The example below takes you through the steps to use the ASP.NET Authentication Provider with K2 blackpearl.  A typical scenario where you might use the ASP.NET Security Provider is when your Web Application requires a user to login in order to view restricted content.  This includes a K2 Worklist.  This article shows how to take advantage of the out-of-box ASP.NET security components and how to extend it to enable successful integration with K2 blackpearl.  The code ('ASPNetSecManager.zip') for this blog post can be downloaded from “http://www.k2underground.com/k2/ProjectHome.aspx?ProjectID=59”.  Please ensure you login the Underground before accessing the link.  Please also note the accompanying readme.txt

Let’s get started:

1.       Ensure K2 Host Server is stopped.  (Start > Run >Services.msc, find ‘K2 blackpearl Server’, right click and select ‘All Tasks > Stop’)

2.       Create a Folder where your solution will be created in.  Let’s name this “ASPSec”

3.       Create a containing folder for the Web Applications we will use.  (We will create 2 Web Applications; one for the User Manager and one that will enable us to test the Workflow)

4.       Create the 2 Web Application Folders 

5.       Extract the “ASPNetSecManager.zip” to a favourite location

6.       Copy and Paste the contents of “www” to the folder indicated in the image

7.       Copy and Paste the contents of “wwwSecManager” to the folder indicated in the image

8.       Open SQL Management Studio and create a Blank database that will be extended with the ASP.NET Security Provider artifacts.  Name it ‘ASPSec’

9.       Create a new SQL Account that will be used to connect to the ASPSec database by the SecurityProvider 

10.   Ensure to grant the permissions below

(Tip: After creating the account, click on the ‘Connect’ icon in Management Studio and enter your newly created account details.  This will ensure any SQL Policies (i.e. ‘Change account on next login’ issues can be resolved at this stage)

11.   Let’s extend the database with the ASP.NET Membership artifacts.  Open VS Command prompt

12.   Run the aspnet_regsql command

13.   Select the 1^st option and click Next

14.   Select the Membership Store to extend and finish the wizard 

15.   Execute the following SQL Command against the ASPSec database

16.   Let’s configure the User Manager and Workflow test Web Applications.  I will do the Workflow test Web App first.  Open IIS and configure a new virtual directory

17.   Enter the details below.  Note the name is the same as the value we inserted into the ‘aspnet_Applications’  table earlier

18.   Enter the path to the source files

19.   Set the Virtual Directory values

20.   Set Anonymous access only. 

21.   Let’s configure the User Manager Web App now.  Create a new virtual directory in IIS

22.   Enter the virtual folder name below

23.   Set the path

24.   Set the Properties

25.   Enable Integrated Authentication Only

26.   Set the default content page to ‘Home.aspx’

27.   Let’s create a blank Visual Studio Solution and add out Web Projects to it.  We will also add an example K2 Security Provider project and a K2 Workflow Process to the solution

28.   Let’s add the 2 Web Applications 1^st.  Add an existing website

29.   Browse and add the ‘Local IIS’ ‘ASPSecWeb’ Application

30.   Repeat the steps for the ‘ASPSecMan’ Web Application

31.   Now, let’s copy the Security Provider project to our solution folder

32.   Do the same foe the Test K2 Process. Copy the code from the source folder

33.   Create the destination folder and paste the contents into it 

34.   We are ready to add the Security Provider and the K2 Process to our solution.  Add the Security Provider 1^st by adding an existing project and browsing to the solution folder where we pasted the files  earlier 

35.   ...and the same for the K2 Process

36.   Open ‘Home.aspx’ in the security manager and note the URL.  If you create your own Web Application, ensure the settings are reflected in the querystring.  This example manager is the one that ships with .NET and are used for demonstration purposes only.   

37.   Open the Web.Config of the  ‘ASPSecWeb’.  Note we configured the connectionstring node to include our SQL Login Details.   

38.   Let’s compile the Security provider now.  Ensure you sign the Assembly.  Save and compile the project 

39.   We need the Public Key token of the Compiled Security Assembly.  Launch the VS Command Prompt and execute the ‘sn –T’ command to extract the value 

40.   Copy the ‘ArnIT.ASPNetSecurity.Library’ Assembly to the ‘securityproviders’ folder in the K2 Program files 

41.   With K2 Host Server still stopped, execute the following SQL Command against the HostServer database.  Ensure your public key token is used in the script’s  3^rd parameter

42.   Open the K2HostServer.config file and set the ‘useassemblyregistration’s value attribute to ‘true’

43.   Start K2 Host Server.  Host Server will register the new provider assembly and insert an entry into the ‘HostServer.SecurityProviders’ table automatically

44.   Wait a few moments and execute the following SQL Statement against the HostServer database.  This script is available from ‘regSQL.txt’ in the accompanied download zip file.

45.   STOP K2 host server and open the K2HostServer.config file again. 

46.   Delete the encrypted connectionStrings section after you have learned the replacement values

47.   Enter the replacement values

48.   Enter the following Membership Specific section in the config file (you can copy this section from the ‘ASPSecWeb’s’ web.config file).  Remember to save the config file only if you are happy that you have a backup and that the contents are correct!

49.   So far so good.  The registration is complete and you can start K2 HostServer again.  If you start it in Console mode, you should see the provider registration information text during startup

Let’s test our work.  We will firstly create a new user using our Membership Administration Web Application.  We will then configure the K2 destination rule in our test K2 process to point to that user and we will test the lot using the ‘ASPSecWeb’ application by logging in using our user and starting a new process and auctioning a worklist item

50.   Launch the Membership Administration Application

51.   Click on ‘Create User’

52.   Enter the user details and click ‘Create User’

53.   Create an example role.  Although we won’t use this, its good to demonstrate you can use the roles as well

54.   Add our newly created user to the created role

55.   Open the destination rule of the ‘CustomerResponse’ K2 process

56.   Remove all the existing users

57.   Add a new user.  Note our users and groups are available in the Context Browser.

58.   Add the user as indicated

59.   Deploy the project

60.   Assign ‘Start Permissions’ to our user 

61.   Finally, lets play with our implementation.  Browse the ‘Default.aspx’ file in the ‘ASPSecWeb’ web application

62.   Enter our user’s username and password.  Note, this is the ASP.NET login control.  You can use the ‘Password Reminder’, ‘Registration’ or any other controls in your application now.

63.   Start a new Process by clicking on ‘Start Random Request’ 

64.   Click on ‘View Worklist’ to inspect the result.  You should have a new worklist item

65.   Browse to ‘Instances’ in K2 Workspace and ensure the process has started.  Note the ‘Originator’ value

Go ahead and finish the Worklist item. 

A few final thoughts:

·         You can use all the standard ASP.NET Membership controls (registration, password reminder ect.)

·         The provider implementation is an example only, and you should re-visit the implementation to streamline the code

·         Hosting of the Provider in K2 Host Server could be made more dynamic by taking advantage of the ‘AuthInit’ field in the SecurityLabels table in the HostServer database

·         You can create your own Membership Administration UI and use the Microsoft Membership objects in your implementations

·         A good idea is to create Membership Groups (i.e. Approvers) and use this is as source for your K2 Role that is used as part of your Destination designing in K2 Designer for Visual Studio.  This ensures dynamic destinations

·         You might want to implement a ‘trusted’ model between your Web Application and K2, which means you don’t pass the users password to the K2 Security provider for secondary authentication.  If you do require secondary authentication, ensure all passwords are hashed and encrypted