IDentifier for .

NET

Installation Guide
Version 3.0.0

July 2011

www.sentrigo.com

Last modified: November 1, 2011

Introducing Hedgehog IDentifer

Copyright 2007 - 2011 - All Rights Reserved. Hedgehog is a trademark of Sentrigo, Ltd. This material is proprietary of Sentrigo Ltd. Any unauthorized reproduction, use or disclosure of this material, or any part thereof, is strictly prohibited. This material is meant solely for the use of Sentrigo Networks employees and authorized customers.

Hedgehog IDentifier.NET Installation Guide ii

Table of Contents

1 2 3 4 5 6

Introducing Hedgehog IDentifer for .NET ........................................................................ 1 Installation Workflow ........................................................................................................ 1 Running the IDentifier Installer ......................................................................................... 2 Configuring the IDentifier Web Filter ............................................................................... 3 Outgoing HTTP Request Identifying ................................................................................. 6 Troubleshooting ................................................................................................................. 6

Hedgehog IDentifier.NET Installation Guide iii

Introducing Hedgehog IDentifer for .NET

Introducing Hedgehog IDentifer for .NET

Hedgehog is an easy-to-deploy software solution that monitors the database and protects it from both internal and external threats. Hedgehog provides full visibility into database user activity and can issue alerts or terminate suspicious activities based on predefined rules and custom rules. Hedgehog IDentifier for .NET further enhances Hedgehogs capabilities by enabling you to identify the source of a transaction. When Hedgehog IDentifier for .NET is installed on the IIS Application Server, user information can be collected and transmitted to Hedgehog, making the corresponding Client ID and/or IP address available within Hedgehog. Hedgehog IDentifier for .NET can only be implemented in conjunction with Hedgehog sensors. For the IDentifier 3.0.0 version, sensor version of 2.5.1 or later is required. Hedgehog IDentifier for .NET is compatible with the Microsoft .NET Framework Version 1.1 and above for applications running in IIS (ASP.NET) on Windows 2000 and above. Hedgehog IDentifier for .NET can be used by licensed users of Hedgehog Enterprise edition, version 2.5.1 and above, and is conditional on the IDentifier component being included in the active license. An IDentifier license component may be obtained from the Sentrigo support site at: http://support.sentrigo.com.

Installation Workflow
Hedgehog IDentifier for .NET needs to be configured separately on each application in IIS. Hedgehog IDentifier for .NET works only with applications that use MSSQL 2005 or Oracle Database, version 9 or above. Hedgehog IDentifier for .NET is currently supported on the Windows 2000 and above, in either i386 32 bit architecture or x86_64 64 bit architecture. Note: The installation process requires restarting IIS. Please prepare accordingly. The installation process comprises the following stages: Run the Hedgehog IDentifier for .NET installer: The installer can be downloaded from the Sentrigo website. For details, refer to Running the 3 IDentifier Installer. Configure the IDentifier Web Filter. To extract user details and initialize the Hedgehog IDentifier, you will need to add and configure an HTTP Web Module to each application. For details, refer to Configuring the IDentifier Web Filter. 4 Restart IIS: After final configuration, it is necessary to restart the IIS Web server.

Hedgehog IDentifier.NET Installation Guide 1

Running the IDentifier Installer

Running the IDentifier Installer

The IDentifier installer can be downloaded from the Sentrigo Support website. You should install the Hedgehog Server before attempting to run the Installer. The Installer file is named according to the following format: IDentifier.NET-installer<version>-<release number>.exe. For example: IDentifier.NET-installer-3.0.0-10658.exe. Copy the Installer file to the target machine, where the .NET application is installed. Run the Installer as a user with Administrative privileges. Complete the Setup Wizard to install IDentifier for .NET.

Hedgehog IDentifier.NET Installation Guide 2

Configuring the IDentifier Web Filter

Configuring the IDentifier Web Filter

After running the IDentifier for .NET Installer, you are ready to configure the IDentifier Web Filter. To configure the IDentifier Web filter: 1 2 Open the web.config file for the target application in a standard text editor. Edit the file to include the following: On IIS 5 and 6 (Windows XP, Windows 2003) add the following to include the HttpModules element as part of the system.web element. Important note: Make sure to define the "type" element of the module on a single line.
<system.web> <!-- the IDentifier.NET http module for extracting user identification --> <httpModules> <add name="IDentifierHttpModule" type="IDentifier.IDentifierWebModule, IDentifier, Version=2.0.0.0, Culture=neutral, PublicKeyToken=03e8586bc30d2d13"/> </httpModules> <!-- ... --> </system.web>

On IIS 7 and above using Integrated .NET mode (Windows Vista, Windows 7, Windows 2008) add the following to the system.webServer section. Note: system.webServer should be placed under the main configuration section.
<system.webServer> <!-- the IDentifier.NET http module for extracting user identification --> <modules> <add name="IDentifierHttpModule" type="IDentifier.IDentifierWebModule, IDentifier, Version=2.0.0.0, Culture=neutral, PublicKeyToken=03e8586bc30d2d13" preCondition="managedHandler" /> </modules> <!-- ... --> </system.webServer>

The filter is now configured and will work with ASP.NET compliant applications, which use built-in ASP.NET form-based authentication to authenticate users. Additional parameters need to be defined for other forms of authentication. Parameters for the IDentifier Web Filter are added in the appSettings section in the web.config file, through the use of key value elements. For example:
<appSettings>

Hedgehog IDentifier.NET Installation Guide 3

Configuring the IDentifier Web Filter

<add key="[keyname]" value="[value]"/> <!-- ... --> </appSettings>

IDentifier Web Filter Parameters: sentrigo.module.format (default=$fullUrl): Specify how the end user module is determined. Possible values: o o o $fullUrl: Use the full URL of the request as the module. $referrer: Use the referrer URL as the module. $SSRS: Special key word of SQL Server Reports Service. If specified, IDentifier for .NET will attempt to extract the report name as the module value.

sentrigo.context.user.valid (default=true): Specify if the logged in context user is valid. This is the user which is retrieved from the application using: HttpApplication.Context.User.Identity. sentrigo.username.req.param.name: Specify this parameter if authentication is performed through a login page that sends the user name as a request parameter (either GET or POST). The parameter specifies the HTTP request parameter name used for identifying the logging in user. sentrigo.login.page: Specify the login page used for authenticating users. This parameter is optional and should be specified in addition to the sentrigo.username.req.param.name parameter. This parameter specifies to extract the username only from a specific login page. If not specified and sentrigo.username.req.param.name is defined, then the Web Filter will try to extract the username from every request. For example, the following configuration specifies a login page of login.aspx and the request parameter name of: username.

<appSettings> <add key="sentrigo.login.page" value="login.aspx"/> <add key="sentrigo.username.req.param.name" value="username"/> <!-- ... --> </appSettings>

In the above example, the username will be extracted from the HTTP request parameters value according to the parameter name of username and only when the request is accessing the page: login.aspx. sentrigo.session.user.object.key: Specify this parameter to extract user details from an object stored in the HTTP Session. Will use the specified value as a key to fetch a target object from the HTTP Session. It will then call a specified method on the object to receive the user details. The default method to call is: "ToString". This method is

Hedgehog IDentifier.NET Installation Guide 4

Configuring the IDentifier Web Filter

targeted

store the logged in user in HttpApplication.Context.User.Identity and don't use Form Authentication. An example of an application that might need to use this form of user extraction is an application that identifies a user based upon an HTTP cookie. In such a scenario, the users browser sends a cookie which is used for identifying the user. According to the cookie value, an object representing the current user is stored in the HTTP Session. In such a case, IDentifier will be able to look up the object from the HTTP Session and extract the user details. sentrigo.session.user.object.method: The method to call on the target object stored in the HTTP Session, in order to retrieve user details. This parameter is optional and should be specified in addition to the sentrigo.session.user.object.key parameter. If not specified, ToString method will be used on the target object. If a property is to be used to obtain the user value instead of a method, prefix the value with "prop:". For example: "prop:UserName". sentrigo.session.debug.verbose (default=false): When set to true and sentrigo.log.level is set to DEBUG will log the objects stored in the HTTP Session. The log will contain the key names and the object structure. This is useful for finding out the objects stored in the session for configuring the sentrigo.session.user.object.key and sentrigo.session.user.object.method properties. sentrigo.log.level (default=INFO): Specify the log level used for logging by IDentifier. Possible values: ERROR, WARNING, INFO, DEBUG. By default, IDentifier log events to the Windows Application Event Log with a source name of: IDentifier. Note: A level of DEBUG should not be used in production systems. sentrigo.log.file: If specified, the IDentifier Web Filter will not log events to the Windows Event Log, but instead will log events to the specified file. File must have proper permission for the ASP user to write to it. For example, a possible value might be: C:\WINDOWS\system32\LogFiles\Sentrigo\IDentifier.log. sentrigo.log.file.size (default= 10485760): When using a log file via the property sentrigo.log.file, you can specify the max file size of the log file in bytes. The default value is 10485760 (10 MB). sentrigo.default.metrics (default=true): Specify whether or not to set a default metrics string for statements executed outside of a users context. Such statements are usually internal application statements that are triggered in an asynchronous manner. sentrigo.clientid.default (default=default_clientid): The default client id value to use for statements executed outside of a users context. Relevant only if the parameter default.metrics is set to true. sentrigo.module.default (default=default_module): The default module value to use for statements executed outside of a users context. Relevant only if the parameter default.metrics is set to true.

towards

applications

which

don't

Hedgehog IDentifier.NET Installation Guide 5

Outgoing HTTP Request Identifying

sentrigo.action.default (default=default_action): The default action value to use for statements executed outside of a users context. Relevant only if the parameter default.metrics is set to true. sentrigo.web.request.prefixes: See: Outgoing HTTP Request Identifying. 5 sentrigo.http.headers (default=false): Specify if to examine http headers for extracting end-user data. Set to true if to examine. See: Outgoing HTTP Request Identifying. 5

Outgoing HTTP Request Identifying

IDentifier supports adding special headers to outgoing web requests from the application. These headers identify the end user details of the originating request. This feature may be used for example in a three-tier architecture. The web tier process client requests and communicates with an application server using a webservices api (xml over http) and only the application server connects to the database tier directly. By enabling http request identifying on the web tier enduser data is passed together with the webservice request to the application server. The IDentifier installed on the application server will recognize the end-user data and use it for identifying outgoing database request activity. To enable outgoing http request identifying on the web tier set the parameter sentrigo.web.request.prefixes to a prefix containing the outgoing hosts to add the end-user data to. For example: http://myappserver.mydomain.com. You can specify multiple prefixes, by comma separating the prefixes. To enable for all outgoing http requests set the following value: http://. To enable the application server to examine incoming web request headers, set the parameter: sentrigo.http.headers to true.

Troubleshooting
Generating a debug log as part of a Support Request: It is possible to configure the IDentifier web module to produce a log in debug mode by editing the parameters in the appSettings section in the web.config file. For example:
<appSettings> <add key="sentrigo.log.level" value="DEBUG" /> <add key="sentrigo.log.file" value="C:\WINDOWS\system32\LogFiles\Sentrigo\IDentifier.log" /> </appSettings>

Additionally, if using IDentifier for .NET on an application that connects to MS SQL, a log for the IDentifier Interceptor should be generated. This is done by defining a system environment variable with the name: IDI_DEBUG_LOG; for example: C:\tmp\IDentifierIntercetor.log.

Hedgehog IDentifier.NET Installation Guide 6

Troubleshooting

To set the environment variable, right-click My Computer and select Properties > Advanced > Environment Variables > New System Variable.

Hedgehog IDentifier.NET Installation Guide 7