Security

Blog
Security
Monday, November 26, 2018PrintSubscribe
Limit Access For Particular User Name

Let’s say you want to prevent a user with a certain name from being able to access your app pages.

Application framework provides a centralized method of content retrieval, which makes possible creative ways of content production at runtime. You can produce a custom output for the user with the name mark no matter what page he is trying to access.

If the user with the name mark is logged in then he will be presented with the following message on any application page.

Data Aquarium application framework allows dynamic manipulation and substituion of the content returned by the app to the end user.

Create a code file in ~/custom folder of your app.

Custom code file in the app created with Code On Time.

Enter the following definition of partial class ApplicationServices.

using System.Collections.Generic;
using System.Web;

namespace MyCompany.Services
{
    public partial class ApplicationServices 
    {
        public override void LoadContent(HttpRequest request, HttpResponse response, 
            SortedDictionary<string, string> content)
        {
            // Let the framework to load the file from the file system.
            // Typically the content will be retrieved from ~/app/pages folder.
            base.LoadContent(request, response, content);
            if (content.ContainsKey("File"))
            {
                // The framework has located a physical file, let's check the user identity.
                var identity = HttpContext.Current.User.Identity;
                if (identity.IsAuthenticated && identity.Name == "mark")
                {
                    // remove the original file to prevent any default parsing of its contents
                    content.Remove("File");
                    // simulate the result of parsing by providing Title and Content of the page.
                    content["PageTitle"] = "Mark, go away";
                    content["PageContent"] =
                        "<div data-app-role=\"page\">" +
                        "<h1>Mark has no access!</h1>" +
                        "<p>Please log out or close the browser!</p>" +
                        "</div>";
                }
            }
        }
    }
}

An authenticated user with a name other than mark will see the application pages as defined at design time.

A data page in the app created with Code On Time app builder.

Thursday, October 26, 2017PrintSubscribe
User Pictures in SharePoint, Facebook, Google

Release 8.6.7.0 introduces automatic capturing of user profile picture for Facebook, Google, and SharePoint accounts when configured for Single Sign-On with OAuth. The user picture is captured directly from the identity provide and stored in the CMS of the app.

We have corrected the latest iteration of themes to re-enable conditional styling rules. Just make sure to place your CSS rules into ~/css folder instead of ~/touch.

image

The release aslo corrects muscellaneous issues related to the introduction of the new file structure compatible with the upcoming native apps. See the details below.

  • Restored modal-never tag function to force fullscreen presentation even when modal forms are allowed by the screen size.
  • Summary in the sidebar does not display NULL values anymore.
  • Fixed. If Int field has Text values in Items then advanced search must be configured as text. Previously the lookups were displayed as simple “numeric” values.
  • Lookups with static context field values (e.g. "CategoryName='Condiments'" or "CategoryID=1, CategoryID=5") do not expose them in the filter that can be cleared. Also the specified fields are hidden in the filtered view. This reproduces the behavior of the Classic UI.
  • Static lookup fields with Context dependencies will first cause Calculate if defined and then popuplate the list of values. Previously items stopped being populated.
  • Actions in "Custom" group are rendered as "hidden" if defined in the view layout but not available in the controller in Touch UI apps.
  • Automatically created row of "Custom" actions is removed when there are no "visible" custom actions in Touch UI apps.
  • “Form Layout” feature in Developer Toolbar of Touch UI apps correctly pre-selects the current page size for the layouts available for download.
  • Calendar view style correctly displays tabs making possible interactive selection of Day/Week/Months/Year/Agenda mode.
  • Resolved the bug with “Controller not found.” when ~/controllers folder is spelled in camel notation.
  • SharePoint OAuth now downloads user profile photo if supported.
  • Fixed - Blob fields marked as "required" will allow submitting a form. Physical BLOB  columns in tables must allow NULL values for apps to allow uploading of large content. Developers can mark BLOB fields are required to force a submition when the record is created.
  • Facebook OAuth now supports download of profile picture.
  • Fixed issue with "Sync Roles" showing true in oauth wizard.
  • Google OAuth provider now downloads user avatar.
  • Fixed issues with Web App Factory publishing.
  • Files daf-resources.js and daf-resources.min.js are now removed from ~/js/sys folder, since these files are not needed for an application to execute correctly. Only the localized versions of these files will remain in the project.
  • Fixed issue where ASPX projects adding an account would navigate to "login" instead of "login.aspx".
  • Removed "Sign Up" and "Forgot Password" if Active Directory is enabled in Membership and Autentication Settings.
  • Included images & fonts in Web App Factory. Fixed regression when js folder does not exist.
  • Toolbar located at the bottom of the sidebar will become hidden if there are no icons displayed in it.
  • Model Builder - Duplicate model field names are not created when columns are borrowed from the master tables joined in the model query.
  • Ensured duplicate site content is not created if model exists with name "SiteContent".
  • Removed legacy rules app-icon-check to prevent interferance with the ui-btn::after in the grid/list/cards.
  • Ensured bootstrap CSS link in Classic projects is formed correctly.
  • Disabled Native App SUpport for ASPX projects.
  • Removed unused references to AJAX framework script resolution.
  • Fixed issue with OAuth registration - adding system identity no longer sets content type to "application/octet-stream".
  • Ensured that Active Directory authentication configuration will cause the login button to display.
  • Fixed issue with Web App VB not including culture JS files in assembly.
  • Fixed compilation issues of GetManifestFileServiceRequestHandler when implemented in Visual Basic.
  • Removes remaining references to Sandbox project created in WebApp Factory projects.
  • Fixed issue with Localizer JavaScript encoding values in controls.
Thursday, October 26, 2017PrintSubscribe
DotNetNuke + Code On Time = RAD for Business

DotNetNuke Portal and Code On Time apps are great together!

Create an online presence for your business or organization with the help of DNN in minutes. Build powerful data-driven apps for your portal and fully integrate them in the DotNetNuke portal with Single Sign On (SSO). Present data directly in the portal pages or access them offline, online, and on-premises. Use the power of DotNetNuke tokens in the business logic and access control rules of your apps.

App created with Code On Time is integrated in the instance of DotNetNuke Portal.

Rapid Application Development (RAD) tools available in Code On Time will help you build the apps that can be integrated with a DNN portal even if your app is running on its own server.

The introductory video demonstrates an app integrated into a DotNetNuke instance running in Microsoft Azure cloud. The app data can be presented in the online portal, access directly, or execute in offline mode on a mobile device.

This is possible without writing a single line of code. Simply install Cloud On Time Connector for DNN extension in your portal, configure an OAuth endpoint page, and create a corresponding SaaS (Software-as-a-Service) registration record in your app.

The in-depth review of Rapid Application Development for DotNetNuke with Code on Time takes through the various aspects of integration enhanced with the video tutorials.

The tutorial covers the following subjects:

  • Configuring DNN Portal in Azure
  • Creating a Sample App with Code On Time
  • Configuring DNN for Open Authentication
  • Advanced Features (Roles and DotNetNuke tokens)
  • Rapid Application Development and Data Model Builder
  • Server-Side Technology of Code On Time apps
  • Application Programming Interfaces (APIs)
  • Data Access
  • Business Rules
  • Server Deployment
  • Client-Side Technology
  • User Inteface Design (Forms and Navigation)
  • Data Binding
  • Client Deployment

Apps created with Code On Time can also integrate with other content management systems such as SharePoint Online in Office 365.

App created with Code On Time is integrated in SharePoint Online.