Security

Labels
AJAX(112) App Studio(7) Apple(1) Application Builder(245) Application Factory(207) ASP.NET(95) ASP.NET 3.5(45) ASP.NET Code Generator(72) ASP.NET Membership(28) Azure(18) Barcode(2) Barcodes(3) BLOB(18) Business Rules(1) Business Rules/Logic(140) BYOD(13) Caching(2) Calendar(5) Charts(29) Cloud(14) Cloud On Time(2) Cloud On Time for Windows 7(2) Code Generator(54) Collaboration(11) command line(1) Conflict Detection(1) Content Management System(12) COT Tools for Excel(26) CRUD(1) Custom Actions(1) Data Aquarium Framework(122) Data Sheet(9) Data Sources(22) Database Lookups(50) Deployment(22) Designer(177) Device(1) DotNetNuke(12) EASE(20) Email(6) Features(101) Firebird(1) Form Builder(14) Globalization and Localization(6) How To(1) Hypermedia(2) Inline Editing(1) Installation(5) JavaScript(20) Kiosk(1) Low Code(3) Mac(1) Many-To-Many(4) Maps(6) Master/Detail(36) Microservices(4) Mobile(63) Mode Builder(3) Model Builder(3) MySQL(10) Native Apps(5) News(18) OAuth(8) OAuth Scopes(1) OAuth2(11) Offline(20) Offline Apps(4) Offline Sync(5) Oracle(10) PKCE(2) PostgreSQL(2) PWA(2) QR codes(2) Rapid Application Development(5) Reading Pane(2) Release Notes(179) Reports(48) REST(29) RESTful(29) RESTful Workshop(15) RFID tags(1) SaaS(7) Security(80) SharePoint(12) SPA(6) SQL Anywhere(3) SQL Server(26) SSO(1) Stored Procedure(4) Teamwork(15) Tips and Tricks(87) Tools for Excel(2) Touch UI(93) Transactions(5) Tutorials(183) Universal Windows Platform(3) User Interface(338) Video Tutorial(37) Web 2.0(100) Web App Generator(101) Web Application Generator(607) Web Form Builder(40) Web.Config(9) Workflow(28)
Archive
Blog
Security
Friday, September 12, 2014PrintSubscribe
Announcing Workflow Register

Workflows in Line-of-Business Applications

Workflow is a repeatable pattern of business activity.  Business applications mirror the real-world patterns through data collection performed in sequences of user-interface screens.

Software developers create hard-coded data structures and data entry forms based on the input from business users. A line-of-business application represents the current understanding of a business process by a development team.

A successful line-of-business application eventually evolves to match the requirements of business processes in organization. The dynamic nature of a business life-cycle will require constant tweaks and fine tuning even in a successful implementation.

Application customization and deployment are very expensive and frequently disruptive. Line-of-business applications must include built-in tools to allow changing application behavior without modifying the core application code.

Procedural Workflows

Many software packages include implementations of procedural workflows. Procedural Workflow allows non-developers to describe sequences of application operations with optional conditions and loops. Procedural workflows can be presented as visual workflow diagrams or text-based scripts. Procedural workflows offer a great tool that allows altering application behavior without changing the core application.

Complexity of procedural workflows grows exponentially when business users are trying to express various exceptions that exist in real-world business processes. Procedural workflows do not offer the means of limiting access to data.

State Machine Workflows

State Machine workflows are composed of rules triggered by the state of data, user identity, and time. Each rule defines a test that allows inspecting the state of data. If the test has passed, then the rule is “triggered”. The triggered rules affect application behavior. If there is no state test, then a rule is considered to be “triggered” by the mere fact of association with the current user identity.

A state-driven rule effects a specific type of application functionality. For example, a rule with Allow type can define a filter that reduces a set of records to a smaller subset based on user identity. If the rule is “triggered”, then the filter is applied to any SQL statement reading data from the application database.  A rule with Transform type may remove data modification actions from a data entry form. If the rule is triggered, then the end user will not be able to Edit, Delete, Import or create New data records.

A large collection of rules affecting application behavior can be developed. Developers organize related rules in groups. Groups of rules are associated with users and optional schedules. Association of end users with rule groups and scheduling can be outsourced to application administrators.

The standard end user experience is defined by the implementation of line-of-business application. The rules of the state machine workflow will alter user experience based on user identity, time, and state of data.

State-based rules hide the complexity of the real-world business processes by breaking them down into small and manageable bits of functionality. State-based rules are great when it comes to implementing real-world exception. A state-based rule can define data filters, user interface alterations, business rule injection, and much more.

Adaptive Line-of-Business Apps

For the past few years we have worked on an integrated solution that will enable declarative state-machine workflows in the generated applications out-of-the-box. The goal is to enable adaptive customization of live apps without making changes to the code that require re-deployment.

We have identified the following customization requirements that must be available in a live application:

  1. Ability to define Allow/Deny filtering rules that can be applied to any data retrieved by application.
  2. Ability to create customization rules applied to XML definition of a data controller.
  3. Ability to replace an entire data controller with a substitute.
  4. Ability to create “content” and “data” pages in a live app.

Several prototypes have been developed but appeared too complex to operate.

Meanwhile developers working with Code On Time had an option to implement requirements (1), (2), and (3) on their own:

  1. Dynamic Access Control Rules - http://codeontime.com/learn/security/multi-tenant-applications/dynamic-access-control-rules
  2. Data Controller Virtualization - http://codeontime.com/learn/workflow/virtualization-node-set-plugins
  3. Substitution of controllers - http://codeontime.com/learn/data-controllers/virtualization

Requirement (4) can be satisfied in SharePoint Factory and DotNetNuke Factory Projects. Both products are content management systems that allow creating pages at runtime.

This year we have finally arrived to a solution that will become integrated in the apps created as Azure Factory, Mobile Factory, Web App Factory, or Web Site Factory projects.

The solution will be rolled into a single feature called “Workflow Register”.

It will include an integrated Content Management System (CMS) as a core component of generated apps. CMS will allow creating dynamic “data” and “content” pages at runtime.

“Data” pages will include markup that uses “data-“ attributes to define data views. For example, master-detail page at  http://demo.codeontime.com/northwind/Pages/Categories.aspx is defined as follows:

<div data-flow="NewRow">
    <div id="view1" data-controller="Categories" data-view="grid1" data-show-in-summary="true"></div>
</div>
<div data-flow="NewRow" style="padding-top: 8px">
    <div data-activator="Tab|Products">
        <div id="view2" data-controller="Products" data-view="grid1" 
            data-filter-source="view1" data-filter-fields="CategoryID" 
            data-page-size="5" data-auto-hide="container" data-show-modal-forms="true"></div>
    </div>
</div>

“Content” pages may contain arbitrary HTML.

Here is the screen shot of a “content” page based on popular Bootstrap framework, which will be integrated in the Code On Time release 8.0.9.0 due out at the end of September 2014.

CodeOnTimeBootstrap

If workflow Register is enabled in a project, then the app generator will install a custom database schema to the primary database. The tables will have “ease_” prefix. The schema includes tables to support the following features:

  • Workflows - specifies Allow, Deny, Transform, Define rules that are applied to various application components, such as pages, menu items, controllers, etc.
  • Content Management System – provides storage for dynamic content, such as pages and menu items.
  • Register - global registry that associates user identity references (user IDs and roles) with workflows and optional schedules.
  • Permissions – a collection of  workflow rules associated with users.

Register

The purpose of workflow Register is to enable management of various permissions by application administrators at runtime.

All users will have access to the Register entries associated with their user ID. Only administrators will have access to all entries in the Register.

Entries created by administrators have “Approved” status.  Users will also be able to assign workflows to themselves. Such entries will be created with “Pending” status. Only “Approved” workflow register entries will be taken into account by the application framework.

A person assigning a workflow to a user or role does not need to know the details of workflow implementation. An entry in Register may read:

Workflow Human Resources is assigned to John Doe on Tuesday, Wednesday, and Thursday starting on November 15, 2014 and ending on February 1, 2015.

User John Doe will have have access to human resources pages on the specified dates. The workflow may allow or deny access to data records exposed on the pages.

Developers will be able to create workflow rules that delegate management of Register entries to the users other than administrators.

Workflow Register comes with pre-defined data controllers and management pages exposed through “Register” menu option in generated apps.

Workflows

Workflows are collections of rules defined by application developers. A developer can create a set of pre-defined workflows as a part of application at design time.  New workflow rules can be created and existing ones can be customized at runtime as needed.

Rules may affect application behavior in multiple ways. For example:

  • A filter that allows or denies access to data can be specified
  • New pages can be made available to end users
  • Data controller actions defined in the application can be dynamically altered at runtime.
  • New SQL, JavaScript, and Email business rules can be introduced in data controllers.

The rule definition system if very simple and exceptionally extensible to fit the most demanding customization requirements.

Content Management System

Content management system allows populating an application with new “content” and “data” pages.

CMS may also store images, style sheets, JavaScript, and any other files or documents.

Application workflows determine access to the content. Content may be publicly available or limited to specific individuals or groups of users.

Permissions

Permissions are collections of  workflow rules matched to a user identity.

Permissions are evaluated by application framework when users access various applications resources. Application framework matches workflow Register entries with the user identity and resource type. Matched workflow rules are automatically engaged by application framework.

For example, if “Allow” rule defines a filter limiting visibility of customer records, then the filter is included in SELECT statements executed by the framework when application tries to read a list of customers.

If a workflow assignment has an associated schedule, then permission engagement will be time-sensitive.

Permissions are created by application framework on-demand directly from the workflow Register entries. Permissions are refreshed when associated workflows are changed.

Availability

We are planning to release various components of Workflow Register with each upcoming release.

The upcoming release 8.0.9.0 due out by the end of month in September will include several elements of Workflow Register:

  • Support for content pages.
  • Support for declarative data pages.
  • Integrated Bootstrap framework to allow creation of compelling responsive content pages.
  • One-to-One entities support in data controllers. This particular feature is introduced to support “ease_” database tables.

Our production schedule indicates that Workflow Register will become available in November of 2014 or a sooner.

Labels: Application Builder, Application Factory, BYOD, Deployment, EASE, Security, Web App Generator, Web Application Generator, Web Form Builder, Workflow
Sunday, October 20, 2013PrintSubscribe
Allowing Access to Data Controller Views on Public Pages

The client library of apps created with Code On Time allows only authenticated users to interact with data. If a user is not authenticated by the app then a request to retrieve data will be denied. There are scenarios when anonymous users must be allowed to interact with application data.

Let’s create a public Customer Sign Up Form in the Northwind sample to illustrate this situation.

Select the project on the start page of the app generator and activate Project Designer. Create a new page with the following properties:

Property Value
Name SignUpForm
Roles ?

Value “?” specified in Roles will allow anonymous users to access page with signing in.

Right-click Customers data controller on Controllers tab and choose Copy in the menu.

Copying data controller reference to the clipboard.

Switch back to Pages tab, right-click Sign Up Form and choose Paste in the context menu.

Pasting a data controller reference on page of an app.

A data view view1 in container c101 will be created under the page node Sign Up Form.

A data view on the page on app created with Code On Time app generator.

Configure the data view as follows.

Section Property Value
Startup Action Command Name New
Startup Action Command Argument createForm1

Click Generate on the Project Designer toolbar.

Annonymous users are not authorized to access application data by default in Code On Time apps in Mobile and Desktop client.

The exception at the top of the page indicates that the view createForm1 is private. The anonymous user is not authorized to access data.

If you click Login and sign in as user / user123%, then an empty New Customers form will be displayed.

If we want to allow anonymous users to create new customer records using createForm1, then the view must be configured for Public access. Also the standard actions of the data controller Customers need to be adjusted to work in a perpetual “new customers” loop. The user will be prompted to create a new customer after a successful entry of a new record instead of displaying a list of existing customers.

Select the view Sign Up Form / c101 / view1 (Customers) in Project Explorer.

A data controller view selected on page in Project Explorer of Code On Time app generator.

Change the Access property of the view.

Property Value
Access Public

Now configure the action state machine of the data controller.

Create a new action in action group Sign Up Form / c101 / view (Customers) / Actions / ag2 (Form) with these properties:

Property Value
Command Name New
Command Argument createForm1
When Last Command Name Insert
When HRef (Regex) SignUpForm

The action Sign Up Form / c101 / Actions / ag2 (Form) / a100 will be activated only when the page Sign Up Form is loaded in a web browser. The action will display createForm1 in New mode every time a new record is created.

Then select each of the actions ag2 (Form) / a8, ag6 (ActionBar) – New / a3, and  ag6 (ActionBar) – New / a4 shown in the picture to configure them to be inactive on the page SignUpForm.

Property Value
Whe HRef (Regex) false:SignUpForm

Data controller actions that must be deactivated when SignUpForm is displayed to the user.

Property When HRef (Regex) is a regular expression evaluated against the current URL loaded in the address bar of the browser. If there is match then the action is active and taken into consideration by the action state machine. Otherwise the action is considered to be inactive. Placing “false:” in front of the property value will make an action inactive if the regex following after “false:” is matched to address bar URL.

Browse the app without signing in and confirm that new customers can be entered on Sign Up Form by anonymous users.

Customer 'Sign Up Form' in action.

The form will remain in “New” mode after a new customer is created.

Log in to verify that the record is stored in the database.

Authenticated users can interact with a full list of customers in our sample.

Labels: Application Builder, Application Factory, Security, Web Form Builder, Workflow
Friday, October 18, 2013PrintSubscribe
Universal Mobile/Desktop Client, Mobile Factory, Active Directory, Synchronization Service

Code On Time release 8.0.0.0 introduces support for Universal Mobile/Desktop Client. The unique architecture of generated apps allows re-interpreting of the application user interface presentation. The original “Desktop” client library now has a “Mobile” counterpart. Apps created with Unlimited edition will automatically detect a mobile device and render an alternative touch-friendly GUI for the app.

The mobile client library is based on popular jQuery Mobile framework. The current implementation of the library allows read-only access to data. We are finalizing the editing capabilities and expect to have them rolled out by the middle of November 2013. Sorting, filtering, and advanced search will be included in the mobile client in the next couple of weeks.

The new project Mobile Factory allows creating apps with “mobile-only” user interface. This project is available without restrictions in Premium and Unlimited editions. Free and Standard editions allow creating Mobile Factory projects with up to ten tables.

Membership and authentication options have been extended to include Active Directory. Application users can sign-in with the standard fly-over login window or custom login. User identity is authenticated by Active Directory server. User roles are derived from Active Directory groups assigned to the user. This feature is available in Unlimited edition only.

New cloud-based Synchronization Service allows automated synchronization of Project Designer logs to simplify team development. Single users will also benefit from a cloud history of designer logs. Online portal allows management of design revision. The new service is designed to complement existing source control systems, such as Team Foundation Server. The synchronization service is offered at no charge. Organizations interested in hosting their own designer synchronization service may request pricing here.

Unlimited edition now includes SaaS (Software as a Service) support with full user authentication. Code On Time apps can be integrated into external web sites while running side-by-side. Examples will be available in the near future.  We expect to use this model to support the newest version of Microsoft SharePoint and other similar products in the future releases.

This release includes the following features, enhancements, and bug fixes.

  • Web App Factory, Azure Factory, and Web Site Factory support “_mobile” URL parameter. The “true” value will enable mobile GUI on desktop computers. Value “false” can be used to disable mobile GUI on mobile devices when needed. Empty value will delete the cookie.
     
  • Mobile Client displays “Call” context option for the fields tagged as mobile-action-call. Data fields with “Phone” in the name are tagged automatically.
     
  • Mobile Client supports tags mobile-item-heading, mobile-item-desc, mobile-item-label, mobile-item-count, mobile-item-aside, mobile-item-thumb and mobile-item-para to enable easy formatting of grid views presented on mobile devices. By default, the Mobile Client will automatically choose the fields to display based on their Show In Summary flag. Presence of any tag on a data field will override the default behavior.
     
  • New “Device” property of pages supports “Auto”, “Desktop”, and “Mobile” options. The default value is “Auto”. “Desktop” pages are not accessible in the menu or address bar from mobile clients and vice versa. This allows implementing pages that work only on mobile or only on desktop devices.
     
  • The current implementation of Mobile Client is based on jQuery Mobile 1.4 beta.
     
  • Class ApplicationServices implement EnableMobileClient static Boolean property that allows disabling Mobile Client UI. Create a partial class ApplicationServices in a dedicated class file, override method RegisterServices and assign “false” to he EnableMobileClient to disabled mobile client.
     
  • Standard TableOfContents and Welcome user controls include markup of mobile content.
     
  • New JavaScript and CSS versioning system is available in Web App Factory, Web Site Factory, and Azure Factory. File “DataAquarium.Version.xml” is included in the root of the projects. The file stores the application version number. The number starts at zero. It is incremented every time the application is published from the app generator. JavaScript and CSS references are enhanced with a suffix to force seamless re-loading on the client machines after deployment. For example, the suffix of a 7th revision of an app may look as follows in the actual combined script reference:
     
    ”../appservices/combined-8.0.0.7.en-us.js?_mobile”
     
    The  first part “8.0.0” reflects the version of the app generator. The last number “7” if the application revision.
     
  • Data controller service will not create data controller requests if a client is not authenticated by the app.
     
  • App services are exempt from "Authenticated user" requirement imposed by Controller.CreateConfiguration method.
     
  • Desktop Client correctly selects a record in a grid view if the record was created or changed in a modal form.
     
  • Active Directory authentication and groups are supports in Web App Factory, Web Site Factory, and Azure Factory apps created with Unlimited edition.
     
  • Combined script is integrated in Web App Factory, Web Site Factory, and Azure Factory in apps created with Unlimited edition. A single compressed script is returned to the client browser. This improves the download speed of pages. The combined script name accounts for user interface culture, “mobile” flag, and version.
      
  • App generators now supports Azure SDK 2.1
     
  • REST serialization processor correctly serializes Guid values.
     
  • User Controls are correctly opened in Visual Studio when selected in Project Designer.
     
  • Membership bar will detect and clear anchors from the URL when reloading a page.
     
  • Missing “type” attribute on “command” node of a data controller will not cause a runtime error.
     
  • Project Designer will clear contents of "empty" nodes when an empty text is assigned to an element. This eliminates the need to create unnecessary revisions in source control systems.
     
  • Solutions files are not re-generated anymore to allow modifying the solutions contents.
     
  • All projects types will now correctly reload if the source code has been opened in Visual Studio at the time of code generation.
     
  • BLOB Adapter implementation has been enhanced to work better with MySQL databases.
     
  • EASE auditing will correctly work with read-only fields.
     
  • Multiple business rule firing has been corrected. Caused by business rule blacklisting by ID instead of name.
     
  • Method MembershipProvider ResetPassword in custom membership providers has been fixed to support hashed passwordAnswer.
     
  • jQuery 10.2 and jQuery UI 1.10.3, are integrated in the client library.
  • New Watermark property is now available for data fields.
     
  • Fixed Oracle 4.5 projects not correctly hooking up ODP assembly. 
      
  • Desktop Client makes use of jQuery when dealing with various dimension calculations. We are abandoning Ajax Control Toolkit in the future releases.
Labels: Application Builder, Mobile, Release Notes, REST, Security, Teamwork, Web Application Generator, Web Form Builder
Continue to Password Recovery
© 2024 Code On Time LLC. All rights reserved. All trademarks mentioned on this website are property of their respective owners.
Watch | Blog | Roadmap | Learn | Community | Support