StrataFrame Forum

How to log a user out/switch user

http://forum.strataframe.net/Topic5981.aspx

By Greg McGuffey - 1/19/2007

I need to both allow the user to log out (so another user can login) and handle session locking. I know the SessionLock.LockSession is used to do this sort of thing and session locking is on by default when a SF security project is created. What I'm confused about is what exactly happens. Here are some of the things I need to handle:



- session locks, user logs back in (this one is easy and already handled by LockSession)

- user logs off so another can log on (mostly used by testers), permission will likely be different.

- session locks, the user decides to close rather than unlock

- session locks, user has unsaved changes, decides to close

- session locks, another user logs on, original use has opened forms (maybe with pending edits), permissions might be different



So, suggestions on how to handle these cases?



Mainly, I'm wondering how permissions are handled with open form are shown when a different user unlocks the session, how to handle unsaved changes when a new user logs in or the user decides to exit first (of course, it might not be the user that was logged in that is exiting) and how to allow the application to close form a locked session.



Thanks!
By Ivan George Borges - 1/20/2007

Hi Greg.

I think this is nicely handled by the framework.

In my application's MainForm ToolStrip, I've created a "Login" button, with the following code:

Private Sub tsmiLogin_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles tsmiLogin.Click

    System.Windows.Forms.SendKeys.Send("{F11}")

End Sub

F11 is the SF shortcut to your Login form.

So, the user can live after pressing "Login" and the login form will be waiting for the next.

session locks, user logs back in (this one is easy and already handled by LockSession)

That's it.


user logs off so another can log on (mostly used by testers), permission will likely be different.

No problem. Permissions will be tested when new user logs in. Let's say there was an open form, which has its "ViewSecurityKey" set, if the new user hasn't got permission to view this form, a panel will be covering it keeping the user from viewing anything that was going on.

session locks, the user decides to close rather than unlock

I guess an authorized user will need to login and close the application. If there are any forms this user is not allowed to see, he probably won't be able to close the application. An authorized user will need to login first.

session locks, user has unsaved changes, decides to close

If the user that logs in back is authorized to do so, he can then just close it.

session locks, another user logs on, original use has opened forms (maybe with pending edits), permissions might be different

Think I described this scenario already.

Guess you will get deeper explanations from the guys.

Have a nice weekend.

Cheers.

By Trent L. Taylor - 1/20/2007

Thanks Ivan! Smile  One other thing you can do to manually lock a session is this:

MicroFour.StrataFrame.Security.SessionLock.LockSession()
By Greg McGuffey - 1/20/2007

Thanks for the info guys!



So, I'm understanding what is done better. There are two things I'd like to be able to do:



1. when a user logs off, loop through the forms and possibly save changes. Would I need to expose some of the BO functionality at the form level, like the EditingState and the Save method? Also, I'd probably need to do this in an event related to session locking. Would it be BeforeSessionLocks (or what ever it is called)? And where is a suggested good place (in code) to put this event handler?



2. Add the Exit button to the login form when a session gets locked, so the app can just be closed. I know the button is there, but it must be hidden when session locking occurs. How can I get to be shown when the session is locked?



Thanks again and have a good weekend...it's snowing here BigGrin
By Trent L. Taylor - 1/21/2007

There are a lot of different ways you can handle your forms being closed and saving changes.  It could depend on how you are launching your forms.  We have a menu system wihtin our medical application that launches all forms, reports, etc.  So since we have a single point of launching, it makes it easy to add handlers or fill a collection of some kind.

In any case, one option is to loop through the forms collection in your MDI form.

For Each loForm As Form In Me.MdiChildren
    Try
        With CType(loForm, MicroFour.StrataFrame.UI.Windows.Forms.BaseForm)
            .Save()
            .Close()
        End With
    Catch ex As Exception
    End Try
Next

How can I get to be shown when the session is locked?

Well, you can create a custom login form to do this.  But depending on your needs, this might not be the best place to close down your app.  Generally it is best to require the end-user to at least log back in first...but maybe not.  It just depends on your circumstances.

it's snowing here

Here too Smile  We got about 8-10 inches yesterday!

By Greg McGuffey - 1/21/2007

OK, I see that I can setup a form to save any/all BOs on the form with the BaseForm.Save method. And likewise I can undo any changes with the BaseForm.Undo method. Cool, that is handled.



Interacting with the login form is not obvious though. I see that there is a AllowAppExit property, which is tied to the Exit button's Visible property. And clicking the exit button simply sets a DialogResult of cancel. When I call LockSession, how would I enable AllowAppExit and also if the user cancels the form via a click to Exit, does LockSession close the app?



Here too Smile We got about 8-10 inches yesterday!


Nice! BigGrin I'm nursing some blisters from some new snow boots I used to go snow shoeing yesterday, but it was glorious!
By Trent L. Taylor - 1/21/2007

does LockSession close the app?

No.  If you create a custom login form you can prevent the Exit button be being disable.  Or...create a button of your own to close down the application.

By Greg McGuffey - 1/22/2007

I sorry, I'm just not following this.



I have a custom login form. When the login form is shown initially, the Exit is shown and this returns a result of Cancel to the caller (within Login.ShowLoginAndAuthUser), which then returns false, with sets the e.ShowMainForm to false, which causes the app to exit (some where in SF code). I'm pretty sure this is right. The Login.ShowLoginAndAuthUser code must configure the login form to show the exit button using the AllowAppExit property.



When LockSession is called, it must do whatever it does to lock the session, set AllowAppExit to false, then open the login form. If I did show the exit button, LockSession would likely ignore the cancel result (I'm guessing).



The problem I'm having it that in both cases I don't interact with the login form directly at ALL. And the login form doesn't directly cause the application to exit in the first case. And when the session is locked, I'm assuming the form is opened in dialog mode (ShowDialog), so any code I put in place after locking the session won't be run until after the login form is gone. I must be missing something pretty obvious here, but, well, I'm missing it Ermm
By Trent L. Taylor - 1/22/2007

You have already answered half of the problem yourself.  You know when you are in a locked session versus the initial login.  If you create a custom login form you can program any logic into that you would like....including calling some shared method within your application or your main MDI form to shutdown the forms and save changes.  Better yet, create a shared propety that has a direct object reference to the main form and expose a method to call.

Public NotInheritable Class MyApplication
    Private Shared _MainForm As System.Windows.Forms.Form

    Public Shared ReadOnly Property MainForm As System.Windows.Forms.Form
       Get
          Return _MainForm
       End Get
    End Property
End Class

Set this reference to the class when the main form loads or instantiates:

MyApplication.MainForm = Me

Next, create a method within the main form to shut down your children forms as shown in a previous post:

Public Sub ShutDownFormsAndApp()
    '-- Place code here to close forms

    '-- Terminate the app
    End
End Sub

Now, in the custom login form, you can access the shared property to close the forms and shutdown the app.  Just add a button to your login form if you would like and enable it only for a locked session.  In the click call the shared property and public method:

CType(MyApplication.MainForm, MyMainForm).ShutDownFormsAndApp()
By Greg McGuffey - 1/22/2007

hehe...like I said, I was pretty sure I was missing something pretty obvious!



OK, I get it now BigGrin



One final question: is there anything special I should do when closing the app? Is using the "End" statement in vb enough? Do I need to do anything within the SF framework? Do I need to call Application.Exit()? *



* once again demonstrating my lack of .NET understanding Blink
By Greg McGuffey - 1/22/2007

OK, I lied, I have another question (in addition to the one in the previous post).



Wouldn't the BeforeSessionLock event be the place to handle special stuff related to locking/logging in? I.e. I could set a flag in the MyApplication class (to continue with your example) to indicate that its session locking, I could save/undo changes to forms as needed etc (likely calling static methods in the MyApplication class). Then the login form would be cleaner and only have to deal with exiting. And would the best place to handle this event be in the MyApplication class? Am I really starting to get this!??!!? Wow
By Trent L. Taylor - 1/22/2007

Is using the "End" statement in vb enough?

This is the ultimate "SHUT DOWN NOW" command Smile  Calling this will shut down the message pumps and logically exit the process.  Application.Exit() will not work (properly anyway) because you are running through an SF application. 

We always create a shared ShutDown method that does everything we need it to.  This was we can access from more than one location if need be.

Wouldn't the BeforeSessionLock event be the place to handle special stuff related to locking/logging in?

If this meets your needs then sure.  The way I mentioned earlier would just give you the ability to shut down your application from anywhere if you needed to.

Am I really starting to get this!??!!?

I believe you are Wink

By Greg McGuffey - 1/22/2007

OK, I'm definitely getting it. I added an ExitApp method to my sealed static MyApplication class. I call it from the login form and will be calling it from any other place I need to shut down code (like the unhandled exception handler). I'm using BeforeSessionLock to handle any closing/saving/undoing of forms. AfterSessionLock to clear a flag that indicates that the session is locked BigGrin (unless this is already available somewhere and I missed it).