Security

Blog
Security
Thursday, October 26, 2017PrintSubscribe
User Pictures in SharePoint, Facebook, Google

Release 8.6.7.0 introduces automatic capturing of user profile picture for Facebook, Google, and SharePoint accounts when configured for Single Sign-On with OAuth. The user picture is captured directly from the identity provide and stored in the CMS of the app.

We have corrected the latest iteration of themes to re-enable conditional styling rules. Just make sure to place your CSS rules into ~/css folder instead of ~/touch.

image

The release aslo corrects muscellaneous issues related to the introduction of the new file structure compatible with the upcoming native apps. See the details below.

  • Restored modal-never tag function to force fullscreen presentation even when modal forms are allowed by the screen size.
  • Summary in the sidebar does not display NULL values anymore.
  • Fixed. If Int field has Text values in Items then advanced search must be configured as text. Previously the lookups were displayed as simple “numeric” values.
  • Lookups with static context field values (e.g. "CategoryName='Condiments'" or "CategoryID=1, CategoryID=5") do not expose them in the filter that can be cleared. Also the specified fields are hidden in the filtered view. This reproduces the behavior of the Classic UI.
  • Static lookup fields with Context dependencies will first cause Calculate if defined and then popuplate the list of values. Previously items stopped being populated.
  • Actions in "Custom" group are rendered as "hidden" if defined in the view layout but not available in the controller in Touch UI apps.
  • Automatically created row of "Custom" actions is removed when there are no "visible" custom actions in Touch UI apps.
  • “Form Layout” feature in Developer Toolbar of Touch UI apps correctly pre-selects the current page size for the layouts available for download.
  • Calendar view style correctly displays tabs making possible interactive selection of Day/Week/Months/Year/Agenda mode.
  • Resolved the bug with “Controller not found.” when ~/controllers folder is spelled in camel notation.
  • SharePoint OAuth now downloads user profile photo if supported.
  • Fixed - Blob fields marked as "required" will allow submitting a form. Physical BLOB  columns in tables must allow NULL values for apps to allow uploading of large content. Developers can mark BLOB fields are required to force a submition when the record is created.
  • Facebook OAuth now supports download of profile picture.
  • Fixed issue with "Sync Roles" showing true in oauth wizard.
  • Google OAuth provider now downloads user avatar.
  • Fixed issues with Web App Factory publishing.
  • Files daf-resources.js and daf-resources.min.js are now removed from ~/js/sys folder, since these files are not needed for an application to execute correctly. Only the localized versions of these files will remain in the project.
  • Fixed issue where ASPX projects adding an account would navigate to "login" instead of "login.aspx".
  • Removed "Sign Up" and "Forgot Password" if Active Directory is enabled in Membership and Autentication Settings.
  • Included images & fonts in Web App Factory. Fixed regression when js folder does not exist.
  • Toolbar located at the bottom of the sidebar will become hidden if there are no icons displayed in it.
  • Model Builder - Duplicate model field names are not created when columns are borrowed from the master tables joined in the model query.
  • Ensured duplicate site content is not created if model exists with name "SiteContent".
  • Removed legacy rules app-icon-check to prevent interferance with the ui-btn::after in the grid/list/cards.
  • Ensured bootstrap CSS link in Classic projects is formed correctly.
  • Disabled Native App SUpport for ASPX projects.
  • Removed unused references to AJAX framework script resolution.
  • Fixed issue with OAuth registration - adding system identity no longer sets content type to "application/octet-stream".
  • Ensured that Active Directory authentication configuration will cause the login button to display.
  • Fixed issue with Web App VB not including culture JS files in assembly.
  • Fixed compilation issues of GetManifestFileServiceRequestHandler when implemented in Visual Basic.
  • Removes remaining references to Sandbox project created in WebApp Factory projects.
  • Fixed issue with Localizer JavaScript encoding values in controls.
Thursday, October 26, 2017PrintSubscribe
DotNetNuke + Code On Time = RAD for Business

DotNetNuke Portal and Code On Time apps are great together!

Create an online presence for your business or organization with the help of DNN in minutes. Build powerful data-driven apps for your portal and fully integrate them in the DotNetNuke portal with Single Sign On (SSO). Present data directly in the portal pages or access them offline, online, and on-premises. Use the power of DotNetNuke tokens in the business logic and access control rules of your apps.

App created with Code On Time is integrated in the instance of DotNetNuke Portal.

Rapid Application Development (RAD) tools available in Code On Time will help you build the apps that can be integrated with a DNN portal even if your app is running on its own server.

The introductory video demonstrates an app integrated into a DotNetNuke instance running in Microsoft Azure cloud. The app data can be presented in the online portal, access directly, or execute in offline mode on a mobile device.

This is possible without writing a single line of code. Simply install Cloud On Time Connector for DNN extension in your portal, configure an OAuth endpoint page, and create a corresponding SaaS (Software-as-a-Service) registration record in your app.

The in-depth review of Rapid Application Development for DotNetNuke with Code on Time takes through the various aspects of integration enhanced with the video tutorials.

The tutorial covers the following subjects:

  • Configuring DNN Portal in Azure
  • Creating a Sample App with Code On Time
  • Configuring DNN for Open Authentication
  • Advanced Features (Roles and DotNetNuke tokens)
  • Rapid Application Development and Data Model Builder
  • Server-Side Technology of Code On Time apps
  • Application Programming Interfaces (APIs)
  • Data Access
  • Business Rules
  • Server Deployment
  • Client-Side Technology
  • User Inteface Design (Forms and Navigation)
  • Data Binding
  • Client Deployment

Apps created with Code On Time can also integrate with other content management systems such as SharePoint Online in Office 365.

App created with Code On Time is integrated in SharePoint Online.
Wednesday, October 18, 2017PrintSubscribe
OAuth Wizards, RTF, DNN Integration, Enhanced Quick Find, New Folder Structure, and more.

Code On Time release 8.6.6.0 brings about a new folder structure, RTF support in Touch UI, OAuth registration wizards, built-in integration with DotNetNuke, enhanced Quick Find with history and auto-suggestions. User interface of the generated apps has also changed in subtle ways.New features of Code On Time 8.6.6.0

Keep reading to find out what’s new!

Native Client Apps

The release sets up the stage for the upcoming Native Client Apps (NCA). NCA is a hybrid app composed of HTML,  JavaScript, CSS, and native platform-specific executable that can be installed on a mobile device. NCA makes HTTP requests  to the sever-side components of the application to read-write data. Apps generated with the release 8.6.6.0 have a folder structure compatible with the platform-specific executables designed and developed by our team.

New folder structure of apps created with Code On Time release 8.6.6.0

Folders css, fonts, images, js, and pages are transferred as-is to the mobile device upon installation of the app directly from the server deployment. Various application framework components were added and enhanced to support self-updatable NCA executables.

Presently Code On Time generator produces apps composed of HTML, JavaScript, CSS, and server-side code written in C# or Visual Basic. Apps are hosted on a Microsoft IIS web server and can be accessed via modern web browsers from mobile and desktop devices. Starting with the release 8.7.0.0 (see notes at the end of the post) we will introduce generation of Native Client Apps for distribution via Apple App Store, Google Play Store, and Window App Store.  Also Chromium-based native Windows Apps will be supported for Windows 7 and all other compatible versions of Microsoft OS as alternative to Windows App Store.

Theme Enhancements

The release intoduces numerous subtle Light theme enhancements. The toolbar is now a little taller. The selection indication colors are borrowed from the theme accent. Feedback response is expressed via background color changes.

New “Dark” theme will become available soon to double the theming choices. We are also considering configurable “dark” theme variations to allow custom “main” themes.

All future themes will share the same color accents.

Simple Search With SuperPowers

Quick Find has been greatly enhanced to offer search history, auto suggestions, and field level search.

Auto-suggestions in Quick Find of apps created with Code On Time

Enter the first letters of the field name separated with a colon symbol from the search sample to limit the search scope.

Field-level search in the app created with Code On Time and Touch UI

RTF (Rich Text Format)

Built-in Rich Text editor without any external dependencies is now available in Touch UI. Simply set the Text Mode property of a data field to Rich Text to enable displaying and editing of formatted content.

Built-in Rich Text Editor in a Touch UI app build with Code On Time

“See All” to Fullscreen

Summary data views will open in “fullscreen” mode when “See All” option is selected. This screenshot shows a summary view of suppliers.

Summary view of records in an app with Touch UI

A fullscreen infinite “grid” of suppliers without paging is displayed when the user taps “See All” in the right top corner or when the user taps on the pager area.

Infinite view of records in the app created with Code On Time

Previously a modal view of data items was displayed instead.

User Avatars

App administrators can now upload user photos directly into the built-in conent management system of the app. First enable CMS for your project. Next ;ogin as administrator and navigate to Site Content. Upload a custom image and set its name to the name of the corresponding user and leave .PNG or .JPG extension. Set Path to sys/users. If the user logs out and logs in again, then the image is automatically displayed on the app toolbar.

Uploading a user photo into Content Management System on an app created with Code On Time

The same mechanism is automatically engaged upon Single Sign On (SSO) with Facebook, Google, Windows Live, DotNetNuke, etc.

Automatic Focus and Modal Fullscreen

Developers are now able to set a focus on an arbitrary field in a form by specifing focus-auto tag. The field will be focused in edit/new mode.

Frequently requested feature to display forms in “fullscreen” mode is now a part of the framework. Developers can specify modal-fullscreen tag on the form view to accomplish this effect.

A fullscreen editForm1 view in edit mode with the automatic focus on the second field is shown in the screenshot.

A fullscreen form view with the focus automatically set on the second field in an app created with Code On Time

CMS + OAuth Registration

Content Management System now supports OAuth Registration wizards to enable easy registration of external OAuth providers in the apps to enable SSO and optional communication services. Custom wizard forms are now available for Facebook, Google, Windows Live, Microsoft Graph, SharePoint, Identity Server, and DotNetNuke.

Open Registration Authentication for Microsoft SharePoint is displayed below.

OAuth registration form for Microsoft SharePoint integration of an app created with Code On Time

You will find implementation of the OAuth Wizards under ~/js/surveys/cms folder. Take a look to see how the wizards are working and build your own surveys.

We will be adding more custom editors for CMS content to enable easy runtime configuration of data controllers, pages, access control rules, workflow register, and much more.

Cloud On Time Connector for DotNetNuke

An app created with any edition of Code On Time can now be integrated with a popular content management system DotNetNuke. DNN allows easy deployment of customer-facing web portals built with Microsoft.NET. 

Just a few lines of code are now included in every generated app to allow easy integration with DotNetNuke portal instances. The portal administrator must install the free module Cloud On Time Connector for DNN available on our website. The application administrator will have to configure the app for integration. Integration with DNN is discussed in details if you follow the links.

We have also developed a collection of video tutorials to provide step-by-step guidance for the process of integrating DotNetNuke and apps created with Code On Time.

Watch a brief intro to learn how to rapidly build database forms, reports, apps for DotNetNuke portals. Use the links above to find the full details and instructions.

 

Applications generated with Unlimited edition can also be integrated with Microsoft SharePoint Online (Office 365) in a similar fashion.

You may not need a full featured portal as the front end for your app, but be assured that the technology making integration with DNN and SharePoint possible has singificant implications. Soon you will be able to use Code On Time to build your own apps that act as providers of identity information such as users, roles, and various custom data properties. It will be possible to create custom business applications that outsource user/role management to the identity provider app via OAuth. Apps acting as identity consumers will not have a built-in user management and will defer authentication and authorization decisions to the identity provider application created with Code On Time.  This will greatly simplify user management and enhance application security when large collections of apps are developed. This mechanism is the core component of the upcoming Cloud Edition of the v9, the next generation app builder of mobile and desktop apps. The new Cloud Identiy component of generated apps will become the default universal option for “Authentication and Membership” instead of ASP.NET Membership.

See Also

The following bug fixes, enhancements, and new features were introduced:

  • Light theme has been enhanced to use the “grey” background for visual response on click/touch with additional accent colors from to indicate the “selected” state of the elements of user interface.
  • There is no gap between modal pages and screen edge if the screen width is less than 480px.
  • Rich Text Formatting is now available in Touch UI when the Text Mode of a data field is set to Rich Text.
  • Read Only When expression works correctly when the field is specified in the Copy property of the lookup field.
  • List/Grid/Cards display a text-only tooltip limited to 300 characters.
  • Fixed. Model Builder sets up the sort expression of the baseline data controller view grid1 according to the order of the fields.
  • Enhanced rendering on Windows 10 tablets and horizontal touch-scrolling in grid view style.
  • Property Visible When of tabbed categories works correctly in Touch UI with container-level data views and DataView fields in forms. Tabs in forms will continuosly respond to changes to the fields used in Visible When expressions. Tabs of container-level data view fields will respond only to the initial values of the master row.
  • Switching between tabs will maintain the scroll position in forms even when the tabs reveal a small amount of content to prevent “jumping” effect.
  • Forms templates created by the framework at runtime will not include data-visibility attribute on field and category elements unless there is a Visible When expression on the corresponding object of the data controller.
  • JSON serialization of dates now uses String.Format method instead of DateTime.ToString to prevent culture related exceptions for some date values.
  • Globalization scripts are now included explicitly in the framework file set under ~/js/sys/culture folder of the app. If only the en-US culture is supported in the app, then the folder does not exist. New culture files are automatically generated when globalization settings of the project are changed. Calendars Hijri and UmAlQura are incuded directly in the corresponding globalization script as needed.
  • Controller MyProfile now includes culture-specific translated resources.
  • Added German membership translations - Thank you Peter Teutsch.
  • Fixed the double selection of auto-complete with the mouse in Touch UI on Mac OSX.
  • Fixed issue with custom session state with "DELETE * FROM..."
  • OAuth login using token in cookie and auto login causing redirect loop has been fixed.
  • Added check to fix issue with EnsureFieldValues when no values are submitted (Export, Download, etc).
  • Added JSON serialization support for the fields of type “Date” to work the same as “DateTime”.
  • Application framework now implements GetIdentity, GetManifest, GetManifestFile to support the native client apps.
  • Tag focus-auto will cause the form to set the focus on the corresponding data field in the form in new/edit mode on devices with a mouse pointer.
  • Tag modal-fullscreen will cause the form view to open as “fullscreen” modal view when the screen width allow “modal” presentation.
  • Ensured that the field outputs use the proper model name when available, instead of column name.
  • Added default user roles to user accounts created by external authentication.
  • Added new OAuth Registration Surveys to SiteContent.
  • Password recovery is denied if user has "Source: \w" in the comment (i.e. came from SSO source).
  • SiteContent is now sorted by FileName, Path.
  • Disabled ASP.NET request validation. Added RequestValidationService class as a replacement.
  • Client Framework now HTML-encodes the entire request. The server-side framework HTML-decodes the request to prevent HTML injection on HTTP level.
  • DotNetNuke integration via OAuth and Cloud On Time Connector for DotNetNuke is introduced in the apps. DNN tokens are now persisted in the database. OAuthHandler can now set email separately from the username.
  • Classic UI: Mandatory dropdownlist/radiobuttonlist/listbox will display NULL option if the field value is null. This will force the user to make a choice.
  • Touch UI: "N/A" text is not displayed in mandatory dropdownlist/radiobuttonlist/listbox when the field with null value is activated. Instead the placeholer is displayed in the empty input text box.
  • Fixed. Operation "$lastweek" missing from RowFilterOperations.
  • It is now possible to use culture-specific “comma” in decimal values on iOS devices when entering numbers.
  • Fixed left sidebar shifting with glyphicon icon.
  • New methods added to SiteContentFile: WriteAllBytes, WriteAllText, Exists, Delete.
  • User pictures (avatars) can now be saved in CMS as "sys/users/[UserName].(jpg|png)".
  • Quick Find now supports auto-suggestions, history, and field-level search. Improved search results for "search anywhere" and "search in field".
  • Universal Input: Refactored for speed the implementation of "change" function that monitors lookup input.
  • Ensured application name is "/" for apps using ASP.NET membership.
  • Publish will re-ask permissions if expired or incorrect.
  • Fixed. “Required” Tooltip shows up incorrectly when the field is on an inactive tab.
  • Search On Start works in Summary mode.
  • New tag search-on-start-simple will force search to be displayed in "simple" mode instead of "advanced". Advanced is the default mode for "Search On Start".
  • Client framework ignores HTTP error codes < 0 frequently causes by user navigating away when a data request is still in progress.
  • Ensure date picker closes after selection if no time component in Touch UI.
  • Context Values are passed as External Filters to enable additional server-side analysis and filtering similar to https://codeontime.com/learn/data-controllers/fields/context-field/implicit-lookup-filters-with-filter-expression.
  • It is now again possible to specify literal values on the right side of mappings in "Context Fields" expression in Touch UI.
  • Application Framework: Legacy security attribute legacyCasModel of "trust" element is restored to enable better performance of Report Viewer on more secure Windows Servers.
  • Folder structure of generated apps has changed:.
    • All javascript goes under ~/js with /js/sys and /js/daf folders.
    • All touch CSS goes under ~/css.
    • Lowercase pages, reports, controls.
    • Method sm_ResolveScriptReference has been removed from Site.cs(vb), and instead sm.AjaxFrameworkMode = Disabled for both ASPX and HTML projects.
  • Renamed import-1.0.0.0.js to touch-import.js. Included jQuery 2.2.4 into release.

Next

Monitor our roadmap 2017 updates over this weekend to see what is coming next (Native Client Apps for mobile devices, Chromium-based client for Windows, Offline Data Processor, etc.)