1. General security principles

    Article: AN0001560Updated: 29.10.2021

    ObjectGears is an .Net application working with a database on MS SQL Server.

    The application can communicate both on http and https protocols. From perspective of a general security of working with application we recommend https protocol.

    ObjectGears include a built-in role Administrator which can use all the application functions. This role is assigned to users in the web.config file. This is why users of ObjectGears should not have access to this file. Therefore, restrict write access rights on the file system of the ObjectGears instance. Due to same reason write access to the file system of the ObjectGears instance should not be granted to the technical account, under which ObjectGears instance is running, in order that user cannot change the web.config file from the application (by means of script or modul), and so obtain higher access rights than those granted to him/her in ObjectGears. Technical account of ObjectGears can do with read access on the web file system. Only system administrator should have write access to this file system.

    User authentication

    Authentication can be realized in one of two ways depending on web.config file settings:

    1. Authentication by means of user name and password
    2. Windows authentication (application takes over identitz of the user logged in MS Windows on the client)

    Alternative user accounts

    In case of Windows authentication alternative user accounts can be used, if allowed in web.config (property EnableAlternativePersonAccounts). This can be used e.g. for users with administrator role, that have both normal and administrative account. Number of alternative accounts is not limited. User in ObjectGears can be then always associated with a single identity and therefore single set of roles and permissions regardless which account was used for login in Windows. Also same tasks are displayed to him or her and same notifications are provided.

    Note: If you are assigning users to roles outside of ObjectGears (in MS Active Directory groups), it is necessary to asign to these groups all the accounts of the user, in order he/she has the same access permissions in ObjectGears, no matter with which account he or she logs in.

    User log off

    In case of the authenication by user name and password there is icon for user log off available in the context menu upper right corner of ObjectGears screen.