Web Application Generator

Labels
AJAX(112) App Studio(7) Apple(1) Application Builder(245) Application Factory(207) ASP.NET(95) ASP.NET 3.5(45) ASP.NET Code Generator(72) ASP.NET Membership(28) Azure(18) Barcode(2) Barcodes(3) BLOB(18) Business Rules(1) Business Rules/Logic(140) BYOD(13) Caching(2) Calendar(5) Charts(29) Cloud(14) Cloud On Time(2) Cloud On Time for Windows 7(2) Code Generator(54) Collaboration(11) command line(1) Conflict Detection(1) Content Management System(12) COT Tools for Excel(26) CRUD(1) Custom Actions(1) Data Aquarium Framework(122) Data Sheet(9) Data Sources(22) Database Lookups(50) Deployment(22) Designer(177) Device(1) DotNetNuke(12) EASE(20) Email(6) Features(101) Firebird(1) Form Builder(14) Globalization and Localization(6) How To(1) Hypermedia(2) Inline Editing(1) Installation(5) JavaScript(20) Kiosk(1) Low Code(3) Mac(1) Many-To-Many(4) Maps(6) Master/Detail(36) Microservices(4) Mobile(63) Mode Builder(3) Model Builder(3) MySQL(10) Native Apps(5) News(18) OAuth(9) OAuth Scopes(1) OAuth2(13) Offline(20) Offline Apps(4) Offline Sync(5) Oracle(11) PKCE(2) Postgre SQL(1) PostgreSQL(2) PWA(2) QR codes(2) Rapid Application Development(5) Reading Pane(2) Release Notes(183) Reports(48) REST(29) RESTful(29) RESTful Workshop(15) RFID tags(1) SaaS(7) Security(81) SharePoint(12) SPA(6) SQL Anywhere(3) SQL Server(26) SSO(1) Stored Procedure(4) Teamwork(15) Tips and Tricks(87) Tools for Excel(2) Touch UI(93) Transactions(5) Tutorials(183) Universal Windows Platform(3) User Interface(338) Video Tutorial(37) Web 2.0(100) Web App Generator(101) Web Application Generator(607) Web Form Builder(40) Web.Config(9) Workflow(28)
Archive
Blog
Web Application Generator
Tuesday, November 14, 2017PrintSubscribe
Configuring SMTP Settings

In order to send emails from within your web app, the SMTP web.config settings must be configured. For example, the automatic password reminders sent by ASP.NET membership require an SMTP configuration.

Start the web app generator, and click on the project name.

Starting in release 8.0.9.0, the SMTP settings can be configured. Select “Settings”, choose “Features”, and switch to “SMTP Configuration” section to define your SMTP settings.

Select Settings, and click on Web Server Configuration option.

In the Web.Config modification instructions text box, insert your configuration. Model it after the sample displayed below:

InsertAfter: /configuration/connectionStrings
  <system.net>
    <mailSettings>
      <smtp deliveryMethod="Network" from="ben@contoso.com">
        <network
          host="localhost"
          port="25"
          defaultCredentials="true"
        />
      </smtp>
    </mailSettings>
  </system.net>

Press Finish, and regenerate the web app. The SMTP settings have been added to the web.config file and emails will now work as intended.

Learn more about configuring email settings.

Monday, September 18, 2017PrintSubscribe
Executing Requests with the Client API

All apps created with Code On Time app generator contain a single client-side API used for all server-side operations, including Select, Insert, Update, Delete, Report, Batch Edit, etc. One significant advantage of using a centralized API is that any style of user interface is able to access the same API – this has allowed the co-development of Classic and Touch UI.

Another major advantage in the client-side API is that developers are able to extend their apps with custom behavior utilizing the same data access routines – any access control rules, data controller customizations, and security restrictions will also equally apply to these custom requests.

To access the client API from custom JavaScript, simply call the method $app.execute(options) with the required parameters set on the options object. See a list of available options parameters below.

Property Description Default Value
controller The controller to direct the request to. (required)
view The view of the controller to use. grid1
done
success
Callback function when the request was send and received successfully. First argument contains the results. List of records can be found under the result property equal to the name of the controller.
fail
error
Callback function when the request failed.
command The name of the command to execute. “Select”
argument The argument of the command to execute.
lastCommand The last command name.
lastCommandArgument The last command argument.
pageSize The number of records to return in a single page. 100
pageIndex The page number to return. 0
filter An array of field filter objects. Each object must have 3 properties:
- “field” specifies the field name
- “operation” specifies the filter operation to perform
- “value” specifies the value of the filter. For operations with two operands (such as “between”), specify an array of two values.
values An array of field value objects. Each object can have the following properties:
- “name” specifies the name of the field matching the one defined in the controller.
- “value” specifies the current value of the field.
- “newValue” specifies the new value.
- “modified” specifies that the new value will be used in any Insert or Update expressions. Setting “newValue” will set “modified” to true by default.
selectedValues An array of strings that contain the primary keys of the selected records. Used for batch update.
tags Specify a list of tags that can be processed on the server.
requiresData Specifies if data should be returned to the client. true
requiresAggregates Specifies if aggregates defined on the view should be returned with the request. false
fieldFilter Specifies a list of fields to include in the response for each record. Not setting this value will return all fields.
format Specifies if field values should be formatted when the results are returned. true
includeRawResponse Specifies if the result should include the raw response in the rawResponse property. false

The simplest way to test your queries is to use the Developer Tools Console, available in most modern browsers.

First, browse to your running site in your favorite browser. Press “F12” to bring up Developer Tools. Switch to the Console tab.

Using the Console tab of Developer Tools to test the $app.execute() API.

You may now begin typing in $app.execute() requests in the console. Note the use of console.log(result), which will print the JavaScript object to the console when the request returns.

The following examples will use the online Northwind sample.

Select

The simplest use case for using the API is to request a page of data. See the following example below on how to fetch the first 10 records from the Orders table where the field “ShipCountry” is equal to “USA”.

$app.execute({
    controller: 'Orders',
    pageSize: 10,
    filter: [
        { field: 'ShipCountry', operator: '=', value: 'USA' }
    ],
    done: function (result) {
        console.log(result);
    }
})

The result shown in the Developer Tools Console.

Selecting 10 orders with a filter.

Insert

In order to insert records to a particular table, the request must specify the “Insert” command and a list of field values. This list is represented by the values property. Each field value object contains a field name. Values that will be assigned to the new record are stored in the field value’s newValue property. The primary key of the table is added as a field value object with the property value equal to null in order for the response to return the new primary key of the inserted record.

$app.execute({
    controller: 'Orders',
    command: 'Insert',
    values: [
        { name: 'OrderID', value: null },
        { name: 'ShipCity', newValue: 'San Diego' },
        { name: 'ShipCountry', newValue: 'USA' }
    ],
    done: function (result) {
        console.log(result);
    }
})

See the results below.

Inserting a record using the $app.execute() API.

Refreshing the view in the browser window will reveal the new record.

The new record is displayed in the grid.

Update

When performing operations on an existing record, either the primary key or an array of selected values must be specified. New field values must be specified in the newValue property.

$app.execute({
    controller: 'Orders',
    command: 'Update',
    values: [
        { name: 'OrderID', value: 11083 },
        { name: 'OrderDate', newValue: new Date() }
    ],
    done: function (result) {
        console.log(result);
    }
})

The result is shown below.

Updating an order via the $app.execute() API.

The result can be seen by refreshing the list of orders.

The updated field value is visible by refreshing the page.

Delete

Delete operations must specify the primary key in the values array.

$app.execute({
    controller: 'Orders',
    command: 'Delete',
    values: [
        { name: 'OrderID', value: 11079 }
    ],
    done: function (result) {
        console.log(result);
    }
})

See result below.

Deleting a record.

The rowsAffected property will be equal to “1” if the record was successfully deleted.

Tuesday, September 12, 2017PrintSubscribe
CMS (Site Content) & OAuth Registration Form

Open Authentication (OAuth) allows secure Single Sign-On in distributed cloud infrastructure. For example, you may build a collection of business applications that use Azure Active Directory to manage users. Individual applications do not store original user information and instead rely on Azure Active Directory to manage users, control sign-in, as well as offer password recovery, suspicious activity detection, and general account security. In this example, each custom application is registered with Microsoft Graph and maintains it’s own configuration settings to delegate user sign-in to Azure Active Directory.

Delegated security speeds up your application development while conforming to high standards of account management and protection.

Release 8.6.6.0 of Code On Time web app generator now offers an easy way to register authentication handlers for Google, Facebook, Windows Live, Identity Server, Microsoft Graph, SharePoint, DotNetNuke, and upcoming Cloud Identity (replacement for ASP.NET Membership in applications built with Code On Time).

The dynamic nature of OAuth configuration requires a place to store settings in the application. Make sure to enable the Content Management System in the database of your app. Log in as admin to your app, and navigate to Site Content.

Site Content page represents the content management system of your app.

Click on the plus (+) button and a form will ask the type of content the user wishes to create. Two options are available – (custom) and Open Authentication Registration. Future releases will allow creating access control lists, custom pages, data controllers, user profile images, workflow register entries, etc. Developers will be able to create editors for custom content items in their applications.

Creating a new Site Content record.

Choose “Open Authentication Registration” option and press OK. Select the Authentication provider from the list of available options in the Open Authentication Registration form, and additional configuration parameters will be displayed.

Selecting an authentication provider on the Open Authentication Registration wizard.

Enter the required properties and press “Save” to register the provider.

Open Authentication Registration form for an existing record.

The new registration record will be displayed in the Site Content. Selecting an existing OAuth registration will reopen the Open Authentication Registration form.

The new registration entry has been inserted. 

User Synchronization

When clients complete authentication with an external provider, the provider returns a username to the app. If a user account is found with a matching username in the application database, then the client is logged in as that user. If the matching user account is not found, what will happen next is determined by the provider configuration. If “Synchronize users” is enabled, a user account will be created with that username and randomly generated password and password answer. If the “Synchronize users” property is disabled, then the user is denied access to the application.

Synchronizing users via external authentication.

Most of the time, you will want to enable user synchronization to create “shadow” user accounts in your application database automatically. Shadow user accounts are representations of the external user identity in the application database. Changes made to these accounts will not affect the identity configuration managed by authentication provider. These accounts represent a cached user name and email. The user password, contact, and identity recovery information is not stored in the application data. If the user is deleted or renamed, then only the cached data is changed. Next sign-in authenticated by the provider will create another shadow user account.

If synchronization of users is disabled, then you will need to create user accounts ahead of time. The passwords assigned to these accounts do not need to be known to the users. Successful authentication by a registered external provider will log in the user with a matching name to the app.

Many applications save references to users in special columns (for example: Modified, Created, ApprovedBy, Owner, DeletedBy, etc). If authentication provider is enabled, then references to shadow user accounts will be recorded.

User Role Synchronization

Many OAuth providers maintain user roles. When a user is authenticated by an external provider, the provider may return a list of roles or groups assigned to that user. If “Synchronize user roles” is enabled for that authentication provider, then the reported user roles will be assigned to the user. Any shadow user roles assigned to the shadow user but not matched by the provider will be removed.

Requesting a list of user roles requires adding a system account to the provider registration. The system account must have permission to access the roles or groups of authenticated users.

If “Synchronize user roles” is enabled, press ADD SYSTEM ACCOUNT to save the registration record. You will be redirected to the authentication provider to acquire permission to read user roles.

Synchronizing user roles via external authentication.

If authentication is successful, the provider will redirect back to the Site Content page and update the registration record with system access tokens. The application will use the system access token to obtain shadow user roles from the authentication provider on each successful login. Access tokens do expire periodically and will need to be renewed. Simply select the provider registration and click Add System Account.

Auto Login

If only one authentication provider is used to confirm user identities, then consider enabling “Force users to login with this provider”. If an anonymous user tries to access this application, then the app will immediately redirect to the authentication provider for sign in. This will also happen if the user logs out.

Enabling auto login for an external providier.

To access the system login form and sign in with an internal user account, append “?_autoLogin=false” to the URL of the page in your browser.

Redirect Uri and Local Redirect Uri

The Redirect Uri property determines the address that the provider will return to after a user has been authenticated. For providers that support defining more than one Redirect Uri, the Local Redirect Uri property will be passed to the provider when the app is running in “local mode”. This automatic switching makes it easy for developers to test the authentication pipeline on a development machine, without having to publish the app.

Specifying Redirect Uri.

Simply type in the address of your site (myapp.azurewebsites.net), and it will be expanded to the correct full URL (https://myapp.azurewebsites.net/appservices/saas/[ProviderName]).

Facebook

To create a registration for OAuth integration with Facebook, the properties Client Id, Client Secret, and Redirect Uri must be specified. Client ID and Client Secret can be obtained from the Facebook Developer Dashboard. Synchronization of roles is not supported.

Configuring Facebook OAuth Provider.

Google

The Google Developer Dashboard will provide the Client Id, and allow developers to generate a Client Secret. Adding system account also allows storing blob data in Google Drive by configuring the Google Drive Blob Adapter.

Configuring Google OAuth Provider.

Windows Live

The Microsoft Apps Dashboard allows creating new clients and secrets. Role synchronization is not supported.

Configuring Windows Live OAuth Provider.

Microsoft Graph

The Client Id and Client Secret values can be created from the Microsoft Apps Dashboard. The Microsoft Graph OAuth provider allows users to authenticate with their Windows Live, Office 365, Azure Active Directory, or SharePoint Online accounts. The Tenant ID property controls the source of external accounts. Specify the value “common” to allow all sources. Enter the specific Tenant ID of your tenant to restrict access to the app to only those accounts registered in the specific tenancy.

Configuring Microsoft Graph OAuth Provider.

If “Synchronize user roles” is enabled, be sure to press Add System Account to grant your app access to the roles or groups of the tenancy.

SharePoint

The Client Id and Client Secret properties can be acquired by navigating to “https://mysite.sharepoint.com/_layouts/15/AppRegNew.aspx”. Make sure to replace the root with your SharePoint site URL. The Client Uri property is equal to “mysite.sharepoint.com” if you are connecting to SharePoint Online.

Configuring SharePoint OAuth Provider.

When configuration is complete, be sure to press Add System Account to allow the app access to the SharePoint groups of each user that authenticates with your app. This also enables storing blobs in SharePoint file system via the SharePoint Blob Adapter and creating “service” data controllers from SharePoint lists in your site.

DotNetNuke

Configuring a DotNetNuke portal as an authentication provider requires installation of Cloud On Time Connector for DotNetNuke. Specify the authentication endpoint in the Client Uri property. Define a comma-separated list of tokens in the Tokens property. These tokens will be persisted to the SiteContent table for each user. These tokens can be accessed by calling @Profile_Token_Name in SQL business rules or GetProperty(“Token_Name”) in code business rules, replacing the colon (:) with an underscore (_).

Configuring DotNetNuke OAuth Provider.

Identity Server

Be sure to consult the documentation of your Identity Server installation on how to configure authentication clients.

Configuring Identity Server OAuth Provider.