Security Settings

Field Description:

Administrator Login (Hard-Coded) Administrator user id and password
Login Name Login Name for administrator
Password Password for adminsitrator
Use Existing Table Link to existing table for login name and password validation
Table Existing table in database containing login name and password information
Login Name Field Login Name field in table used for authentication
Password Field Password field in table used for authentication

Auto-login

ASP.NET Maker (3+) supports auto-login. When you enable the auto-login feature, a few cookies will be placed on the user's computer to identify the user, meaning that the user do not have to type username and password every time he/she visit the site. For this reason, you should advise your users not to use this feature on a public or shared computer, as any other user of the computer will be able to access the account.

Advanced Security
ASP.NET Maker's Advanced Security feature allows you to setup User ID, assign User Levels to users and create a complete user registration system. To setup, click the [Advanced] button.

 

User ID / Parent User ID
User ID Security secures data at record level. Protected tables must have an User ID field for identifying which user a record belongs to. The User ID field names can be different in tables though. When User ID security is enabled, users can only access their own data.

You can add a Parent User ID field in your user table and assign a parent user for each of your users. The parent user will then be able to modify the child users' records like his/her own.

advSecurityUID

Steps to setup User ID / Parent User ID security for different tables/views:

  1. Click on User ID in the left pane,
  2. Select the User ID field from your user table, (otherwise the feature is disabled)
  3. In the User ID Field column, select the User ID Field for the tables/views that requires User ID security.
  4. In the Parent User ID Field column, select the Parent User ID Field for the tables/views that requires Parent User ID security.

 

User Level
User Level Security secures data at table level. Each user level is granted with specific permissions to tables in the database.

There are 2 types of User Level security:

1. Static User Levels - the User Levels and the permissions are defined in this form and the User Levels are not to be changed after script generation.

Steps to setup static User Level security for different tables/views:

  1. Click on User Levels in the left pane,
  2. Select an integer field in your user table as the [User Level field],(note: if this field is not set, the feature is disabled)
  3. Define your user levels, click icon the add an user level and icon to delete an user level.

2. Dynamic User Levels - the User Levels and the permissions are defined in 2 tables in the database, the User Levels can still be changed with the generated scripts.

Steps to setup static User Level security for different tables/views:

  1. Click on User Levels in the left pane,
  2. Select an integer field in your user table as the [User Level field],(note: if this field is not set, the feature is disabled)
  3. Switch to the [Dynamic User Levels] tab, check [Enable Dynamic User Levels],
  4. Select your User Level Table and User Level Permission Table and the required fields.

The User Level Table and User Level Permission Table must have the following fields, note the data types, User Level ID and the Permission fields must be of integer type, the field names can be different though:

If you want ASP.NET Maker to create these 2 tables in your database, click the [Create tables] button, the following form will display for you to change the table/field names if necessary. You can change the table/field names and then click OK to continue.

If you have projects created by previous versions of ASP.NET Maker you may want to use dynamic User Levels and migrate the previously defined static User Levels in the project to the database. After selecting or creating the User Level and User Level Permission tables/fields, just click the [Migrate] button to let ASP.NET Maker do that for you.

 

After setting the user levels, ASP.NET Maker will populate the user levels to the User Level field's Edit Tag (also see Field Setup) so administrators can assign user levels using the generated pages.

There are two built-in user levels:
Administrator - Administrator is a built-in user level that has all permissions plus the privileges to modify User IDs and User Levels. Its permissions are same as that of the hard-coded Administrator Login
Anonymous - Anonymous is the default user level before logging in.

Note: You may need to use the hard-coded Administrator Login to log on and assign user levels to users initially.

User Login Options
User Login Options allows you to create a complete user registration system for your Web site, with options to let user register, change password and recover password.

User Registration Page Generate user registration page and add a link in login page. Optional email confirmation.
Change Password Page Generate change password page. Optional email confirmation.
Password Recovery Page Generate password recovery page (forgot password page) and add a link in login page. Recovered password will be sent to the user's email address.
User email address field Email address field in user table used for sending email

The following special tags are used in the email templates:

<% Password %> is user password
<% UserName %> is login user name
<% FieldName %> is the field value

For example, <% LastName %> is the field value of the field "LastName".

The email format can be either "TEXT" or "HTML".

 

Also See:

Tutorial - User ID Security
Tutorial - Static User Level Security
Tutorial - Dynamic User Level Security
Tutorial - User Registration System

 

 

 

 ©2004-2007 e.World Technology Ltd. All rights reserved.