I have a requirement to cache the Tab data. I dont want to use external storage as I have to manage the security myself and I dont want to use Teams SharePoint Site or User's onedrive becuase of lots of scenario(Teams/group/delete/modify) and extra graph permission.
As a solution I fugure out that I can pass my whole object in Entity Id, while configuring the page and access it in the Pinned tab from Teams Context.
My concern is, I see that Entity Id is a string type with no limit of charcters. As name says its an Id, am I misusing it?
The Entity Id of a Static Page, I see there is a limit of 64 charcters as specified in app manifest file schema. But for Entity Id of config page, I dont see such limit. Does microsoft forgot to put a limit or it is intentionaly left for developer to define what suits for there app purpose. Please confirm.
This is how I am setting up the config tab: https://learn.microsoft.com/en-us/microsoftteams/platform/tabs/how-to/create-tab-pages/configuration-page?tabs=teamsjs-v2
This is not a good idea at all - the purpose of this EntityId is to support Deep Linking - see more at https://developers.cloudflare.com/pages/how-to/preview-with-cloudflare-tunnel/ I would not advise using it for other things. What you can do instead is pass querystring parameters - these are configured once when the tab is added to the channel / chat and can be reconfigured any time the user opens the Settings page for the tab.
Related
Im new to Umbraco development, but im plenty familiar with ASP.Net & MVC etc. So Im getting to grips with the object model and terminology used, but Im not sure where to start. I need to use windows authentication on my Umbraco site, which will be for internal use only.
What I envision:
- When a domain user hits any area of the website, grab the user identity
- Lookup to see if matching user(or member) exists and if not create it
- Login this user to Umbraco
- By default all new visitors, if their user identity doesnt match a current member, then create that member and log them in.
Sounds like I need to create my own controller that overrides the base controller (RenderMvcController ?) and check the user identity on each and every request? Maybe do this by overriding the Index action method? Or could I do this with a macro - or as ive seen mentioned, are macros loosing favor with the new version of Umbraco?
Also, Im not sure how to deal with members vs users? As I understand it, members are who have access to the front part of the website, whereas users are those that have access to the back office area and can create/manage content.
Are all users also members?
There will be some that I want to give access to create/manage content, so when Im auto-creating users, its actually members that I need to create, not users?
[ update ]
Actually, I think I will need to create my own membership provider if I want every request routed through the check for a valid domain user? In my research, I keep coming across this example http://thegrayzone.co.uk/blog/2012/07/combined-authentication-with-umbraco/
I have overridden the default RenderMvcController in numerous projects with success, you could of course use the built in Umbraco auth to redirect to an authentication page for users that do not have a valid Umbraco Auth token and set it only only on that page based on their windows identity.
RE: Are users also members?
No. Users & Members are entirely independent of one another; users being back office users & members being front end users. You will need to create 2 accounts.
Dynamics CRM (relative) newbie here.
I have an activity feed set up on a users dashboard (I used the Personal Wall web resource). If I look at the default posts for the Account view, everything is cool.
However, if I go and "follow" an Account when I look at my activity feed I can see other posts that relate to records that Account is involved with that are outside of my security role. For example, that Account has several Case records. My role has no permissions to Cases whatsoever, but there is the post in my activity feed. If I click on the case I get a prvReadPriviledge error which is correct, but I don't want users to do this - I don't want these posts to show up in their feeds at all, even if the are following the account.
These posts do need to show up in the feeds for people working Cases, however (and their roles will have read/write to the Case entity).
I'm not sure what do here.. can you help?
I believe that this is what you're looking for it's from Microsoft's site.
"The activity feeds walls are web resources that can be embedded in dashboards in context with relevant grids and visualizations. For example, you can embed the msdyn_/PersonalWall.htm web resource into a dashboard with specifying the HideUserProfile parameter. The default is value 1 (or, true), to hide the user profile, to unhide, use the value 0 (or, false). For more information about how to use web resources in dashboards, see Analyze data with dashboards."
I am using vaadin 7, and jboss 7.1.1. There is a business requirement for very granular ui access. There will be parent windows per business function, and in that window functions relative to it. Business requires enabling and disabling those functions within, per user, so as an example, a parent window that represents employees, and when you click that you enter the child window which has functions like editing, deleting, viewing, adding,etc etc but that access must be customized to the user using it, so user x can update but not delete, as an example.
So what i came up with was to store that information in the database. In the database there will be a users table with username and a user guid. Then a parentview table and and parentchildren table and then lastly a userview table. i will store in the userview table the users guid and either the view they have access to and what type of access as in read,write,update,etc... I will on the ui login authenticate against ldap, get the users information and guid and use the guid to pull the users view access from the userview table in the database and store it in the vaadin session, and then on the ui, read that from the session and show the correct access.
I am not sure if this is the best way which is why i am asking if my solution is ok? I have been reading lots of doc's around security but non seem to achieve what i want. Another point of keeping it in the db, is that i can create a user admin ui which can edit the users access simply by updating the db, i dont want to redeploy or do anything with the webserver, I would prefer a ui user access control module and for someone with rights to it to administer that access. I would really appreciate insight and some ideas into this.
Thanks guys, I would appreciate any input.
What you want to achieve, regardless of the environment you are in and technology you are using, is fine-grained access control / authorization.
The way to do that is to use authorization frameworks. Spring Security has one for instance. I'm not sure whether Vaadin comes with anything.
In our company we use Vaadin to develop a management portal and we then use XACML to apply fine-grained decisions to the portal such as which functions to enable for which users and even which items to display in a Vaadin table.
Generally speaking you want to look at the field of attribute-based access control (NIST ABAC). ABAC lets you define authorization constraints based on different factors/parameters such as user attributes (location, department, role...) and resource attributes (where the resource can be data, widgets, functions... You name it).
I actually delivered a webinar yesterday on the topic of fine-grained authorization for Java MVC apps. I think it could prove useful for you.
If you go down the XACML path, you do not need to create a custom database with the information inside as you have done. All you need to do is write authorization policies e.g. a user in purchasing can use the purchasing functions.
There are several open source XACML implementations as well as vendor solutions such as the one I work for, Axiomatics.
I hope this helps. I've also written a lengthier answer here which covers the broader field of authorization.
I'm assisting another developer with adding a link to a page in a product called Lawson that we use in-house. I need to pass the authenticated user's employee ID to an HTML page we're bolting on. I'm still looking at existing pages on the server, but thought I'd ask: does anyone know how the Javascript object that represents the authenticated user works? It looks like something server-side must be dynamically creating a Javascript object that has useful properties. It is usually called 'AuthUser'. I want to add the necessary JS references to my new page to support this object and access its properties. Does anyone have any experience with that? Thanks!
If you are in a portal session, you can access this in javascript through attributes of portalWnd.oUserProfile:
alert(portalWnd.oUserProfile.getAttribute("id"))
This will give you the logged in user's short username. Many other attributes are available. To see a complete list, log into a portal session and then replace the URL with:
http://YOURPORTALSERVER/servlet/Profile
I'm not sure what you mean by "bolting on", but if you want to pass an attribute to an external page launched from a Portal session, you could create a user shortcut via Portal preferences using something like:
javascript:window.open("http://yourserver/yourpage.html?user=" + portalWnd.oUserProfile.getAttribute("id"))
as the target and process in yourpage.html like a normal GET method form.
If you are still puzzling over this all these months later, provide some specifics if you need more guidance.
I am developing my first application using the Composite C1 CMS as the core system. I am currently working my way through the documentation and learning about data structuring, etc. I see that there is a paid Extranet package which can be purchased but I would prefer to develop my own Membership system within the site.
What would be the best way for me to allow users to register on the front end of my Composite C1 website and then to allow them access to a password protected area once they have registered and logged in?
I am a fairly experienced .net developer but Composite C1 is very new to me (at first impressions I like it a lot!)
Thanks
Like the commercial Extranet package you can write a RenderingResponseHandler plugin and register it it the ~/App_Data/Composite/Composite.config file.
Check the guide "How can I validate users before a page or media file is being served?"
RenderingResponseHandler plugins are tasked with approving page and media requests and they can either let the request pass or redirect the request to a new URL.
You would need to take care of the user data base and login page yourself. Also some mechanism that would allow a user of the cms to mark pages as protected/public might make sense.
There is relevant pointers on the CodePlex thread "Restricting access to MediaArchive files"