The follow-up release of Code On Time introduces significant security enhancements to user identity validation performed when RSS , CSV, and live Microsoft Excel data feeds are generated.
The feeds are retrieved by external applications such as browsers, RSS readers, and Excel via a URL generated by application. User identity is not embedded into the data feed URLs.
These are the examples of the data feeds:
Click on any of the links and you will be prompted to enter a name and password if your application is using ASP.NET Membership authentication. The application framework will detect access to data export resources and will request user name and password through Basic Authentication.
Enter the user name and password and the credentials will be authenticated against the ASP.NET Membership database. The URLs above will allow access to data if you enter admin / admin123% or user / user123% when prompted for username/password. These user accounts are registered on our demo server.
If you sign into the application at http://dev.codeontime.com/demo/websitefactory6 using one of the accounts listed above then try the following.
Live RSS Feed
Select the list of customers and choose Action | View RSS Feed option on the action bar.
The RSS feed will be presented.
Do not close the feed and return to the browser window with the application, click Logout link on the membership bar. You will be logged out and a fly-over login dialog will be displayed.
Return to the RSS feed and click Refresh button. You will be prompted to login via Basic Authentication.
Live Excel Spreadsheet
Select Export to Spreadsheet option from the action bar of the customer list.
The prompt to download an IQY file will be displayed. The file extension stands for “Internet Query” and is recognized by Microsoft Excel. Click Open button.
Microsoft Excel will start and will present an additional warning about security risks linked to the content that comes from Internet. We do know the source of data that we are downloading. The data itself is a simple XML data feed. Click Enable button.
Code On Time application will request the user identity. Enter one of the accounts that we have used above.
If the user name and password are matched to an ASP.NET Membership record then the data will be downloaded.
Use Excel to create dynamic and impactful business charts and refresh charts on-demand to see changes in the live data to reflect in your chart. You can email the spreadsheet to users in your organization. Users with valid application accounts will be able to refresh the data as well.
Conclusion
Business users can take full advantage of amazing data reporting and analytical capabilities available in Code On Time applications. Secure data feeds ensure safe shared environment.
Developers can create sophisticated virtual views that will utilize the user identity to filter the data accessible to the user.