Tuesday 17 March 2015

Visual C#: RSA encryption using certificate

Intro

RSA is a well-known cryptosystem using assymetric encryption. It performs encryption using a public key, decryption using a private key. The private key should be protected. The most efficient way of managing these keys in a Windows environment is by using certificates. To protect the private key, you should make it not exportable. This way the private key is only available on the machine it is being used.

Friday 13 March 2015

FIM2010: Protect passwords in configuration files

Intro

One of the great features of FIM is that it is relatively easy to plugin custom functionality. You can extend the synchronization engine by developing rules extension and you can add custom workflows to the FIM portal. Rules extensions run under the FIM synchronization service account, workflows under the FIM service service account. This article describes an approach to enable communication to external systems (eg Exchange). Because you typically do not grant a service account rights to Microsoft Exchange, you need the ability to run part of your code using different credentials.

Encrypt password

You do not want to have passwords in clear text in configuration files or source code. That is where encryption comes into play. Encryption can be handled in a myriad of different ways. The method described here uses powershell cmdlets, which keeps it quite simple and understandable.

Thursday 12 March 2015

FIM2010: GUI for configuring your scheduler

Intro

I described in previous posts how I developed a windows service to schedule FIM. The configuration of this scheduler consists of XML files. Because it is not straightforward to ensure you have a consistent configuration that satisfies your needs, I developed an interface to help with the configuration. The tool itself is built using the WPF framework (.NET 4.5) and has following requirements:
  • Path of the folder containing scheduler configuration files, including at least the following:
    • JobConfiguration.xml
    • job_scheduling_data_2_0.xsd
    • RunConfiguration.xml
    • RunSchedulingData.xsd
  • Path of the folder containg a server export of the FIM Synchronization Engine
gui_browseNote that it is possible to use the tool on any server or workstation. After saving your changes you can transfer the configuration files to your FIM server.