Security

Labels
AJAX(112) App Studio(9) Apple(1) Application Builder(245) Application Factory(207) ASP.NET(95) ASP.NET 3.5(45) ASP.NET Code Generator(72) ASP.NET Membership(28) Azure(18) Barcode(2) Barcodes(3) BLOB(18) Business Rules(1) Business Rules/Logic(140) BYOD(13) Caching(2) Calendar(5) Charts(29) Cloud(14) Cloud On Time(2) Cloud On Time for Windows 7(2) Code Generator(54) Collaboration(11) command line(1) Conflict Detection(1) Content Management System(12) COT Tools for Excel(26) CRUD(1) Custom Actions(1) Data Aquarium Framework(122) Data Sheet(9) Data Sources(22) Database Lookups(50) Deployment(22) Designer(178) Device(1) DotNetNuke(12) EASE(20) Email(6) Features(101) Firebird(1) Form Builder(14) Globalization and Localization(6) How To(1) Hypermedia(2) Inline Editing(1) Installation(5) JavaScript(20) Kiosk(1) Low Code(3) Mac(1) Many-To-Many(4) Maps(6) Master/Detail(36) Microservices(4) Mobile(63) Mode Builder(3) Model Builder(3) MySQL(10) Native Apps(5) News(18) OAuth(9) OAuth Scopes(1) OAuth2(13) Offline(20) Offline Apps(4) Offline Sync(5) Oracle(11) PKCE(2) Postgre SQL(1) PostgreSQL(2) PWA(2) QR codes(2) Rapid Application Development(5) Reading Pane(2) Release Notes(184) Reports(48) REST(29) RESTful(29) RESTful Workshop(15) RFID tags(1) SaaS(7) Security(81) SharePoint(12) SPA(6) SQL Anywhere(3) SQL Server(26) SSO(1) Stored Procedure(4) Teamwork(15) Tips and Tricks(87) Tools for Excel(3) Touch UI(93) Transactions(5) Tutorials(183) Universal Windows Platform(3) User Interface(338) Video Tutorial(37) Web 2.0(100) Web App Generator(101) Web Application Generator(607) Web Form Builder(40) Web.Config(9) Workflow(28)
Archive
Blog
Security
Friday, May 21, 2010PrintSubscribe
Configuring Mail Settings

Q. Can you tell me in which component, file, etc is it that I configure the mail host that should be used to send out the password reminders.

A.

You can configure mail settings of your application as follows:

  1. Run Code OnTime Generator and select your project.
  2. Click Next button a few times until your reach Web Server page in the project wizard.
  3. Paste the text from the sample below into Web.Config modification instructions field. Make sure to use your own SMTP server settings as values.
  4. Generate your project. The section system.net will be integrated into Web.Config file of your project whenever you generate the project next time.

InsertAfter: /configuration/connectionStrings
  <system.net>
    <mailSettings>
      <smtp deliveryMethod="Network" from="ben@contoso.com">
        <network
          host="localhost"
          port="25"
          defaultCredentials="true"
        />
      </smtp>
    </mailSettings>
  </system.net>

Note that InsertAfter instruction will insert the XML snippet just after the connectionStrings section in Web.Config configuration file of your application.

You can learn more about configuring mailSettings at http://msdn.microsoft.com/en-us/library/w355a94k.aspx.

Labels: Application Factory, Security, Tips and Tricks, Web.Config
Sunday, April 4, 2010PrintSubscribe
Dedicated Login Page, Membership Customization Options

The latest release of Web Site Factory and Data Aquarium Framework support additional ASP.NET Membership configuration options. The menu of the available options is displayed in the screenshot below.

image

Here is a brief description of the available options.

Dedicated Login Page

The standard generated application features a fly-over login dialog that helps users to sign in. Users can also recover their password and sign up for new accounts as well. Sometimes you may want to have a dedicated login page with similar capabilities. If you enable a dedicated login page and generate your project then you will be greeted with the following login page when the application starts.

image

All application pages are automatically protected and any attempt to access a page will require a user to sign in. A dedicated user control ~/Controls/Login.ascx is automatically generated. You can freely change the control in Visual Studio according to your needs. The generator will not be trying to overwrite this control in the future. The default markup of the control is shown below:

<%@ Control Language="C#" AutoEventWireup="true" 
    CodeFile="Login.ascx.cs" Inherits="Controls_Login" %>
<%@ Register Src="Welcome.ascx" TagName="Welcome" TagPrefix="uc1" %>
<div class="SettingsPanel">
    <asp:Login ID="Login1" runat="server" TitleText="" Style="border-collapse: separate;"
        CreateUserText="Sign Up Now" 
        CreateUserUrl="javascript:Web.Membership._instance.signUp();"
        PasswordRecoveryText="Forgot Your Password?" 
        PasswordRecoveryUrl="javascript:Web.Membership._instance.passwordRecovery();">
    </asp:Login>
    <div style="width: 300px; margin: 20px -8px;">
        <uc1:Welcome ID="Welcome1" runat="server" />
    </div>
</div>

If you don’t want to allow password recovery or self-sign up then simply remove the corresponding properties from the control’s markup.

If a dedicated login page is enabled then the fly-over login dialog on the membership bar at the top of the pages will not be displayed anymore.

“Remember Me” Options

Two more new options control if the fly-over dialog will display “Remember me next time” check box in the fly-over login dialog. The “Remember Me” check box is unchecked by default.  Now you can change that by requesting “Remember Me” option to be “checked”.

Password Recovery and Sign Up

Standard features of ASP.NET Membership are password recovery and self sign-up. You can now control if this options are available in your application. The following screenshot shows the fly-over dialog with “remember me”, “password recovery, and “sign up” features disabled. You can see the standard fly-over dialog in action with all features enabled at http://dev.codeontime.com/demo/WebSiteFactory3.

image

“My Account” and “Help”

Two more additional options allow to control if users can access and change their account and invoke the page-level help system. Here is the screen shot with both features enabled. You can see “My Account” and “Help” links on the membership bar.

image

Here the screen shot of the same page with both options disabled in the code generator project wizard.

image

Standalone Membership Database

You can also elect to create a standalone membership database. Read more about it at /blog/2010/03/standalone-aspnet-membership-database.html.

Future Enhancements

The upcoming updates to the premium projects will introduce support for Windows Authentication and also allow to create a custom authentication without dependencies on ASP.NET Membership while retaining all security features described in the tutorials at /blog/2009/12/security-pages-fields-actions.html. We will post a tutorial that will show how to use a database table to authenticate users on the dedicated login page.

The membership bar will also allow activating most recent used objects to allow quick navigation to the application objects that were recently accessed by users.

Labels: Application Factory, ASP.NET Membership, Release Notes, Security
Saturday, March 27, 2010PrintSubscribe
Standalone ASP.NET Membership Database

Web Site Factory and other premium projects integrate ASP.NET Membership, a built-in way to store and validate user credentials. You can enable ASP.NET Membership by selecting the membership option in the code generator project wizard. This will enable numerous membership features including a fly-over sign-in window, self-service membership enrollment, membership bar, and membership manager.

image

The configuration of your project will be automatically changed to support the default membership provider available in ASP.NET. This provider defines a connection string that points to a local instance of Microsoft SQL Server Express. The provider will automatically connect to the server and dynamically create a database to maintain users, roles, and other membership features. The database will be created under ~/App_Data folder of your project.

This works great on a development machine with installed SQL Server  Express. There are many situations when you want to use a standalone membership database or store ASP.NET membership data structures directly in your own database.

Project wizard offers an option that will enable a standalone membership database configuration. Here is the screen shot of the project wizard with the the standalone membership database enabled. 

image

The connection string in the screen shot looks as follows:

Data Source=.;Initial Catalog=aspnetdb;Integrated Security=True;

We have configured the standalone membership database with the name aspnetdb.

You can read more about the configuration process at http://msdn.microsoft.com/en-us/library/ms229862(VS.80).aspx.

These are the steps that we have taken to create the aspnetdb database:

  1. We have started aspnet_regsql.exe from Windows Explorer as shown in picture.
    image
    The path to your instance of aspnet_regsql.exe:
    C:\%windir%\Microsoft.NET\Framework\<versionNumber>\aspnet_regsql.exe

  2. We have clicked Next button in ASP.NET SQL Server Setup Wizard:
    image

  3. We have continued to the next step to configure SQL Server for application services:
    image 

  4. We have entered “.” as a server name and “aspnetdb” as database name.
    image 
    A few more clicks on the Next button have done the job for us. The database has been created. We have returned to the project wizard of our code generation project and configure the provider name and connection string of the newly created membership database.
Labels: Application Factory, ASP.NET Membership, Data Aquarium Framework, Security
Continue to Security: Pages, Fields, Actions
© 2025 Code On Time LLC. All rights reserved. All trademarks mentioned on this website are property of their respective owners.
Watch | Blog | Roadmap | Learn | Community | Support