Security / Multi-Tenant Applications
User ID, User Name, Portal ID

Traditional ASP.NET application can determine the identity of the user by inspecting Page.User.Identity property of the page or user control class implementation.

Code On Time applications separate the business logic implementation from the presentation. An application page defines a markup with data placeholders. Page components inject the JavaScript client library initialization instructions in the output when a page is rendered. The JavaScript code is executed by the web browser. Initialized JavaScript classes start communicating with the business rules attached to the application data controllers by executing JSON requests.

Developers can access the user identity by inspecting the Context property available in the  BusinessRules class.

Example:

namespace MyCompany.Rules
{
    public partial class SharedBusinessRules : 
MyCompany.Data.BusinessRules { public SharedBusinessRules() { string userName = Context.User.Identity.Name; } } }

User ID can be determined by inspecting the properties of classes System.Security.Principal.WindowsIdentity and System.Web.Security.Membership.

Class BusinessRules offers convenient shortcuts. Static properties UserId, UserName, and PortalId.

The following implementation of SharedBusinessRules shows the examples of accessing identity properties of the base business rules class in a DotNetNuke Factory project. The same example will work in any other project with the exception of the line inspecting the Portal ID.

C#:

using System;
using System.Data;
using System.Collections.Generic;
using System.Linq;
using MyCompany.DnnDemo.Data;

namespace MyCompany.DnnDemo.Rules
{
    public partial class SharedBusinessRules : 
        MyCompany.DnnDemo.Data.BusinessRules
    {
        
        public SharedBusinessRules()
        {
            object uid = UserId;
            string uname = UserName;
            int pid = PortalId;
        }
    }
}

Visual Basic:

Imports MyCompany.DnnTestVB.Data
Imports System
Imports System.Collections.Generic
Imports System.Data
Imports System.Linq

Namespace Rules
    
    Partial Public Class SharedBusinessRules
        Inherits MyCompany.DnnTestVB.Data.BusinessRules
        
        Public Sub New()
            Dim uid As Object = UserId
            Dim uname As String = UserName
            Dim pid As String = PortalId
        End Sub
    End Class
End Namespace

Use these properties to implement access control rules that will filter data in multi-tenant web applications.

For example, the following access control rule will be invoked whenever the UserID data field is detected in the view of any data controller.

C#:

using System;
using System.Data;
using System.Collections.Generic;
using System.Linq;
using MyCompany.DnnDemo.Data;

namespace MyCompany.DnnDemo.Rules
{
    public partial class SharedBusinessRules : 
        MyCompany.DnnDemo.Data.BusinessRules
    {
        [AccessControl("", "UserId", "[UserID] = @UserID")]
        public void FilterByUserUserID()
        {
            RestrictAccess("@UserID", UserId);
        }
    }
}

Visual Basic:

Imports MyCompany.DnnTestVB.Data
Imports System
Imports System.Collections.Generic
Imports System.Data
Imports System.Linq

Namespace Rules
    
    Partial Public Class SharedBusinessRules
        Inherits MyCompany.DnnTestVB.Data.BusinessRules

        <AccessControl("", "UserId", "[UserId]=@UserId")>
        Public Sub FilterByUserId()
            RestrictAccess("@UserId", UserId)
        End Sub
    End Class
End Namespace