Security

Labels
AJAX(112) App Studio(7) Apple(1) Application Builder(245) Application Factory(207) ASP.NET(95) ASP.NET 3.5(45) ASP.NET Code Generator(72) ASP.NET Membership(28) Azure(18) Barcode(2) Barcodes(3) BLOB(18) Business Rules(1) Business Rules/Logic(140) BYOD(13) Caching(2) Calendar(5) Charts(29) Cloud(14) Cloud On Time(2) Cloud On Time for Windows 7(2) Code Generator(54) Collaboration(11) command line(1) Conflict Detection(1) Content Management System(12) COT Tools for Excel(26) CRUD(1) Custom Actions(1) Data Aquarium Framework(122) Data Sheet(9) Data Sources(22) Database Lookups(50) Deployment(22) Designer(177) Device(1) DotNetNuke(12) EASE(20) Email(6) Features(101) Firebird(1) Form Builder(14) Globalization and Localization(6) How To(1) Hypermedia(2) Inline Editing(1) Installation(5) JavaScript(20) Kiosk(1) Low Code(3) Mac(1) Many-To-Many(4) Maps(6) Master/Detail(36) Microservices(4) Mobile(63) Mode Builder(3) Model Builder(3) MySQL(10) Native Apps(5) News(18) OAuth(8) OAuth Scopes(1) OAuth2(11) Offline(20) Offline Apps(4) Offline Sync(5) Oracle(10) PKCE(2) PostgreSQL(2) PWA(2) QR codes(2) Rapid Application Development(5) Reading Pane(2) Release Notes(180) Reports(48) REST(29) RESTful(29) RESTful Workshop(15) RFID tags(1) SaaS(7) Security(80) SharePoint(12) SPA(6) SQL Anywhere(3) SQL Server(26) SSO(1) Stored Procedure(4) Teamwork(15) Tips and Tricks(87) Tools for Excel(2) Touch UI(93) Transactions(5) Tutorials(183) Universal Windows Platform(3) User Interface(338) Video Tutorial(37) Web 2.0(100) Web App Generator(101) Web Application Generator(607) Web Form Builder(40) Web.Config(9) Workflow(28)
Archive
Blog
Security
Thursday, January 3, 2013PrintSubscribe
Restrict Access to Fields with “Roles” Properties

The Read Roles and Write Roles properties for a field allow specifying a list of roles. Users that do not have a role in the list will not be able to view or edit the field, respectively.

Let’s prevent non-administrators from editing the Phone field in Customers controller or viewing the Address fields.

Controlling Editing Rights for Phone Field

Start the Project Designer. In the Project Explorer, switch to the Controllers tab. Double-click on Customers / Fields / Phone node.

Field 'Phone' selected in Customers controller.

Change the Write Roles property:

Property New Value
Write Roles Administrators

Press OK to save.

Controlling Visibility for Address Fields

Double-click on Customers / Fields / Address (String(60)) node.

Address field of Customers controller.

Change the following:

Property New Value
Read Roles Administrators

Press OK to save. Make the same change to these fields as well: City, Region, PostalCode, Country.

Viewing the Results

On the toolbar, press Browse.

Log in with the standard user account (user / user123%) and navigate to the Customers page. Note that none of the address fields are displayed in the grid.

No address fields displayed in grid1 of Customers controller when logged in as 'user'.

Select a record and start editing. Note that the Phone field is read-only.

Phone field is not editable.

Log out, and log in again with the administrative account (admin / admin123%). Start editing a record – Phone and Address fields will be editable.

Alladdress fields displayed in grid1 and Phone is editable on Customers page when logged in as 'admin'.

Labels: Application Builder, Security, User Interface, Web Application Generator
Thursday, January 3, 2013PrintSubscribe
Restrict Access to Actions with “Roles” Property

It is possible to restrict access to actions by a specified list of roles. If the current user is not in the list of roles, the action will not be displayed in the user interface.

For example, the Actions | Export to Spreadsheet option in the Orders controller is available to all registered users by default.

The action 'Export to Spreadsheet' is available in the Orders controller.

Let’s restrict access to this action to only users with roles of “Administrators” or “Sales Manager”.

Start the Project Designer. In the Project Explorer, switch to the Controllers tab and double-click on Orders / Actions /ag5 (ActionBar) – Actions / a3 – ExportRowset node.

Action 'a3' in action group 'ag5' of Orders controller.

Change the Roles property:

Property Value
Roles Administrators, Sales Manager

Press OK to save. On the toolbar, press Browse.

Log in with the standard user account (user / user123%) and navigate to the Orders page. The Export to Spreadsheet action will not longer be available.

The action 'Export to Spreadsheet' is no longer available in the Orders controller.

Log out, and log in again with the administrative account (admin / admin123%). The action will be available.

Labels: Application Factory, Security, User Interface, Web Application Generator
Wednesday, January 2, 2013PrintSubscribe
Restrict Access to Pages with “Roles” Property

Access to pages can be restricted by user roles with the “Roles” property. Any user that does not belong to a specified list of roles will not see the page in the navigation menu or be able to access the page by URL.

The Categories | Products page is visible for all authorized users in a default web application created from Northwind database. Let’s configure this page to only be visible for users with the role of “Administrators”.

Products page is available in the navigation menu.

Start the Project Designer. In the Project Explorer, double-click on Categories / Products page node.

Products page node in the Project Explorer.

Change the Roles property:

Property Value
Roles Administrators

Press OK to save. On the toolbar, press Browse.

Log in using the standard user account (user / user123%). The Products page will not be available in the navigation menu.

Products page is not available on the navigation menu.

If the URL is accessed directly (~/Pages/Products.aspx), the application will redirect you to the Home page.

When the user tries to access Products page by URL, the application will redirect to the Home page.

Log in with the administrative account (admin / admin123%). The page will now be available.

Products page is available in the navigation menu when logged in as 'admin'.

Labels: Application Builder, Security, Web Application Generator
Continue to Advanced Membership Provider for Oracle Server
© 2024 Code On Time LLC. All rights reserved. All trademarks mentioned on this website are property of their respective owners.
Watch | Blog | Roadmap | Learn | Community | Support