I have a requirement to configure the user's authorization per module per screen per action. For example, one user should be able to Create/Save WorkOrders in WorkOrder Module, but another user should only able to View/Delete WorkOrders. Similarly, a third user should only be able to View WorkOrders. This is an example of one screen. Now there are many screens in the application. Let's keep the actions same for all i.e. View, New, Update, Delete.
There is a reports module also, in which the user will create reports on the fly and add it into the application. So authorization is required here too. For example, a user can View/Print WorkOrder reports. But another user can only view reports. Let's keep the actions in reports only View & Print.
I am not sure Asp.Net Core built-in authorization is capable of this or not. What I have looked so far, it is not possible. Please correct me if I am wrong.
Now question is, how should I do this? I had a similar kind of requirement in a previously built application where I used database tables to store rights against each user and each screen. And upon log-in, I used to fetch that data, and then while loading the web page; I used to show or hide the relevant buttons & menus based on user's rights. But here in Asp.Net Razor Pages, the action method matters (If I'm not wrong), and certain functionality can be accessed via route. I am looking for some attribute-based solution.
I found this link with more or less above mentioned implementation using database tables and route URL to determine action name. So the URLs are saved in the database and on runtime they are checked and matched with the current URL and the user is authenticated.
Another link here, where the developer has used attribute-based filtering on action methods. But URL Routes are not being saved in the database or anywhere.
Are these the only & best solution to my problem? I have no problem implementing them, they look logical. But I just want to use the best available approach. Can anyone assist me with any other more suitable approach?
Related
Having recently migrated from years of web forms, I’ve built numerous dot net core razor page apps - So I’m not a complete beginner but I am struggling to understand the best way to approach one particular scenario. I have a page that captures some header information but also needs to capture some additional data that is specific to the “type” of record being edited. In webforms I dynamically loaded a user control for the relevant type using a path name (the path name of the user control being linked to the type so the system knew what form to load). With user controls I could then handle the form submission which meant the logic could be completely different for each type/form. Whereas I can use view components to create the relevant UI in the same way in my razor pages app, I can’t then handle the post back from there. So what would be the best way to approach this in razor pages? To make matters more complex, the type (and thus the objet i want to capture) could be defined in a RCL (another project). Also the type needs to be defined in a database entry, so I need to be able to load it from a string. Whereas a standalone page for each type would be easy, the management of this data is on one place in the core system so I can’t have a different page for each one.
In my Sitefinity back-end there is a user section that I would like to add some setting. Something like DisplayLink where it would be a boolean value that I can set on Login of the user. Is there a way I can do that? I am using sf 14 and can't find anyway to add some setting for the user.
I believe this is what you need ...map the view externally and modify.
However keep in mind these views pull in the XHR JSON and you just expose it to the grid... Open your console and view the XHR network traffic to see the JSON object per user. There's a "Comment" field you might be able to leverage, but man the best way would be to just use a ROLE... because they can be filtered, and already come across in that JSON.
Another thing to note, is this is an OLD UI screen and likely will get revamped in the next few releases of Sitefinity rendering everything you're doing pointless... (have to re-do it with likely the new AdminApp Extensions)
I don't have any code to show, because I'm not sure how to approach this. I am sending a user from one view to another where we will be doing CRUD OPERATIONS, I need to have a way of knowing what the last view I came to before the CRUD OPERATION so that I can send my user back to that view. I would also like to use this for redirection once someone has logged in. I want to have a way of setting the view I want them to get sent back to so that they can log in from any page on the site and it will remember that page instead of just dropping you on the home page.
I would accept a good tutorial as well, I'm pretty desperate to figure this out. SHoudl I just use ViewBag?
If you making <a></a> Through Html Helper then you globally set the querystring in function that can be later used for know the last view user visit.
As Balachandra mention you can use ReturnUrl inside the Request object.
Some other idea which can help you are
Request.Server["HTTP_REFERER"]
Request.UrlReferrer
A another simple algorithm to solve this issue is making JavaScript cookie to know what is current url. and last url. it's only take 2 url to remember in cookie.
When you want to know last referrer then you can easily look in user cookie to know the referrer.
If you want to know the url refeffer in inside Action then make a ActionFilter and just call this code
HttpContext.Current.Request.UrlReferrer.ToString()
In ASP.NET MVC we have TempData which used to pass Data from Views to Views. From this post http://www.rachelappel.com/when-to-use-viewbag-viewdata-or-tempdata-in-asp.net-mvc-3-applications You can get better explanation.
This are enough Tricks to pass the data from Views to Views. For Example TempData will help you to store current url and you can get same information on next view. Remember that TempData is based on Session so it doesn't store the information for long time. For me TempData look perfect solution that you need to use for your own solution.
If you enable asp.net mvc authentication and try to browse any page in application, it will redirect user to login page with 'ReturnUrl' querystring parameter. This parameter holds the name of previous page from where user redirected from.
You can use similar approach even after login as well.
This is more of a design question.
I figured out how to use the facebook login via the Facebook SDK c#.
QUESTION: What is the best way to check whether the user is logged into FB or not each time the user goes to a different page?
Back on ASP.NET webforms, I could simply put in code to check FB login status in the code behind of a master page. This was good ... once and done. But I don't understand how to implement something similar in Asp.Net MVC 4.0.
Given that the _Layout.cshtml file (which acts like a master page) is only a view (hence, no code behind), what is the best way to code a way to check if the user is logged into FB each time a user goes to a different web page? Because I would think, adding this bit of code to each controller can't be the optimal design solution.
The only solution that I can think of involves using Javascript on the client side to do a WebApi call ... I guess the script will be bundled with all the other scripts so that it runs on each page. But I was hoping to find a solution on the server side ...
I'm pretty new to MVC, learning things as I go along ... tips appreciated ... thanks!
I can think of a couple of points that might help you devise a solution.
You can put code in your _Layout, but I agree that you want to be careful about doing so. You could create a helper or partial view and have your _Layout call it so that it's executed for every action. Your helper/partial would need to execute the required logic and then return something. The problem that I have with this is it's a lot of overhead every request.
You could do an AJAX call after the page is loaded (as you suggested). This means that the page still loads quickly. The problem I have with this is that you're now dependant on Javascript. It's also potentially a little hacky(?)
What about storing the user's status (logged on/off) in a session/cookie and also providing a 5 minute expiry. You can use the Helper/Partial method from before or have some logic fire in OnActionExecuting (or similar). Your logic should check to see if the status has expired and then connect to the Facebook API to update the status. This has the advantage of low overhead (i.e. not checking again until 5 minutes has passed).
I don't know of your exact situation so I can't say what method, if any, is best.
Context:
The Web interface coded in .NET (Grantee Portal for nonprofits applying for grants) is pulling information from the Salesforce Page Layout.
The Salesforce user we use to connect the Web interface with Salesforce via API has 'view all and edit all' rights
Issue:
As it is now, if a field is defined as Read-Only on the Page Layout in Salesforce, it is still editable on the web page (the Salesforce User we use has to have 'view all and edit all' rights)
What we are trying to achieve:
IF a field is defined as Read-Only on the Salesforce Page Layout
THEN the same field should be Read-Only on the Web interface page
Question:
To achieve the above, I guess that I need to fetch the field property for the Page Layout via API. Any ideas on how to do so?
Thank you!
Izumi.
You'll need Metadata API (the set of webservices that let you add new objects, fields, picklist values or even create classes & run unit tests).
Here's the API Guide: http://www.salesforce.com/us/developer/docs/api_meta/index.htm
Depending on how often you modify layouts you might decide "screw it, I'll just use Eclipse IDE". In that case you'd download all page layouts (they're XML files), point your C# app to them and let the magic happen.
Slightly more advanced is to use Migration Tool (Ant / Java based application that can be scripted for periodic download of same stuff).
Super advanced would be to use this API guide to write it in C#. It's not rocket science (here's the specification for Page Layout object and here's the Java sample code for the operation that retrieves the metadata... sorry, no C#). Actually you might be better off looking at this example though: http://www.salesforce.com/us/developer/docs/api/Content/sforce_api_calls_describelayout.htm
Seeing that you'll probably want to cache this info somewhere anyway (I can't imagine your user coming to your page, having to wait for the webservice callout to complete, then having his UI rendered) - pick your poison.
Or share the work within the team (1 person kicks off with files downloaded with Eclipse, other tries to figure out the C# code to retrieve them on demand).