SQL Server

Labels
AJAX(112) App Studio(7) Apple(1) Application Builder(245) Application Factory(207) ASP.NET(95) ASP.NET 3.5(45) ASP.NET Code Generator(72) ASP.NET Membership(28) Azure(18) Barcode(2) Barcodes(3) BLOB(18) Business Rules(1) Business Rules/Logic(140) BYOD(13) Caching(2) Calendar(5) Charts(29) Cloud(14) Cloud On Time(2) Cloud On Time for Windows 7(2) Code Generator(54) Collaboration(11) command line(1) Conflict Detection(1) Content Management System(12) COT Tools for Excel(26) CRUD(1) Custom Actions(1) Data Aquarium Framework(122) Data Sheet(9) Data Sources(22) Database Lookups(50) Deployment(22) Designer(177) Device(1) DotNetNuke(12) EASE(20) Email(6) Features(101) Firebird(1) Form Builder(14) Globalization and Localization(6) How To(1) Hypermedia(2) Inline Editing(1) Installation(5) JavaScript(20) Kiosk(1) Low Code(3) Mac(1) Many-To-Many(4) Maps(6) Master/Detail(36) Microservices(4) Mobile(63) Mode Builder(3) Model Builder(3) MySQL(10) Native Apps(5) News(18) OAuth(9) OAuth Scopes(1) OAuth2(13) Offline(20) Offline Apps(4) Offline Sync(5) Oracle(11) PKCE(2) Postgre SQL(1) PostgreSQL(2) PWA(2) QR codes(2) Rapid Application Development(5) Reading Pane(2) Release Notes(183) Reports(48) REST(29) RESTful(29) RESTful Workshop(15) RFID tags(1) SaaS(7) Security(81) SharePoint(12) SPA(6) SQL Anywhere(3) SQL Server(26) SSO(1) Stored Procedure(4) Teamwork(15) Tips and Tricks(87) Tools for Excel(2) Touch UI(93) Transactions(5) Tutorials(183) Universal Windows Platform(3) User Interface(338) Video Tutorial(37) Web 2.0(100) Web App Generator(101) Web Application Generator(607) Web Form Builder(40) Web.Config(9) Workflow(28)
Archive
Blog
SQL Server
Wednesday, November 7, 2012PrintSubscribe
Implementing User Management for a Web App With Custom Membership Provider

Create “Users” table in the application database using one of the scripts of a minimal membership and roles provider . Configure custom membership and generate the project.

Minimal Membership Provider in Action

The application will open in a default web browser. Move mouse pointer over the “Login” link and sign in using one of the two accounts automatically created by the app.

 A fly-over login dialog of a web app with custom membership and role providers created with Code On Time application generator

Optional standard user accounts are created when the application starts. Use SQL Management Studio to select records from “Users” table. Passwords “admin123%” and “user123%” of the corresponding user accounts are hashed by the membership provider.

Standard user accounts registered by custom membership provider in web app created with Code On Time

User Manager

Management of users can be seamlessly integrated in an application.

Select the project name on the start page of generator and choose Refresh. The Refresh window of Northwind project with selected Users table is shown next.

Click Refresh button to create Users data controller in the application.

Adding 'Users' table as a data controller to an existing project created with Code On Time web app generator

Select Design to activate the Project Designer.

Press “Ctrl” and “comma” keys simultaneously (Ctrl+,) to active the Navigate To window. Enter “users” in Search terms and click on the first match.

Locating "Users" page in project configuration of an app created with Code On Time

The corresponding page node will be displayed in Project Explorer. Drag the the page node to the desired location in the navigation menu.

Page "Users" in the application navigation menu

In the page properties enter Administrators to restrict access to the page. Only a user in Administrators role will be authorized to access the page. This snippet form the provider configuration does the job.

role Administrators = admin
role Users = admin, user
role Everybody = *

Right-click Users page node and choose View in Browser, sign in as admin / admin123% and click on user account. The form view editForm1 of data controller Users is shown in the screen shot

A user account displayed in 'editForm1' of data controller 'Uses'

The user manager will require some work:

  • The Password field is displayed as plain text. The value of the field must not be revealed to the users.
  • If a password is changed by administrator then the value must be hashed before it is stored in the database.
  • A new password must be validated according to the membership provider configuration.

Switch to Project Designer and navigate to Users data controller.

Data controller 'Users' with selected 'Password' data fields

Change Text Mode property of data field nodes Users / Views / editForm1 / c1 – Users and Users / Views / createForm1 / c1 – New Users to “Password”.

The password encryption and validation will require writing some code. Right-click Users / Business Rules node and choose “New Business Rule” option.

Configure the following properties:

Property Value
Type C# / Visual Basic
Command Name Update|Insert
Phase Before

Click “Generate” button on the designer tool bar. Wait for the app to display in the Preview Window and switch back to Project Designer. The placeholder file for the implementation of the business rule has been created. Right-click the business rule in Project Explorer and choose Edit in Visual Studio.

Activating Visual Studio to edit a 'code' business rule

Visual Studio will start with business rule code file ready for modification. Replace the contents with the following.

C#:

using System;
using System.Data;
using System.Collections.Generic;
using System.Linq;
using System.Text.RegularExpressions;
using System.Web;
using System.Web.Security;
using MyCompany.Data;
using MyCompany.Security;

namespace MyCompany.Rules
{
    public partial class UsersBusinessRules : MyCompany.Data.BusinessRules
    {
        
        /// <summary>
        /// This method will execute in any view before an action
        /// with a command name that matches "Insert|New".
        /// </summary>
        [Rule("r100")]
        public void r100Implementation(System.Guid? userID, string userName, 
FieldValue password) { if (password != null && password.Modified) { ApplicationMembershipProvider.ValidateUserPassword(userName,
(
string)password.NewValue); password.NewValue = ApplicationMembershipProvider.EncodeUserPassword((string)password.NewValue); } } } }

Visual Basic:

Imports MyCompany.Data
Imports System
Imports System.Collections.Generic
Imports System.Data
Imports System.Linq
Imports System.Text.RegularExpressions
Imports System.Web
Imports System.Web.Security
Imports MyCompany.Security

Namespace Rules

    Partial Public Class UsersBusinessRules
        Inherits MyCompany.Data.BusinessRules

        ''' <summary>
        ''' This method will execute in any view before an action
        ''' with a command name that matches "Update|Insert".
        ''' </summary>
        <Rule("r100")> _
        Public Sub r100Implementation(ByVal userID As Nullable(Of Integer), 
ByVal userName As String, ByVal password As FieldValue) If Not password Is Nothing And password.Modified Then ApplicationMembershipProvider.ValidateUserPassword(userName, password.NewValue) password.NewValue =
ApplicationMembershipProvider.EncodeUserPassword(password.NewValue) End If End Sub End Class End Namespace

The highlighted namespace MyCompany.Security links the namespace with the membership provider implementation to the code file.

The original type of the argument password has been changed from “String” to “FieldValue” to allow access to Modified and NewValue properties describing the password value submitted by the client application.

A call to the static method ValidateUserPassword checks conformance of a password with the membership provider configuration requirements. By default, a password must be at least seven characters long, and have at least one non-alphanumeric character. Use provider configuration options Min Requires Password Length and Min Required Non Alpha Numeric Characters to change that.

Next, the business rule will encode the password value according to the membership provider configuration. The default option requires password hashing.

Save the code file and refresh the Users page. Try creating a new user.

Password validation exceptions will be displayed to users.

Password validation errors displayed in a user manager in the app with custom membership and role providers

A successfully created user account will have its password “hashed”.

User password is 'hashed' when created in a user manager in a web app with custom membership and role provider

Sunday, November 4, 2012PrintSubscribe
Minimal Membership Provider for SQL Server

Requirements

A minimal membership provider requires a dedicated table to keep track of user names and passwords.

This is a sample “Users” table with “identity” primary key.

A user table with "identity" primary key allows keeping tracking of user names and passwords

SQL:

create table Users
(
     UserID int not null identity primary key,
     UserName nvarchar(128) not null,
     "Password" nvarchar(128) not null
)

Here is how the table may look with a “unique identifier” primary key.

A user table with "unique identifier" primary key allows keeping tracking of user names and passwords

SQL:

create table Users
(
    UserID uniqueidentifier not null default newid() primary key,
    UserName nvarchar(128) not null,
    "Password" nvarchar(128) not null
)

User roles are hardcoded in the minimal Role Provider implementation.

Configuration

Create a table in your database using one of  the scripts specified above.

Select the project name on the start page of the application generator and choose Settings.

Proceed to Authentication and Membership.

Select “Enable custom membership and role providers” option and enter the following configuration settings.

table Users=Users
column [int|uiid] UserID = UserId
column [text] UserName = UserName
column [text] Password = Password

role Administrators = admin
role Users = admin, user
role Everybody = *

The configuration maps logical table Users required for membership provider implementation to the physical database table Users. It also defines three user roles – Administrators, Users, and Everybody.

Generate the project.

Thursday, October 18, 2012PrintSubscribe
Order Form Sample–Part 4

The Database Connection page is the first page you will see after creating a new project. This page allows you to specify your data provider and connection string. We will be using Microsoft SQL Server 2012. Select your data provider from the list, and press the “…” button to compose a connection string.

Button to activate the database connection string page.

A typical project will start with selection of an existing database. For this example, we will create a new one. Enter your server name, credentials, and enter “Northwind” in the Database field.

Property Value
Database Northwind

Press Create to the right of Database field, confirm the creation, and the database will be created.

Database with the name of 'Northwind' created on the specified server.

Under Sample Tables, select Northwind from the dropdown. Press Install, and confirm. This will install the Northwind sample database into the specified server.

Installing the Northwind sample into the specified database.

You can monitor the progress in the log at the bottom. The web app generator will notify you upon completion.

Continue to Format On Server