Access PKI - how to integrate

My CIO has mandated that all applications be secured with a PKI.  All users on my network have a PKI and they are used for SharePoint and other application logons.  How can I integrate a PKI-based solution with Access.  I'm new with this PKI stuff so please explain as simply as possible - thanks in advance.
Keyboard CowboyAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Boyd (HiTechCoach) Trimmell, Microsoft Access MVPDesigner and DeveloperCommented:
I know of several large software companies that use this:
Jim Dettman (Microsoft MVP/ EE MVE)President / OwnerCommented:
Do you use SQL Server or another RDBMS for a datastore?

If not and your using JET/ACE  (a MDB or accdb) data file) then you really can't protect anything.

With that said, what exactly has your CIO mandated?  Just that login's are secure?  the app entirely? Data?

Keyboard CowboyAuthor Commented:
Thanks Jim for your response... I'm using MySQL.  I would prefer to use SQL Server but that's not available in this environment.  The guidance is pretty broad - secure things with PKI.  So instead of a simple login with possibly a password from an Access or MySQL (encrypted) I was trying to insert PKI in there somewhere but I don't see how to do it.
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

Jim Dettman (Microsoft MVP/ EE MVE)President / OwnerCommented:
Well in brief, you'd write VBA code to provide a log in that would verify a presented certificate (in the form of a card) or a key.  You could possibly rely on Windows services as part of that.   You might also employ PKI between your application and the server, requiring a certificate to gain access to the data.

  That's why I asked what the mandate was.

  From the Access side however, at a minimum it means:

1. Securing the VBA project with a password.
2. Distributing applications as a MDE/ACCDE (source code stripped out).

  This is a big ball of yarn and there are a number of issues.  It all really depends on what your trying to do/protect as to how you go about it.

 Note that you'll also be off in the wild blue yonder as when it comes to security, Access and VBA are not the most robust.   You'll therefore find few examples and little guidance using PKI with Access.

 For example, I don't think I've ever spoken to or had contact with a developer that has done PKI in any form in conjunction with Access, myself included.

 I know the basic concepts of PKI and have worked with it in other ways, but never with Access directly.

Keyboard CowboyAuthor Commented:
Thanks - yeah -this whole project is a big ball of yarn...
Appreciate your insights - I'm looking for a way in VBA to verify the PKI of the user but since it's not in the browser session, it's not trivial at least to me.

Jim Dettman (Microsoft MVP/ EE MVE)President / OwnerCommented:
You would be looking to the windows crypto services; the ability to read a smart card is part of that and that's how a user gets authenticated.

In fact, you might even end up with the very simple setup of having a smart card log in required with windows, and your Access app does nothing more than accept the users windows log in for application use.

Then you'd need nothing more than the code to grab the windows user name (readily available).

Again though, your looking at securing the VBA portion at a minimum so no one could bypass the log in requirement logic you have in place.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Keyboard CowboyAuthor Commented:
Right I secured the VBA with a password and I only give out ACCDE files anyway - thanks appreciate it -
Keyboard CowboyAuthor Commented:
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.