Ticket T444721
Visible to All Users

How to produce a web link that shows a DetailView of a certain object without authentication

created 8 years ago (modified 8 years ago)

Good morning,
I describe a case of use to see if is it possible to make it through XAF.
I was thinking about a vendor that creates the customer cards with a piece of blank data.

To get the compilation of the blank portion, the seller sends each customer the respective card through a special link sent by mail. The customer, when it receives the mail and without authentication, can only fill his card. Once data entry is performed, the link will display a warning (for example, "you can no longer use this link").

what do you think? it's possible?
thank you

Daniele

Answers approved by DevExpress Support

created 8 years ago (modified 8 years ago)

Hello Daniele,

Yes, this is possible. One of the ways to accomplish this task without a deep knowledge of XAF is to show a completely custom ASP.NET page that is not managed by the XAF Security System. When data is entered on this page, create or modify the user record to grant access to the XAF application.

Alternatively, you can show a custom DetailView with the required parameters at the application startup instead of the logon window. The logon window can be substituted with a custom one based on the URL parameter from the HttpRequest.QueryString collection. I have attached a sample project demonstrating this solution. The algorithm of using this solution by end-users is the following:

  1. The Admin user creates a new User record, assigns the Users role to it and sets the IsActive property to false.
  2. The Admin user creates a new Card and assigns the User record from step 1 to its Owner property.
  3. A link with the Card number, e.g., "http://localhost:53590/Login.aspx?CardNumber=12345678", is sent to this user.
    4. When the user opens this link, the CardConfirmationParameters DetailView is shown. Upon clicking the Register action, the user is activated and can use the application.

To test this solution, perform the following steps:

  1. Start the Solution18.Web application, open the Login.aspx page and login as Admin with an empty password. This is required to populate the database with test data.
  2. Logoff and open the SampleForm.aspx page.
  3. Click the hyperlink from this page.

The most of this functionality is implemented in the RegisterCardOwnerController class. Please review it and let me know if you need any clarification.

    Show previous comments (14)
    Anatol (DevExpress) 7 years ago

      The public Logon() method was added in version 16.1. In earlier versions, you can extend the WebApplication descendant with a public Logon method as follows:

      C#
      namespace YourApplication.Module.Web { public interface ILogonMethodProvider { void Logon(); } public class RegisterCardOwnerController : WindowController { ... void registerAction_Execute(object sender, SimpleActionExecuteEventArgs e) { ((ILogonMethodProvider)Application).Logon(); } } } namespace YourApplication.Web { public class YourApplication : WebApplication, ILogonMethodProvider { ... public void Logon() { Logon(null); } } }
      TV TV
      Thomas Vetterling 5 years ago

        Dear supporters,
        How can this be done with "Anonymous" LoggedIn User?
        So in my case 'SecuritySystem.IsAuthenticated' allways returns true
        and the WindowController will not work anymore.
        Does anyone has a hint, how to solve that problem?
        Yours Thomas

        DevExpress Support Team 5 years ago

          Hello Thomas,

          I've created a separate ticket on your behalf (T822517: How to produce a web link that shows a DetailView with "Anonymous" logged in user). It has been placed in our processing queue and will be answered shortly.

          Disclaimer: The information provided on DevExpress.com and affiliated web properties (including the DevExpress Support Center) is provided "as is" without warranty of any kind. Developer Express Inc disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. Please refer to the DevExpress.com Website Terms of Use for more information in this regard.

          Confidential Information: Developer Express Inc does not wish to receive, will not act to procure, nor will it solicit, confidential or proprietary materials and information from you through the DevExpress Support Center or its web properties. Any and all materials or information divulged during chats, email communications, online discussions, Support Center tickets, or made available to Developer Express Inc in any manner will be deemed NOT to be confidential by Developer Express Inc. Please refer to the DevExpress.com Website Terms of Use for more information in this regard.