Security

Labels
AJAX(112) App Studio(7) Apple(1) Application Builder(245) Application Factory(207) ASP.NET(95) ASP.NET 3.5(45) ASP.NET Code Generator(72) ASP.NET Membership(28) Azure(18) Barcode(2) Barcodes(3) BLOB(18) Business Rules(1) Business Rules/Logic(140) BYOD(13) Caching(2) Calendar(5) Charts(29) Cloud(14) Cloud On Time(2) Cloud On Time for Windows 7(2) Code Generator(54) Collaboration(11) command line(1) Conflict Detection(1) Content Management System(12) COT Tools for Excel(26) CRUD(1) Custom Actions(1) Data Aquarium Framework(122) Data Sheet(9) Data Sources(22) Database Lookups(50) Deployment(22) Designer(177) Device(1) DotNetNuke(12) EASE(20) Email(6) Features(101) Firebird(1) Form Builder(14) Globalization and Localization(6) How To(1) Hypermedia(2) Inline Editing(1) Installation(5) JavaScript(20) Kiosk(1) Low Code(3) Mac(1) Many-To-Many(4) Maps(6) Master/Detail(36) Microservices(4) Mobile(63) Mode Builder(3) Model Builder(3) MySQL(10) Native Apps(5) News(18) OAuth(9) OAuth Scopes(1) OAuth2(13) Offline(20) Offline Apps(4) Offline Sync(5) Oracle(11) PKCE(2) Postgre SQL(1) PostgreSQL(2) PWA(2) QR codes(2) Rapid Application Development(5) Reading Pane(2) Release Notes(183) Reports(48) REST(29) RESTful(29) RESTful Workshop(15) RFID tags(1) SaaS(7) Security(81) SharePoint(12) SPA(6) SQL Anywhere(3) SQL Server(26) SSO(1) Stored Procedure(4) Teamwork(15) Tips and Tricks(87) Tools for Excel(2) Touch UI(93) Transactions(5) Tutorials(183) Universal Windows Platform(3) User Interface(338) Video Tutorial(37) Web 2.0(100) Web App Generator(101) Web Application Generator(607) Web Form Builder(40) Web.Config(9) Workflow(28)
Archive
Blog
Security
Saturday, March 27, 2010PrintSubscribe
Standalone ASP.NET Membership Database

Web Site Factory and other premium projects integrate ASP.NET Membership, a built-in way to store and validate user credentials. You can enable ASP.NET Membership by selecting the membership option in the code generator project wizard. This will enable numerous membership features including a fly-over sign-in window, self-service membership enrollment, membership bar, and membership manager.

image

The configuration of your project will be automatically changed to support the default membership provider available in ASP.NET. This provider defines a connection string that points to a local instance of Microsoft SQL Server Express. The provider will automatically connect to the server and dynamically create a database to maintain users, roles, and other membership features. The database will be created under ~/App_Data folder of your project.

This works great on a development machine with installed SQL Server  Express. There are many situations when you want to use a standalone membership database or store ASP.NET membership data structures directly in your own database.

Project wizard offers an option that will enable a standalone membership database configuration. Here is the screen shot of the project wizard with the the standalone membership database enabled. 

image

The connection string in the screen shot looks as follows:

Data Source=.;Initial Catalog=aspnetdb;Integrated Security=True;

We have configured the standalone membership database with the name aspnetdb.

You can read more about the configuration process at http://msdn.microsoft.com/en-us/library/ms229862(VS.80).aspx.

These are the steps that we have taken to create the aspnetdb database:

  1. We have started aspnet_regsql.exe from Windows Explorer as shown in picture.
    image
    The path to your instance of aspnet_regsql.exe:
    C:\%windir%\Microsoft.NET\Framework\<versionNumber>\aspnet_regsql.exe

  2. We have clicked Next button in ASP.NET SQL Server Setup Wizard:
    image

  3. We have continued to the next step to configure SQL Server for application services:
    image 

  4. We have entered “.” as a server name and “aspnetdb” as database name.
    image 
    A few more clicks on the Next button have done the job for us. The database has been created. We have returned to the project wizard of our code generation project and configure the provider name and connection string of the newly created membership database.
Labels: Application Factory, ASP.NET Membership, Data Aquarium Framework, Security
Monday, December 28, 2009PrintSubscribe
Security: Pages, Fields, Actions

Learn to secure Web Site Factory and Data Aquarium Framework applications with Code OnTime Designer.

Part 1: Pages

Standard ASP.NET Membership provides an excellent mechanism to protect the pages of your site. Web Site Factory projects rely on ASP.NET Membership to ensure secure role-based page access.

Watch this video on our YouTube channel at  http://www.youtube.com/watch?v=KPvqcDS44jE

Part 2: Fields

Standard ASP.NET Membership roles are used to control who is allowed to read/write field values. Use Code OnTime Designer to quickly set up the field-level security.

Watch this video on our YouTube channel at http://www.youtube.com/watch?v=yr5OznRdVJ0

Part 3: Actions

Learn to secure availability of actions in data views of ASP.NET AJAX applications created with Web Site Factory and Code OnTime Generator. Standard ASP.NET Membership roles are used to control who is allowed to execute actions.

Watch this video on our YouTube channel at http://www.youtube.com/watch?v=uBpLlsEZviI

Labels: Application Factory, Data Aquarium Framework, Security, Video Tutorial
Saturday, April 25, 2009PrintSubscribe
In-Place Creation of Lookup Items

Data Aquarium Framework features on-demand creation of lookup items.

See it in Action

On the screen shot below a user has selected Edit command in context menu of a grid row that lists products from Northwind sample database.

Context-Sensitive Popup Menu

The row is now displayed in edit mode. You can see that supplier company name field has an icon  right next to the lookup box.

New Lookup Item Icon

Row With Lookups That Allow In-Place Item Creation

A click on this icon will bring up New Suppliers modal dialog that allows entering a supplier in-place. The supplier is automatically selected in the lookup when user clicks OK button.

In-Place Lookup Item Creation

You can try this online at http://dev.codeontime.com/demo/nwblob.

Controlling Access to This Feature

The feature is extremely useful but shall not be left uncontrolled. Typically only certain categories of users are allowed to create new lookup items.

This is how the creation of new lookup items is turned on in the data controller definition files.

<field name="SupplierID" type="Int32" label="Supplier#">
  <items style="Lookup" dataController="Suppliers" newDataView="createForm1" />
</field>

Attribute newDataView of items element specifies the view defined in data controller identified by dataController attribute. The attribute value is automatically assigned by Code OnTime Generator. You can define a custom view in Suppliers data controller to provide an alternative form to create new suppliers.

If you don’t want in-place lookup item creation to to be enabled then simply delete the attribute.

Controlling in-place lookups With Roles

A better solution is to allow only certain user roles to create new lookup items.

Open data controller ~/Controllers/Suppliers.xml and modify New Suppliers action as follows:

<actionGroup scope="ActionBar" headerText="New">
  <action commandName="New" commandArgument="createForm1" 
        headerText="New Suppliers" 
        description="Create a new Suppliers record."  
        roles="Administrators"/>
</actionGroup>

Attribute roles will enable this action to be executed by users with Administrators role only. The framework will make sure that there is an action with New command in Suppliers data controller with an argument matched to the view specified by newDataView attribute of items element. If such action is not available then in-place creation of lookup items is automatically disabled.

Our sample application has been generated with ASP.NET Membership enabled. Here is how the row will look if we sign in a user with the standard name user. This user belongs to the role Users and is not authorized to create new suppliers.

Affect Of Action Roles on Lookups

You can see that the icon that allows creating new suppliers is gone. The user still can create new categories.

The centralized business logic and definitions of Data Aquarium Framework ensure that any other references to the Suppliers lookup in the application are affected as well.

This is how the supplier screen will look when displayed to the same user. Notice that New option is not available on the action bar anymore.

Global Effect Of Roles

Conclusion

ASP.NET declarative security if fully integrated into Data Aquarium Framework and allows easy control over AJAX web applications of any complexity.

Labels: Data Aquarium Framework, Database Lookups, Security
Continue to Restricting Read/Write Access To Fields
© 2024 Code On Time LLC. All rights reserved. All trademarks mentioned on this website are property of their respective owners.
Watch | Blog | Roadmap | Learn | Community | Support