Access PKI - how to integrate

My CIO has mandated that all applications be secured with a PKI.  All users on my network have a PKI and they are used for SharePoint and other application logons.  How can I integrate a PKI-based solution with Access.  I'm new with this PKI stuff so please explain as simply as possible - thanks in advance.
LVL 4
Keyboard CowboyAsked:
Who is Participating?
 
Jim Dettman (Microsoft MVP/ EE MVE)President / OwnerCommented:
You would be looking to the windows crypto services; the ability to read a smart card is part of that and that's how a user gets authenticated.

In fact, you might even end up with the very simple setup of having a smart card log in required with windows, and your Access app does nothing more than accept the users windows log in for application use.

Then you'd need nothing more than the code to grab the windows user name (readily available).

Again though, your looking at securing the VBA portion at a minimum so no one could bypass the log in requirement logic you have in place.

Jim.
0
 
Boyd (HiTechCoach) Trimmell, Microsoft Access MVPCommented:
I know of several large software companies that use this: http://www.safenet-inc.com/data-protection/pki-security-solutions/
0
 
Jim Dettman (Microsoft MVP/ EE MVE)President / OwnerCommented:
Do you use SQL Server or another RDBMS for a datastore?

If not and your using JET/ACE  (a MDB or accdb) data file) then you really can't protect anything.

With that said, what exactly has your CIO mandated?  Just that login's are secure?  the app entirely? Data?

Jim.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
Keyboard CowboyAuthor Commented:
Thanks Jim for your response... I'm using MySQL.  I would prefer to use SQL Server but that's not available in this environment.  The guidance is pretty broad - secure things with PKI.  So instead of a simple login with possibly a password from an Access or MySQL (encrypted) I was trying to insert PKI in there somewhere but I don't see how to do it.
0
 
Jim Dettman (Microsoft MVP/ EE MVE)President / OwnerCommented:
Well in brief, you'd write VBA code to provide a log in that would verify a presented certificate (in the form of a card) or a key.  You could possibly rely on Windows services as part of that.   You might also employ PKI between your application and the server, requiring a certificate to gain access to the data.

  That's why I asked what the mandate was.

  From the Access side however, at a minimum it means:

1. Securing the VBA project with a password.
2. Distributing applications as a MDE/ACCDE (source code stripped out).

  This is a big ball of yarn and there are a number of issues.  It all really depends on what your trying to do/protect as to how you go about it.

 Note that you'll also be off in the wild blue yonder as when it comes to security, Access and VBA are not the most robust.   You'll therefore find few examples and little guidance using PKI with Access.

 For example, I don't think I've ever spoken to or had contact with a developer that has done PKI in any form in conjunction with Access, myself included.

 I know the basic concepts of PKI and have worked with it in other ways, but never with Access directly.

Jim.
0
 
Keyboard CowboyAuthor Commented:
Thanks - yeah -this whole project is a big ball of yarn...
Appreciate your insights - I'm looking for a way in VBA to verify the PKI of the user but since it's not in the browser session, it's not trivial at least to me.

Thanks
0
 
Keyboard CowboyAuthor Commented:
Right I secured the VBA with a password and I only give out ACCDE files anyway - thanks appreciate it -
0
 
Keyboard CowboyAuthor Commented:
thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.