Traditional ASP.NET application can determine the identity of the user by inspecting Page.User.Identity property of the page or user control class implementation.
Code On Time applications separate the business logic implementation from the presentation. An application page defines a markup with data placeholders. Page components inject the JavaScript client library initialization instructions in the output when a page is rendered. The JavaScript code is executed by the web browser. Initialized JavaScript classes start communicating with the business rules attached to the application data controllers by executing JSON requests.
Developers can access the user identity by inspecting the Context property available in the BusinessRules class.
Example:
namespace MyCompany.Rules { public partial class SharedBusinessRules :
MyCompany.Data.BusinessRules { public SharedBusinessRules() { string userName = Context.User.Identity.Name; } } }
User ID can be determined by inspecting the properties of classes System.Security.Principal.WindowsIdentity and System.Web.Security.Membership.
Class BusinessRules offers convenient shortcuts. Static properties UserId, UserName, and PortalId.
The following implementation of SharedBusinessRules shows the examples of accessing identity properties of the base business rules class in a DotNetNuke Factory project. The same example will work in any other project with the exception of the line inspecting the Portal ID.
C#:
using System; using System.Data; using System.Collections.Generic; using System.Linq; using MyCompany.DnnDemo.Data; namespace MyCompany.DnnDemo.Rules { public partial class SharedBusinessRules : MyCompany.DnnDemo.Data.BusinessRules { public SharedBusinessRules() { object uid = UserId; string uname = UserName; int pid = PortalId; } } }
Visual Basic:
Imports MyCompany.DnnTestVB.Data Imports System Imports System.Collections.Generic Imports System.Data Imports System.Linq Namespace Rules Partial Public Class SharedBusinessRules Inherits MyCompany.DnnTestVB.Data.BusinessRules Public Sub New() Dim uid As Object = UserId Dim uname As String = UserName Dim pid As String = PortalId End Sub End Class End Namespace
Use these properties to implement access control rules that will filter data in multi-tenant web applications.
For example, the following access control rule will be invoked whenever the UserID data field is detected in the view of any data controller.
C#:
using System; using System.Data; using System.Collections.Generic; using System.Linq; using MyCompany.DnnDemo.Data; namespace MyCompany.DnnDemo.Rules { public partial class SharedBusinessRules : MyCompany.DnnDemo.Data.BusinessRules { [AccessControl("", "UserId", "[UserID] = @UserID")] public void FilterByUserUserID() { RestrictAccess("@UserID", UserId); } } }
Visual Basic:
Imports MyCompany.DnnTestVB.Data Imports System Imports System.Collections.Generic Imports System.Data Imports System.Linq Namespace Rules Partial Public Class SharedBusinessRules Inherits MyCompany.DnnTestVB.Data.BusinessRules <AccessControl("", "UserId", "[UserId]=@UserId")> Public Sub FilterByUserId() RestrictAccess("@UserId", UserId) End Sub End Class End Namespace