Code On Time: Workflow

Blog

Workflow

Wednesday, November 7, 2012Print Subscribe

Introducing Custom Membership and Role Providers

Internet web applications require an integrated user management. Anonymous users are denied access to protected site pages. Registered users may see a subset of protected pages that depends on user roles.

About ASP.NET Membership

Microsoft ASP.NET Membership is a powerful pre-packaged option for user and role management available to developers. With little effort a set of required tables and stored procedures can be installed in an application or a standalone database. ASP.NET membership providers are a native part of the security framework of Microsoft.NET. Many database vendors include custom implementations of ASP.NET membership providers with their software.

It takes only a few clicks to integrate ASP.NET Membership in a web app using Project Wizard.

A requirement to maintain “alien” tables and stored procedure in the application database causes some developers to embark on a path to develop custom membership and role providers for a project. This is not a trivial effort - cutting corners is not recommended.

A table with a list of users is frequently a centerpiece in many databases and creates another incentive to build a custom membership provider.

Sample Custom Membership Configuration

Code On Time web application generator can produce integrated membership and role providers straight from the application database tables.

Consider the Northwind sample web application. The database table Employees is a perfect example of a source of user identities.

An application can treat the Last Name as a “User Name” and Extension as a “Password”.

Here is the list of employees.

Start creating a new Northwind project.

As you go through the steps of the project wizard, pause on the page Authentication and Membership. Select option “Enable custom membership and role providers.”

Enter the following in the configuration box.

table Users=Employees
column [int|uiid] UserID = EmployeeID
column [text] UserName = LastName
column [text] Password = Extension

role Administrators = Fuller
role Users = *

option Create Standard User Accounts = false
option Password Format = Clear

The configuration of membership and role providers maps the columns of the physical table Employees to logical table Users. Application generator will use the the logical table mapping when creating the source code of the providers.

The configuration also defines two roles – Administrators and Users. A minimal custom membership implementation does not require a physical table to hold a list of user roles. This simple declaration states that the user with the last name of Fuller is the “administrator”. It also declares that all employees are “users”.

The automatically generated implementation of providers will try to register two standard user accounts “admin” and “user”. Option “Create Standard User Accounts” is set to “false” to prevent that.

The provider implementation will also try to “hash” the passwords for added security. The employee phone extensions are stored in a “clear” format. Therefore the “Password Format” option disables “hashing”.

Complete the application configuration and activate Project Designer. Using Project Explorer, select page Users and enter Administrators in Roles property, click OK button to save the page configuration. This will ensure that only an administrator can access the page.

Generate the app and login as Davolio with password 5467 when prompted.

Page Employees will not be visible in the site menu.

Log out and sign in as Fuller / 3457 to manage employees on Employees page.

Users, Roles, and User Roles

The example above will have to be extended when dynamic roles are required.

Consider these database tables.

The following configuration of custom membership and role providers will be sufficient to equip a web application with dynamic users and roles.

table Users=Users
column [int|uiid] UserID = UserID
column [text] UserName = UserName
column [text] Password = Password

table Roles=Roles
column [int|uiid] RoleID = RoleID
column [text] RoleName = RoleName

table UserRoles=UserRoles
column [int|uiid] UserID = UserID
column [int|uiid] RoleID = RoleID

Select the project name on the start page of the app generator, choose Authentication and Membership, proceed to modify the configuration of custom membership and role providers. Generate the application and sign in with one of the standard user accounts – admin/admin123% or user/user123%.

Tables Users, Roles, and UserRoles provide a foundation for the integrated security system of the web application.

Labels: Application Factory, ASP.NET Membership, Security, Web Application Generator, Workflow

Tuesday, July 17, 2012Print Subscribe

Feature: Automatic Status Bars

Form views have the ability to display a status bar, providing a quick status update for web app users without having to analyze the field values.

For example, the order record below has been shipped after the Required Date. The status bar notifies the user that the order has been delayed.

The next order record has been shipped on time. The status bar allows the user to quickly analyze the status of the order without having to calculate dates in their head.

The user can quickly tell that the following product has been discontinued.

Status bars are automatically constructed by specifying a status map that relies on the value of a Status field. A sample Orders status map is displayed below:

Orders.editForm1.Status: Shipped
Order Placed > Preparing your shipment > Shipped > [You should receive your item soon] >

Orders.editForm1.Status: Waiting To Ship
Order Placed > [We are preparing the order for shipment] > Shipped >

Orders.editForm1.Status: Shipped Late
Order Placed > [Oops, your order has been delayed] > We are trying to obtain your items >

If a Status field is not present in your controller, a calculated Status field can be created instead.

Labels: Designer, Features, User Interface, Workflow

Tuesday, July 17, 2012Print Subscribe

Status Bars

The state of real world business objects modeled in the application database is frequently determined by the values of multiple object attributes.

For example, an order status may depend on the Order Date and Shipped Date. It would take some time for an end user to analyze the values to understand the status of an order. It would be beneficial for an application to provide a graphical representation of the order status.

Let’s implement a graphical representation of the internal object state using the Orders table of the Northwind sample. Most records have Shipped Date before Required Date. Some records do not have a value in the Shipped Date column. Other records have a Shipped Date past the Required Date.

It would be reasonable to assume that records without a Shipped Date have not been shipped yet, records that have a Shipped Date past the Required Date have been shipped late, and that the order is on time when the Shipped Date is before Required Date.

Start the Project Designer. In the Project Explorer, switch to the Controllers tab. Right-click on Orders / Fields node, and select New Field option.

Give this field the following settings:

Property	Value
Name	Status
Type	String
Length	50
The value of this field is computed at run-time by SQL expression.	True
SQL Formula	case when ShippedDate is null then 'Waiting To Ship' when ShippedDate < RequiredDate then 'Shipped' when ShippedDate > RequiredDate then 'Shipped Late' end
Label	Status
Values of this field cannot be edited	True

Press OK to save the field. Right-click on Orders / Views / editForm1 / c1 – Orders node, and select New Data Field.

Give this data field the following settings:

Property	Value
Field Name	Status
The field is hidden	True

Double-click on Orders controller node.

Change the Status Bar property:

Property

New Value

Status Bar

Orders.editForm1.Status: Shipped
Order Placed > Preparing your shipment > Shipped > [You should receive your item soon] >

Orders.editForm1.Status: Waiting To Ship
Order Placed > [We are preparing the order for shipment] > Shipped >

Orders.editForm1.Status: Shipped Late
Order Placed > [Oops, your order has been delayed] > We are trying to obtain your items >

Press OK to save the controller. On the toolbar, press Browse.

Navigate to the Orders page. Select an order in which the Shipped Date is before the Required Date. A status bar above the form provides a quick status update on the status of the order.

Select an order where Shipped Date is after Required Date. The status bar shows that the order has been delayed.

Finally, select an order without a value in Shipped Date field. The status bar will show that the order has not yet been shipped.

Status can be figured with complex calculations. For example, we configured the following SQL Formula for a new Status field in Products controller:

case
    when Discontinued = 1
        then 'Discontinued'
    when UnitsInStock + UnitsOnOrder < ReorderLevel
        then 'Low On Stock'
    when UnitsOnOrder > 0
        then 'On Order'
    when UnitsOnOrder = 0
        then 'In Stock'
end

The Status Bar configuration for Products controller looks like this:

Products.Status: Discontinued
Flagged for Review > [ The production of the product has been discontinued] >

Products.Status: Low On Stock
High Demand > [The product will be out of stock soon] > Place an order >

Products.Status: On Order
Product stock low > [An order has been placed] > Restocking >

Products.Status: In Stock
Recently restocked > [Plenty of stock] >

A product that has a large amount of Units In Stock will display the following status bar.

When there are a large amount of Units On Order, the status bar will notify that there is sufficient items ordered.

Discontinued products will be displayed like the picture below.

When the stock is low, the status bar will warn the user.

Labels: Designer, User Interface, Web Application Generator, Workflow