Skip Ribbon Commands
Skip to main content

Find me a Family Web Portal Launched

Secure Video Hosting using Azure and Multi-Factor Authentication

Fiona Lennard

24/02/2015

Fuse recently developed and launched a brand new secure "Find me a Family" web portal for Northamptonshire County Council. The purpose of the new site is to improve the process of bringing together prospective adopter and foster parents with children needing families across the Northamptonshire region.

The website content is understandably locked down with access only given to prospective parents after a thorough vetting process. Given the sensitive nature of the content of the site this blog post will only provide an overview of the technical aspects of the system.

Background Information

The main objectives for the 'Find me a Family' portal are to increase the number of successful placements of children with families and also speed up the placement process by providing parents with easier access to waiting children.

In simple terms the web portal provides the following features:

  • A search process for finding children currently on the system
  • A directory style listing of children
  • Profile pages for the children providing relevant information and in most cases photos and a streamed profile video of the child (or sibling group)
  • Functionality to express interest in a child and thus kick off the process of hopefully finding that child a family and a home
  • Additional content pages providing information to parents about the service and any upcoming events
  • A set of membership related features, including Login, Change Password, Reset Password and User Creation pages

Technical Requirements

Security

The main consideration when planning the website was given to the security aspect. The content in the site – children and parent information – is highly sensitive and every reasonable effort needed to be made to ensure this information was locked down appropriately.

Ease of Use

The website is a channel-shift opportunity for the council and thus also needed to provide a modern, user-friendly interface for those prospective parents who have been granted access. The website should also be mobile-friendly (responsive) and work well across all devices.

Self-Managing

The solution needed to include administration functionality for managing all aspects of the system, including children, parents, administrators, page content, images, videos, reports and audit logs for the site. This meant providing a CMS to deliver some aspects of those requirements, and then extending that CMS to provide the additional requirements.

Hosting

Northamptonshire County Council are in the process of updating their web presence and have a new platform on which new websites can be built and hosted. This platform was built by Fuse Collaboration in partnership with NCC and is currently hosted within a Microsoft Azure "Infrastructure as a Service" virtual machine environment. It was agreed that the portal could also be hosted within this environment but would need to be suitably segregated from other sites and data in order to meet the stringent security requirements.

The Solution

As detailed above the solution was built on the SharePoint 2013 platform leveraging the built-in publishing features to provide the standard suite of CMS capabilities. We also leveraged our enhanced Web Platform for SharePoint which we built for NCC providing additional functionality specific to their requirements.

We then implemented custom web parts to provide the required custom functionality. We also deployed a custom SQL Server database for the purpose of storing certain aspects of the system including user account information and audit logs.

Security Features

  • The SharePoint site leverages the standard ASP.Net Membership system for FBA authentication
  • We have customised the standard login process to integrate the Multi-Factor Authentication (MFA) offering from Azure as part of the login process (more on this below)
  • Standard Reset and Change password features
  • Leverages SharePoint "Groups" for easier management of users and FBA roles
  • Timeout facility where after a configurable period of inactivity (10 minutes by default) the current user's session will automatically end and take the user to the login page (this is different to ASP.Net session timeout which only takes effect after a user requests a new page)
  • Isolated SharePoint Web Application, Application Pool, Application Pool account and Content Database
  • Item-Level permissions on most data, configured automatically as part of the data management process
  • Usage of SharePoint Secure Store Service to store connection credentials for database access
  • Audit logging of each user activity and reporting tools for viewing this activity data
  • Enforced Terms of Use Acceptance on every user session
  • Timeout Token based authentication to remote hosted streaming media services
  • Enforced SSL only access

Multi-Factor Login Process

The decision was taken fairly early on in the planning process to include a Multi-Factor aspect in the Authentication process. For those unfamiliar with this term this essentially means that users require an additional form of proof of identity when they log on the site – not just the standard username and password. We discussed various solutions for this –

  • Providing end users with hardware token generators – this would prove too costly in terms of hardware costs and management overhead
  • Emailing randomly generated PIN tokens to the user's email address which they would then need to enter on the screen – this was deemed unacceptable as someone could gain access to the user's email account
  • Sending a randomly generated PIN token to the user's registered mobile number which they would then need to enter on the screen – this was the agreed approach which we implemented

So having agreed to use SMS for the MFA approach we automatically looked at using the Azure MFA services as the council were already using other Azure services. We are not leveraging the full functionality offered by Azure MFA as our user credentials are not stored in Azure AD. We do however leverage the API for generating and sending SMS tokens to users.

Integrated Streaming Videos

Another key feature of the portal is the ability for prospective parents to view videos of the children. We reviewed a number of ways of managing and hosting this video content with the key deciding factors being how we can minimise the security risk of the videos but also maximise the device and browser compatibility of the playback rendering.

We decided against using SharePoint's built in support for video due to browser and device compatibility issues we saw in testing. We also decided against using Azure's Media Services as at the time it did not have any means for locking the content down to authenticated users only (the security features in Azure Media Services have now improved and might now be a viable option). Instead we decided to leverage a streaming media partner's services who could provide expertise in all things video.

The eventual solution consisted of the following components:

  • Externally hosted video on purpose-built servers
  • SSL only access to the videos
  • Videos loaded via JavaScript calls by passing server-side generated time-sensitive tokens. So the current user is validated as authenticated and then granted a token which is included within the page and the JavaScript call.
  • Branded video player which works across devices and adapts responsively
  • Upload process which works across browsers and uses JavaScript to upload the file across domains thus bypassing any upload limits within SharePoint

In Summary

The stringent security requirements for the Find me a Family portal took this site beyond that of standard web development project. In order to provide the best options for security and video this lead us to using external services that then had to be integrated back into the site, adding to the complexity involved.

Having overcome all of these challenges the web portal is now up and running having had a successful trial period. Hopefully it will succeed in bringing improved efficiencies for the council and also helping children to 'find a family'.​


 About us

Fuse Collaboration Services is a Cloud Solution Provider and Microsoft Gold Partner specialising in delivering SharePoint, Skype for Business, and Azure cloud-based solutions. Based in Northampton, UK.

Microsoft Gold Partner Logo showing 5 competencies

Read more

 Latest Tweets

 Latest Blog

 

 

Have you forgotten about the WannaCry Cyber Attacks already?373<p style="margin&#58;0px;"><font color="#000000" face="Calibri" size="3">The NHS cyber attacks were less than two weeks ago yet it feels like it’s been far longer. So much has happened since and if updating your IT infrastructure was on your agenda but has now been put to one side due to other tasks taking priority read on…..</font></p><p style="margin&#58;0px;"><span lang="EN-GB" style="margin&#58;0px;"><font color="#000000" face="Calibri" size="3">&#160;</font></span></p><p style="margin&#58;0px;"><span lang="EN-GB" style="margin&#58;0px;"><font color="#000000" face="Calibri" size="3">Nobody in the IT world wants to say “I told you so” following &#160;the recent events but the NHS cyber attack should&#160;have made Managing Directors globally, &#160;sit up and listen to their IT advisors. Everyone knows that technology evolves at an alarming pace and our generation has seen the fastest change in this… at least until we land on Mars. </font></span></p><p style="margin&#58;0px;"><span lang="EN-GB" style="margin&#58;0px;"><font color="#000000" face="Calibri" size="3">&#160;</font></span></p><p style="margin&#58;0px;"><span lang="EN-GB" style="margin&#58;0px;"><font color="#000000" face="Calibri" size="3">This means instead of ignoring the IT gurus, we should be taking on board their advice and expertise, particularly around cybersecurity; trust us, it’ll save you money in the long run. Why are we not listening to the experts who thankfully know everything about ransomware, patch management, nibbles, craplets and&#160;DOS attacks? (High five if you know any of that!)</font></span></p><p style="margin&#58;0px;"><span lang="EN-GB" style="margin&#58;0px;"><font color="#000000" face="Calibri" size="3">&#160;</font></span></p><p style="margin&#58;0px;"><span lang="EN-GB" style="margin&#58;0px;"><font color="#000000" face="Calibri" size="3">Put it this way&#58; If a doctor told you that you had a hole in your heart requiring immediate surgery, otherwise it’s game over, you would agree to it being patched up immediately, right? The health of your business is just as critical. The body of your business is reliant on your IT infrastructure for keeping your business profitable whilst also allowing the lunchtime google sessions! Your out of date software, your lack of adequate back up and your ancient operating system are causing holes that are potentially lethal for your business. </font></span></p><p style="margin&#58;0px;"><span lang="EN-GB" style="margin&#58;0px;"><font color="#000000" face="Calibri" size="3">&#160;</font></span></p><p style="margin&#58;0px;"><span lang="EN-GB" style="margin&#58;0px;"><font color="#000000" face="Calibri" size="3">Hackers are more advanced now than ever before , potentially sitting In your system undetected for, on average, over two hundred&#160;days. You need to be ready with the most up-to-date defences you can. The most frustrating part of what has recently happened is that there will be companies out there who will listen to the news, read it in the papers and yet still take the risk, genuinely believing that it will happen to them. If it hasn’t already been drilled in, take a look at a breakdown of last years’ statistics&#58;</font></span></p><p style="margin&#58;0px;"><span lang="EN-GB" style="margin&#58;0px;"><font color="#000000" face="Calibri" size="3">&#160;</font></span></p><p style="margin&#58;0px;"><span lang="EN-GB" style="margin&#58;0px;"><a href="http&#58;//www.hackmageddon.com/category/security/cyber-attacks-statistics/"><span style="text-decoration&#58;underline;"><font color="#0563c1" face="Calibri" size="3">http&#58;//www.hackmageddon.com/category/security/cyber-attacks-statistics/</font></span></a></span></p><p style="margin&#58;0px;"><span lang="EN-GB" style="margin&#58;0px;"><font color="#000000" face="Calibri" size="3">&#160;</font></span></p><p style="margin&#58;0px;"><span lang="EN-GB" style="margin&#58;0px;"><font color="#000000" face="Calibri" size="3">Still don’t think you’re at risk?</font></span></p><p style="margin&#58;0px;"><span lang="EN-GB" style="margin&#58;0px;"><font color="#000000" face="Calibri" size="3">&#160;​</font></span></p><p style="margin&#58;0px;"><span lang="EN-GB" style="margin&#58;0px;"><font face="Calibri"><font size="3"><font color="#000000">If the cost implication of a hack doesn’t shock you in to action (and after reading these five case studies from top corporate losses I think it will - </font><a href="https&#58;//hotforsecurity.bitdefender.com/blog/top-5-corporate-losses-due-to-hacking-1820.html"><span style="text-decoration&#58;underline;"><font color="#0563c1">https&#58;//hotforsecurity.bitdefender.com/blog/top-5-corporate-losses-due-to-hacking-1820.html</font></span></a></font></font><font face="Calibri"><font color="#000000" size="3">), then what about the other crippling effects of a hacking that, ultimately, could have been prevented?</font></font></span></p><p style="margin&#58;0px;"><span lang="EN-GB" style="margin&#58;0px;"><font color="#000000" face="Calibri" size="3">&#160;</font></span></p><p style="margin&#58;0px;"><span lang="EN-GB" style="margin&#58;0px;"><font color="#000000" face="Calibri" size="3">Your reputation would take a hit, especially if thousands of customer’s valuable data including their full names, logins, passwords, e-mails, home addresses, purchase history, and credit card numbers are stolen. It’s a company’s responsibility and legal requirement to keep this information safe. Your customers may jump ship to another competitor, meaning a further hit on your profitability. </font></span></p><p style="margin&#58;0px;"><span lang="EN-GB" style="margin&#58;0px;"><font color="#000000" face="Calibri" size="3">&#160;</font></span></p><p style="margin&#58;0px;"><span lang="EN-GB" style="margin&#58;0px;"><font color="#000000" face="Calibri" size="3">In 2016, two thirds of large UK businesses were hit by a cyber breach or attack. Could this number have been reduced? We know it can.</font></span></p><p style="margin&#58;0px;"><span lang="EN-GB" style="margin&#58;0px;"><font color="#000000" face="Calibri" size="3">&#160;</font></span></p><p style="margin&#58;0px;"><span lang="EN-GB" style="margin&#58;0px;"><font color="#000000" face="Calibri" size="3">Fuse Collaboration are experts in the following&#58;</font></span></p><p style="margin&#58;0px;"><span lang="EN-GB" style="margin&#58;0px;"><font color="#000000" face="Calibri" size="3">&#160;</font></span></p><ul style="margin-top&#58;0in;"><li style="margin&#58;0px 0px 0px 3px;color&#58;#000000;font-family&#58;&quot;calibri&quot;,sans-serif;font-size&#58;11pt;font-style&#58;normal;font-weight&#58;normal;"><span lang="EN-GB" style="margin&#58;0px;">Cyber Security</span></li><li style="margin&#58;0px 0px 0px 3px;color&#58;#000000;font-family&#58;&quot;calibri&quot;,sans-serif;font-size&#58;11pt;font-style&#58;normal;font-weight&#58;normal;"><span lang="EN-GB" style="margin&#58;0px;">Patch management</span></li><li style="margin&#58;0px 0px 0px 3px;color&#58;#000000;font-family&#58;&quot;calibri&quot;,sans-serif;font-size&#58;11pt;font-style&#58;normal;font-weight&#58;normal;"><span lang="EN-GB" style="margin&#58;0px;">Back up</span></li><li style="margin&#58;0px 0px 0px 3px;color&#58;#000000;font-family&#58;&quot;calibri&quot;,sans-serif;font-size&#58;11pt;font-style&#58;normal;font-weight&#58;normal;"><span lang="EN-GB" style="margin&#58;0px;">Sharepoint</span></li><li style="margin&#58;0px 0px 0px 3px;color&#58;#000000;font-family&#58;&quot;calibri&quot;,sans-serif;font-size&#58;11pt;font-style&#58;normal;font-weight&#58;normal;"><span lang="EN-GB" style="margin&#58;0px;">Azure</span></li><li style="margin&#58;0px 0px 0px 3px;color&#58;#000000;font-family&#58;&quot;calibri&quot;,sans-serif;font-size&#58;11pt;font-style&#58;normal;font-weight&#58;normal;"><span lang="EN-GB" style="margin&#58;0px;">Office 365</span></li><li style="margin&#58;0px 0px 0px 3px;color&#58;#000000;font-family&#58;&quot;calibri&quot;,sans-serif;font-size&#58;11pt;font-style&#58;normal;font-weight&#58;normal;"><span lang="EN-GB" style="margin&#58;0px;">System Center </span></li><li style="margin&#58;0px 0px 0px 3px;color&#58;#000000;font-family&#58;&quot;calibri&quot;,sans-serif;font-size&#58;11pt;font-style&#58;normal;font-weight&#58;normal;"><span lang="EN-GB" style="margin&#58;0px;">Dynamics CRM</span></li></ul><p style="margin&#58;0px 0px 0px 51px;"><span lang="EN-GB" style="margin&#58;0px;"><font color="#000000" face="Calibri" size="3">&#160;</font></span></p><p style="margin&#58;0px;"><span lang="EN-GB" style="margin&#58;0px;"><font color="#000000" face="Calibri" size="3">Our services include a bespoke combination of business consulting, </font></span><span lang="EN-GB" style="margin&#58;0px;color&#58;#302e2f;font-family&#58;&quot;segoe ui&quot;,sans-serif;font-size&#58;10.5pt;">infrastructure design, SharePoint development and managed services and as a </span><span lang="EN-GB" style="margin&#58;0px;font-family&#58;&quot;segoe ui&quot;,sans-serif;font-size&#58;10.5pt;"><font color="#000000">certified </font><span style="margin&#58;0px;color&#58;#302e2f;">Microsoft Gold Partner you have that added reassurance that your business is in the right hands</span><font color="#000000">. </font></span></p><p style="margin&#58;0px;"><span lang="EN-GB" style="margin&#58;0px;font-family&#58;&quot;segoe ui&quot;,sans-serif;font-size&#58;10.5pt;"><font color="#000000">&#160;</font></span></p><p style="margin&#58;0px;"><span lang="EN-GB" style="margin&#58;0px;font-family&#58;&quot;segoe ui&quot;,sans-serif;font-size&#58;10.5pt;"><font color="#000000">Any upgrades to your infrastructure can be phased in over a time suitable to your users, business demands and your budget. Our team are experts in delivering what you want - call us on 01604 797979</font><span style="margin&#58;0px;"></span></span></p><p>​​</p>l.ozier@fusecollaboration.com | Louise Ozier | 693A30232E777C6675736563735C6C2E6F7A696572 i:0#.w|fusecs\l.ozier24/05/2017 23:00:002017-05-24T23:00:00Z25/05/2017 14:27:14http://www.fusecollaboration.com/ourblog/Pages/Forms/AllItems.aspxhtmlFalseaspx

 Contact us

Our address
12-14 Brookfield, Duncan Close
Moulton Park, Northampton
NN3 6WL
P: +44(0)1604 797979
Contact Us