Ticket T444721

Visible to All Users

How to produce a web link that shows a DetailView of a certain object without authentication

Daniele Milazzo

created 8 years ago (modified 8 years ago)

Good morning,
I describe a case of use to see if is it possible to make it through XAF.
I was thinking about a vendor that creates the customer cards with a piece of blank data.

To get the compilation of the blank portion, the seller sends each customer the respective card through a special link sent by mail. The customer, when it receives the mail and without authentication, can only fill his card. Once data entry is performed, the link will display a warning (for example, "you can no longer use this link").

what do you think? it's possible?
thank you

Daniele

Answers approved by DevExpress Support

Anatol (DevExpress)

created 8 years ago (modified 8 years ago)

Hello Daniele,

Yes, this is possible. One of the ways to accomplish this task without a deep knowledge of XAF is to show a completely custom ASP.NET page that is not managed by the XAF Security System. When data is entered on this page, create or modify the user record to grant access to the XAF application.

Alternatively, you can show a custom DetailView with the required parameters at the application startup instead of the logon window. The logon window can be substituted with a custom one based on the URL parameter from the HttpRequest.QueryString collection. I have attached a sample project demonstrating this solution. The algorithm of using this solution by end-users is the following:

The Admin user creates a new User record, assigns the Users role to it and sets the IsActive property to false.
The Admin user creates a new Card and assigns the User record from step 1 to its Owner property.
A link with the Card number, e.g., "http://localhost:53590/Login.aspx?CardNumber=12345678", is sent to this user.
4. When the user opens this link, the CardConfirmationParameters DetailView is shown. Upon clicking the Register action, the user is activated and can use the application.

To test this solution, perform the following steps:

Start the Solution18.Web application, open the Login.aspx page and login as Admin with an empty password. This is required to populate the database with test data.
Logoff and open the SampleForm.aspx page.
Click the hyperlink from this page.

The most of this functionality is implemented in the RegisterCardOwnerController class. Please review it and let me know if you need any clarification.

Solution18.zip

Show previous comments (14)

Daniele Milazzo 8 years ago

Anatol, thank you for your clear explanation.
I would like to ask you an additional detail that would help me to increase security for compilation:
- I would insert, inside the new object to be filled, a security code that I would pass through web url.
- I would then enter into the condition of the user permission "allow read / write / view if PassedByURL_SecurityCode == SecurityCode"

Is it possible (and convenient) to use this strategy?
how can I do?
thanks

Anatol (DevExpress) 8 years ago

You can obtain this security code as in a general ASP.NET application, e.g. using the HttpRequest.QueryString property. Please check the example from the How to skip the logon page and automatically authenticate a user in code (e.g. from an external link) ticket, where the UserName parameter is passed in this manner. Does this solution meet your needs?

Daniele Milazzo 8 years ago

Dear Anatol,
understand the whole thing is quite complicated.
Unfortunately, this project (DeXp11) does not work with my environment and is very complex to understand it quickly.
Also the details of all the points that you sent me are not so trivial.

it would be possible to have an executable project where there are all the "ingredients"?

I understand that perhaps I ask too much.
thank you
Daniele

DevExpress Support Team 8 years ago

Hi Daniele,

We need additional time to research this scenario. We will get back to you once we have any results or need extra information. Your patience is appreciated.

Daniele Milazzo 8 years ago

Thank you very much Anatol, I hope it is possible to have an help for this question.

hi
Daniele

Anatol (DevExpress) 8 years ago

I have reconsidered the solutions I described previously and decided to create a sample demonstrating a mixture of them. This scenario shows an XAF form (DetailView) for specifying a Card's parameters, but this is done before logon, which allowed me to skip configuring the Security System for showing these parameters. So, the algorithm of using this solution by end-users is the following:

The Admin user creates a new User record, assigns the Users role to it and sets the IsActive property to false.
The Admin user creates a new Card and assigns the User record from step 1 to its Owner property.
A link with the Card number, e.g., "http://localhost:53590/Login.aspx?CardNumber=12345678", is sent to this user.
4. When the user opens this link, the CardConfirmationParameters DetailView is shown. Upon clicking the Register action, the user is activated and can use the application.

To test this solution, perform the following steps:

Start the Solution18.Web application, open the Login.aspx page and login as Admin with an empty password. This is required to populate the database with test data.
Logoff and open the SampleForm.aspx page.
Click the hyperlink from this page.

The most of this functionality is implemented in the RegisterCardOwnerController class. Please review it and let me know if you need any clarification.

Solution18.zip

Daniele Milazzo 8 years ago

Great!!!
Thank's Anatol

Anatol (DevExpress) 8 years ago

You are welcome!

Taradanov 8 years ago

Im trying to reuse your solution in my project and i have some questions about it:

Why i cant show DashboardView instead of business object? If i try to Frame.SetView(DashboardView), exception is shown stating that object reference is not set to the instance of the object.
I have defined action and set its TargetObjectType to my custom business object type, but this action is still shown on login page, why?

Taradanov 8 years ago

Ok, i have fixed DashboardView problem, but my action not shhowing on my dashboard view. It still showing on logon page.

Anatol (DevExpress) 8 years ago

In my example, when the CardNumber parameter is specified, the logon window is not shown. Based on your description, I suppose that you are showing the logon window after a custom View. Without seeing your code, I cannot be sure why the behavior you described happens. However, I suppose that it may occur because the LogonController remains active for both views, while the TargetObjectType property is applied to actions only when their Controller is activated or deactivated. To solve the issue, change the Active property of the required actions manually after the logon window's View is changed, as this is done in the How to manage users (register a new user, restore a password, etc.) from the logon form in ASP.NET example. If this does not help, please provide a sample project demonstrating your scenario.

Daniele Milazzo 7 years ago

I would like to open a specific card after logon, so in the registerAction_Execute method I add some instruction to open a specific view but the code doesn't work.

can you help me to correct the mistake?

thanks
Daniele

C#
void registerAction_Execute(object sender, SimpleActionExecuteEventArgs e)  
      {  
          SoggettoConfirmationParameters parameters = (SoggettoConfirmationParameters)e.CurrentObject;  
          parameters.Soggetto.LinkOwner.SetPassword(parameters.Password);  
          parameters.Soggetto.LinkOwner.IsActive = true;  
          e.Action.Controller.Frame.View.ObjectSpace.CommitChanges();  
          AuthenticationStandardLogonParameters logonParameters = (AuthenticationStandardLogonParameters)((SecurityStrategyComplex)Application.Security).Authentication.LogonParameters;  
          logonParameters.UserName = parameters.UserName;  
          logonParameters.Password = parameters.Password;  
          Application.Logon();  
          IObjectSpace objectSpace = Application.CreateObjectSpace(typeof(Soggetto));  
          Soggetto s = objectSpace.GetObject(parameters.Soggetto);  
          DetailView dv = Application.CreateDetailView(objectSpace, "Soggetto_DetailView", true, s);  
          dv.ViewEditMode = ViewEditMode.Edit;  
          Frame.SetView(dv);  
          Frame.GetController<LogonController>().AcceptAction.Active["RegisterSoggettoLinkOwnerController"] = false;  
      }

Anatol (DevExpress) 7 years ago

You can use the standard approach with the ModuleBase.GetStartupActions method in this case. See an example in the ModuleBase.GetStartupActions Method topic. For other solutions, check the following article: How to show a specific View at application startup, right after the logon window or after loading the main window.

Daniele Milazzo 7 years ago

Hi,
I am trying to use the code in the previus message in an old project with xaf14.2 but I have this error

'DevExpress.ExpressApp.XafApplication.Logon(DevExpress.ExpressApp.Actions.PopupWindowShowActionExecuteEventArgs)' is inaccessible due to its protection level C:\Users\Daniele…\ss_one.Module.Web\Controllers\RegisterSoggettoLinkOwnerController.cs 75 25 ss_one.Module.Web

can you help me?

thanks
Daniele

Anatol (DevExpress) 7 years ago

The public Logon() method was added in version 16.1. In earlier versions, you can extend the WebApplication descendant with a public Logon method as follows:

C#
namespace YourApplication.Module.Web {  
    public interface ILogonMethodProvider {  
        void Logon();  
    }  
    public class RegisterCardOwnerController : WindowController {  
        ...  
        void registerAction_Execute(object sender, SimpleActionExecuteEventArgs e) {  
            ((ILogonMethodProvider)Application).Logon();  
        }  
    }  
}  
namespace YourApplication.Web {  
    public class YourApplication : WebApplication, ILogonMethodProvider {  
        ...  
        public void Logon() {  
            Logon(null);  
        }  
    }  
}

Thomas Vetterling 5 years ago

Dear supporters,
How can this be done with "Anonymous" LoggedIn User?
So in my case 'SecuritySystem.IsAuthenticated' allways returns true
and the WindowController will not work anymore.
Does anyone has a hint, how to solve that problem?
Yours Thomas

DevExpress Support Team 5 years ago

Hello Thomas,

I've created a separate ticket on your behalf (T822517: How to produce a web link that shows a DetailView with "Anonymous" logged in user). It has been placed in our processing queue and will be answered shortly.

Created: October 28, 2016 1:06 PM

Modified: October 10, 2019 7:52 PM

Platform: App Frameworks (UI, API, ORM)

Product: XAF - Specify UI Platform

Build: 16.1.7

Disclaimer: The information provided on DevExpress.com and affiliated web properties (including the DevExpress Support Center) is provided "as is" without warranty of any kind. Developer Express Inc disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. Please refer to the DevExpress.com Website Terms of Use for more information in this regard.

Confidential Information: Developer Express Inc does not wish to receive, will not act to procure, nor will it solicit, confidential or proprietary materials and information from you through the DevExpress Support Center or its web properties. Any and all materials or information divulged during chats, email communications, online discussions, Support Center tickets, or made available to Developer Express Inc in any manner will be deemed NOT to be confidential by Developer Express Inc. Please refer to the DevExpress.com Website Terms of Use for more information in this regard.

How to produce a web link that shows a DetailView of a certain object without authentication

Answers approved by DevExpress Support

Recently viewed tickets