FACULTY OF MANAGEMENT & INFORMATION SCIENCES

SCHOOL OF COMPUTING AND INFORMATION SCIENCE (SoCIS)

Project Report
Of
Advanced Database Management System
(CS-2206)

Submitted by: Warisha Qureshi (ADCS-01031)

Saad Ali (ADCS-01016)
Kashan Ashraf (ADCS-01030)

Guided by: Sir Haris Ahmed _____

Project Overview:
The Cloud Access Security Broker (CASB) project is designed to act as an intermediary between
cloud service consumers and cloud service providers. It enforces security, compliance, and
governance policies for cloud-based resources. The project integrates .NET Core for web
application functionality, Azure Data Studio for database management, and Azure Functions for
serverless execution. This detailed report elaborates on the project's implementation,
architecture, and features.

Technologies Used:
1. .NET Core
o ASP.NET Core MVC: Utilized for building a robust and scalable web application.
o ASP.NET Core Identity: Implements authentication and authorization.
2. Database Management
o Azure Data Studio: A powerful tool for managing databases in a cloud
environment.
o Entity Framework Core: An Object-Relational Mapper (ORM) used to interact
with the database.
3. Cloud Services
o Azure Functions: Serverless functions to extend the functionality of the
application.
4. Front-end
o Razor Views: A syntax for combining HTML markup with C# code, enabling
dynamic content rendering.
5. Security
o PBKDF2: A cryptographic algorithm used to hash passwords securely.

User Roles and Permissions:

1. Admin
o Full Access: The admin has comprehensive control over the application,
including user management and database access.
o Capabilities:
 Create, read, update, and delete (CRUD) users.
 Access and manage the database through Azure Data Studio.
 Modify application settings and enforce security policies.
 Access all application functionalities without restriction.
2. Users
o Limited Access: Regular users have restricted access to ensure security and
compliance.
 o Capabilities:
 Register an account and log in to the application.
 View personal information and update their profile.
 Limited to non-administrative functionalities.
 Redirected to access-denied pages when attempting to access admin-
specific features.

Project Structure

1. Controllers
o AccountController:
 Manages user authentication, including login, logout, and registration.
 Hashes passwords using PBKDF2 for secure storage.
 Issues authentication cookies upon successful login.
o HomeController:
 Manages the display of the main application pages such as Index, Privacy,
and Error.
o UserController:
 Handles CRUD operations for user management.
 Restricted to admin users through role-based authorization.
2. Models
o User: Represents a user entity in the system with properties such as Id, Name,
Username, Email, PasswordHash, and Role.
o ErrorViewModel: Represents error information for display in error views.
3. Views
o Account Views: Login and Register pages.
o Home Views: Index, Privacy, and Error pages.
o User Views: Create, Edit, Delete, and Index (user management) pages.
4. Data Layer
o ApplicationDbContext: Manages database context, user entities, and seeding
initial data.
o Database Seeding: Populates the database with initial admin and user accounts
for testing.
5. Azure Function
o HttpTriggerFunction: Demonstrates calling an external .NET Core application
from an Azure Function.

Authentication and Authorization:

1. Authentication
o Implemented using ASP.NET Core Identity.
o Users authenticate by providing a username and password.
 o Passwords are hashed using PBKDF2 with a unique salt for each password.
o Cookies are used for maintaining user sessions.
2. Authorization
o Role-based access control (RBAC) is implemented to restrict access to certain
features.
o Admin role has access to all functionalities.
o Regular users have restricted access and cannot perform admin-level tasks.

Implementation Details
1. User Registration and Login
o Users can register by providing their name, username, email, and password.
o During registration, the password is hashed using PBKDF2 and stored in the
database.
o Upon successful login, an authentication cookie is issued, allowing the user to
access the application.
2. Admin User Management
o Admin users can create new users, edit existing users, and delete users.
o User data is managed through CRUD operations in the UserController.
o Views for user management are accessible only to admin users.
3. Password Hashing
o PBKDF2 is used to hash passwords securely.
o Each password is hashed with a unique salt to protect against rainbow table
attacks.
o Example code for hashing passwords:
4. Azure Function Integration
o The HttpTriggerFunction demonstrates serverless execution by calling a .NET Core
application endpoint.
o Configuration settings are managed using local.settings.json and environment
variables.
o Example Azure Function code:

Database Management:
1. Azure Data Studio
o The admin has full access to manage the database using Azure Data Studio.
o Admin can create new databases, modify existing ones, and perform
administrative tasks.
2. Entity Framework Core
o Used for database interactions within the .NET Core application.
o Database context is managed through the ApplicationDbContext class.
o Initial data is seeded to the database to create an admin and a user account.
Security Measures:
1. Password Security
o Passwords are hashed using PBKDF2 with a unique salt for each user.
o Ensures passwords are stored securely and protected against common attacks.
2. Role-Based Access Control
o Admin and user roles are defined with distinct permissions.
o Access control is enforced through authorization attributes in controllers.
3. Session Management
o Authentication cookies are used to manage user sessions securely.
o Sessions are maintained across user actions to ensure a seamless experience.

Future Enhancements
1. Multi-Factor Authentication (MFA)
o Implementing MFA to enhance security during user login.
2. Activity Logging
o Logging user activities for audit purposes and improved security monitoring.
3. Enhanced User Interface
o Improving the UI for better user experience and usability.
4. Advanced Role Management
o Adding more granular roles and permissions for finer access control.

Some Snippets Of the Code And Connectivity:

Azure Faas Function:

2.
Hash Password:

Azure Data Studio:

Conclusion:
The CASB project successfully implements a secure and scalable solution for managing cloud
access. By integrating .NET Core, Azure Data Studio, and Azure Functions, the project provides
robust authentication and authorization mechanisms. The clear separation of roles ensures that
admin users have full control while regular users are restricted to necessary functionalities. This
project demonstrates effective use of modern web development and cloud technologies, setting a
strong foundation for future enhancements and scalability.