list, for example type "string" to filter for all classes containing the word "string". If the assembly is not in the dialog box, click Load form File or Load from GAC and navigate to it.
3. Double-click the type you want to validate.
4. (Optional) If there is an existing rule set you want to specify as the default, click DefaultRule in the properties pane and select it from the drop-down box.
5. To define a rule set, right-click on the type node, point to New, and then click Rule Set. Note that a rule set can contain as few as one validator.
6. Click in the Name property field and rename the rule set as required.
7. To select the member you want to validate, you can use either of the following methods:
   • Right-click Rule Set, point to New, and then click Field, Method, or Property. Then enter the name of the field, method, or property in the properties pane.
   • Alternatively, you can select various type members simultaneously. Right-click Rule Set, point to New, and then click Choose Members. In the Member Selector dialog box, select the Properties, Methods, and/or Fields that you want to validate, and then click OK.
8. Right-click the field, method, or property, point to New, and then click the validator you want to apply.
9. (Optional) Fill in the Tag, MessageTemplate, and MessageTemplateResource fields, as appropriate. If you use the MessageTemplateResource property, you must also specify the MessageTemplateResourceTypeName property. You can either enter the name of the MessageTemplateResourceTypeName type in the field or click on the ellipsis button (...) and use the Type Selector — System.Object dialog box to select it.
10. Enter values for the remaining validator properties. The properties available differ for each type of validator. For a list of properties for each type of validator, see Using the Provided Validators.
11. Repeat steps 8 to 10 for each validator that you require for the selected member. All the validators you add for a specific member must evaluate to true for validation to succeed.
12. Repeat steps 7 to 10 for each member of the type that you want to validate.

The next procedure shows how to apply validators at the type level. A type-level validator applies to an instance of a class as a whole rather than to members of that class. Typically, you will use a custom validator that you have created yourself, although the Not Null Validator may also be appropriate.

To apply validators at the type level

1. Repeat steps 1 through 6 of the procedure "To define a rule set for members of a type."
2. Right-click Self, point to New, and then click the validator you want to use. Typically, this is either Custom Validator or Not Null Validator.
3. For each validator, fill in the Tag, MessageTemplate and MessageTemplateResource fields, as appropriate. If you use the MessageTemplateResource property you must also specify the MessageTemplateResourceTypeName property. You can either enter the MessageTemplateResourceTypeName type in the field or click on the ellipsis and use the Type Selector — System.Object dialog box to select it. Many validators also have fields that are specific to them. Fill these out as well.
4. Repeat steps 2 and 3 for each validator that you require. All the validators you add for a specific type must evaluate to true for validation to succeed.

The next procedure explains how to define an AndCompositeValidator or an OrCompositeValidator composite validator. Composite validators contain individual validators that are combined with a Boolean AND or OR operation. You can nest them to create complex logic for a member, such as (A OR (B AND C)).

To define composite validators

1. Repeat steps 1 to 6 of the procedure "To define a rule set for members of a type."
2. Right-click the type member that you want to validate or the Self node, and then click either AndCompositeValidator or OrCompositeValidator.
3. Right-click AndCompositeValidator or OrCompositeValidator, and then click one of the validators that will be a part of the composite validator.
4. For each validator, fill in the Tag, MessageTemplate and MessageTemplateResource fields, as appropriate. If you use the MessageTemplateResource property you must also specify the MessageTemplateResourceTypeName property. You can either enter the MessageTemplateResourceTypeName type in the field or click the ellipsis button (…) and use the Type Selector — System.Object dialog box to select it. Many validators also have fields that are specific to them. Fill these out as well.
5. Repeat steps 3 and 4 for each validator that you require to create the logic for the current AndCompositeValidator or OrCompositeValidator.
6. Repeat steps 2 to 5 for each AndCompositeValidator or OrCompositeValidator you require.

Posted in: .NET Framework| Tags: Configuration Validation Application Block Validation

---

Entering Configuration Information of Enterprise Library

These procedures explain how to configure the Cryptography Application Block. Also see Using the Cryptographic Key Wizard.

Properties associated with the nodes appear in the right pane of the Configuration Console and in the Properties window of the Visual Studio Configuration Editor. For details of the configuration schema, see Source Schema for the Cryptography Application Block.

To add the Cryptography Application Block

Open the configuration file. For more information, see Configuring Enterprise Library.
Right-click Application Configuration, point to New, and then click Cryptography Application Block.
The configuration tool automatically adds the Cryptography Application Block node, and the Hash Providers and Symmetric Providers sub nodes, with default settings.
To configure the Cryptography Application Block

(Optional) In the properties pane, set the DefaultHashProvider property. This sets the instance of the hash provider that the Cryptography Application Block uses if the application code does not specify another provider. In the drop-down list, click the hash provider. The default is none.
(Optional) In the properties pane, set the DefaultSymmetricCryptoProvider property. This sets the instance of the symmetric cryptography provider that the Cryptography Application Block uses if the application code does not specify another provider. In the drop-down list, click the symmetric provider. The default is none.
To configure a custom hash provider

Click Hash Providers, point to New, and then click Custom Hash Provider.
In the Attributes section of the properties pane, click the ellipsis button (...).
In the EditableKeyValue Collection Editor dialog box, click Add to add a new name/value pair.
In the right pane of the EditableKeyValue Collection Editor dialog box, enter the key name and the value of the property.
Add more name/value pairs as appropriate, and then click OK.
(Optional) In the Name property section located in the properties pane of the configuration tool, change the name of the custom hash provider. The default name is Custom Hash Provider.
In the Type section of the properties pane, click the ellipsis button (…).In the Filter edit box type the string to use to filter the list, for example type "string" to filter for all classes containing the word "string". If the type you want is not included in the Assemblies folder, click Load form File or Load from GAC in the Type Selector dialog box to find the assembly that contains the type you want.
To configure a hash algorithm provider

Click Hash Providers, point to New, and then click HashAlgorithm Provider.
In the Type Selector dialog box, select the hash algorithm provider type you want to use. If the hash provider is not included, click Load from File or Load from GAC in the Type Selector dialog box to find the assembly that contains the type you want.
(Optional) In the Name property section located in the properties pane of the configuration tool, change the name of the hash algorithm provider. The default name is the type name you selected in step 2.
Set the SaltEnabled property. In the drop-down list, click True or False. The default is False.

Note:
The Cryptographic Key Wizard appears for keyed hash algorithm providers. For information about generating and importing keys, see the section Using the Cryptographic Key Wizard later in this topic.

To configure a custom symmetric cryptography provider

Click Symmetric Providers, point to New, and then click Custom Symmetric Cryptography Provider.
In the Attributes section of the properties pane, click the ellipsis button (...).
In the EditableKeyValue Collection Editor dialog box, click Add to add a new name/value pair.
In the right pane of the EditableKeyValue Collection Editor dialog box, enter the key name and the value of the property.
Add more name/value pairs as appropriate, and then click OK.
(Optional) In the Name property section located in the properties pane of the configuration tool, change the name of the custom symmetric cryptography provider. The default name is Custom Hash Provider.
In the Type property section of the properties pane, click the ellipsis button (…). If the type you want is not included in the Assemblies folder, click Load Assembly in the Type Selector dialog box to find the assembly that contains the type you want.
To configure a DPAPI symmetric cryptography provider

Click Symmetric Providers, point to New, and then click DPAPI Symmetric Cryptography Provider.
(Optional) In the Name section located in the properties pane of the configuration tool, change the name of the DPAPI symmetric cryptography provider. The default name is DPAPI Symmetric Cryptography Provider.
Set the ProtectionScope property. In the drop-down list, click CurrentUser or LocalMachine.
The CurrentUser value means that DPAPI uses a loaded user profile to generate the key. Only that particular user account can decrypt the encrypted data. The LocalMachine value means that that any code running on the machine has access to the protected key; therefore, it can decrypt any secret encrypted in LocalMachine mode. To counteract this, your application code can pass an entropy value when it calls the Encrypt or Decrypt methods. Entropy makes it more difficult for one application, running on the same computer, to compromise another application's encryption key. However, you must protect the entropy value. If it is simply saved to an unprotected file, attackers can access the file, retrieve the entropy value, and use it to decrypt an application's data. The application block configuration does not include the entropy value. This means that you cannot use the configuration tools to create or save an entropy value.

To configure a symmetric algorithm provider

Click Symmetric Providers, point to New, and then click Symmetric Algorithm Provider.
In the Type Selector, select the symmetric algorithm provider type you want to use. If the provider is not included, click Load Assembly in the Type Selector to find the assembly that contains the type you want. The default type is RijndaelMananged.
Use the Cryptographic Key Wizard to either import or generate a key. For more information, see the next section, "Using the Cryptographic Key Wizard."
Using the Cryptographic Key Wizard
By using the Cryptographic Key Wizard, you can do the following:

Create a new key.
Use an existing DPAPI-protected key file.
Import a password-protected key file.
Enterprise Library uses DPAPI to protect your keys. You can use the Cryptographic Key Wizard to create a key; each key is stored in a separate file that is protected with DPAPI. When you create the key, you choose either machine mode or user mode to limit access to the key.

Use machine mode in the following situations:

Your application runs on its own dedicated server with no other applications.
You have multiple applications that run on the same server and you want those applications to be able to share sensitive information.
Use user mode if you run your application in a shared hosting environment and you want to make sure that your application's sensitive data is not accessible to other applications on the server. In this situation, each application should run under a separate identity, and the resources for the application—such as files and databases—should be restricted to that identity.

Note:
If you use DPAPI with machine mode, the encrypted string is specific to a particular computer, so you must generate the encrypted data on every computer. Do not copy the encrypted data across computers that are in a server farm or a cluster.

The following procedures describe how to use the Cryptographic Key Wizard.

To create a new key

Select Create a new key, and then click Next.
Enter the hexadecimal key you want to use or click Generate to create a new key. Click Next.
Choose where you want to store the key file. Enter the location or click the ellipsis button (…) and select the location. Click Next.
Select either User mode or Machine mode. User mode uses the credentials of the user who is currently logged on to encrypt the key. In machine mode, any user who is logged on can encrypt and decrypt the key. Click Finish.
The Key property appears in the right pane of the configuration console. Click the ellipsis button (…) to use the Cryptographic Key Wizard again to generate a different key.
To use an existing DPAPI-protected key file

Select Use an existing DPAPI-protected key file, and then click Next.
Enter the location of the key file. The file must contain a key that is associated with the same algorithm type as the type you are using now. For example, if you are currently configuring a RijndaelManaged type algorithm, the key you are importing must also be associated with a RijndaelManaged type algorithm. For more information, see the section "Usage Notes" later in this topic. Enter the location or click the ellipsis button (…) and select the location. Click Next.
Select either User mode or Machine mode. User mode uses the credentials of the user who is currently logged on to encrypt the key. In machine mode, any user who is logged on can encrypt and decrypt the key. Click Finish.
The Key property appears in the properties pane of the configuration tool. Click the ellipsis button (…) to use the Cryptographic Key Wizard again to generate a different key.
To import a password-protected key file

Select Import a password-protected key file, and then click Next.
Enter the location of the key file or click the ellipsis button (…) and select the location. The file must contain a key that is associated with the same algorithm type as the type you are currently using. For example, if you are currently configuring a RijndaelManaged type algorithm, the key you are importing must also be associated with a RijndaelManaged type algorithm. For more information, see the section "Usage Notes" later in this section. Enter the password that was used to encrypt the file, and then click Next.
Choose where you want to store the key file. Enter the location or click the ellipsis button (…) and select the location, and then click Next.
Select either User mode or Machine mode, and then click Finish. User mode uses the credentials of the user who is currently logged on to encrypt the key. In machine mode, any user who is logged on can encrypt and decrypt the key.
The Key property appears in the properties pane of the configuration tool. Click the ellipsis button (…) to use the Cryptographic Key Wizard again to generate a different key.

Posted in: .NET Framework| Tags: .NET Enterprise Library Configuration

---