StrataFrame Forum » StrataFrame Application Framework - V1 » Role Based Security » Administrative and security maintenance usernames and passwords problem

RE: Administrative and security maintenance usernames and passwords problem

Ivan George Borges — Sat, 20 Oct 2012 10:10:24 GMT

Hi Jennifer.

Have a look at the thread starting from the following post:

http://forum.strataframe.net/FindPost6284.aspx

Administrative and security maintenance usernames and passwords problem

Juan Carlos Pazos — Sat, 20 Oct 2012 10:10:24 GMT

I'm using the last version of SF and RBS, I found a problem after change to this version.

I have this for enter as default admin user in AppMain.vb

[codesnippet]

'-- Set the administrative and security maintenance usernames and passwords

SecurityBasics.AdministratorUserName = "admin"

SecurityBasics.AdministratorPassword = "admin" & DateTime.Now.Day.ToString() '-- set the admin password so that it changes from day to day

SecurityBasics.AdministratorUserPk = -1

SecurityBasics.SecurityMaintenanceUserName = "seguridad"

SecurityBasics.SecurityMaintenancePassword = "seguridad" & DateTime.Now.Day.ToString() '-- set the admin password so that it changes from day to day

SecurityBasics.SecurityMaintenanceUserPk = -2

[/codesnippet]

Previous to this release I could enter as admin and go to the Security editor to manage the security of the application. Now if enter as "admin" the code breaks here:

[codesnippet]

#Region " Data Transformation Functions "

''' <summary>

''' Converts the byte array into an encrypted or decrypted byte array.

''' If the passed data was encrypted, it will be decrypted and vice-versa.

''' </summary>

''' <param name="input"></param>

''' <param name="CryptoTransform"></param>

''' <returns></returns>

''' <remarks></remarks>

Private Function Transform(ByVal input() As Byte, ByVal CryptoTransform As ICryptoTransform) As Byte()

' Create the necessary streams

Dim memStream As MemoryStream = New MemoryStream

Dim cryptStream As CryptoStream = New CryptoStream(memStream, CryptoTransform, CryptoStreamMode.Write)

' Transform the bytes as requested

cryptStream.Write(input, 0, input.Length)

cryptStream.FlushFinalBlock() '-- HERE

[/codesnippet]

The code I use all time to show the security editor is this (previous the update works all time)

[codesnippet]

Dim loForm As SecurityDialog

If SecurityBasics.CurrentUser.GetPermission("Application Security").Action = PermissionAction.Grant Then

loForm = New SecurityDialog()

loForm.ShowDialog()

Else

MessageForm.ShowMessage("Acceso denegado", "No tiene permitido el acceso al editor de seguridad.", "", MessageFunction.OK, MessagingIcon.Forbidden, MessagingSounds.Warning)

End If

[/codesnippet]

And if try to enter with the "seguridad" user, I get this error:

[codesnippet]The CurrentRow for table '[dbo].[SFSUsers]' could not be evaluated because the CurrentRowIndex is out of range. Business object record count: 0. CurrentRowIndex: -1.[/codesnippet]

I dind not change anything in my security functions or users permissions.

I read the some changes were made to security, but I can't found anything that point to the problem I'm having now.

Regards

RE: Administrative and security maintenance usernames and passwords problem

Jennifer Guo — Fri, 19 Oct 2012 13:18:43 GMT

Hello,

I am wondering how I can get the password of a user or how I can determine if a user is administrator.

Since I need check a user's permission, but the program is a Dll and called by another program, so the security login has been bypassed. The user's ID is passed from the other program, i.e. UserID is known. Now I need to check this user's permission to set up my form controls.

I have programed to check SFSUserXPermission and SFSRolesXPermission, but if this user is an administrator, the role is not in table SFSRolesXPermission. My question is how I can get if this user is an administrator or not. I guess the info is in table SFSUsers.us_Data, but how can I get it?

Or, how I can get the password of the user? If I have the password, I can use Login.AuthenticateUser(UserName, Password, "", loUserInfo) to login this user, and then check the currentUser's permission.

Thanks,

RE: Administrative and security maintenance usernames and passwords problem

Juan Carlos Pazos — Thu, 05 Feb 2009 00:58:47 GMT

Trent, hope yoo take a look, I really need to access with the admin integrated acccount to the security editor, I can log in with the admin and enter to every form of the application but not to the security editor.

The three users of the application not have access to the security editor, because I'm working on the application and the times I need to modify security I do it with the integrated admin account.

As far as I can understand the problem seems to be related to decrypt, because as I posted before the error goes in that part of the code.

Wainting for your answer.

Regards

RE: Administrative and security maintenance usernames and passwords problem

Juan Carlos Pazos — Wed, 04 Feb 2009 13:48:04 GMT

Can you tell me how to do that?

Thanks

RE: Administrative and security maintenance usernames and passwords problem

Ivan George Borges — Wed, 04 Feb 2009 11:35:41 GMT

Got it.

I think we could try adding your SFS tables into your DDT project again. If the structures have changed, it will bring the updated ones, and then you could deploy it back to the client. This would make sure that you have the uptodate structures for your securtity tables.

RE: Administrative and security maintenance usernames and passwords problem

Juan Carlos Pazos — Wed, 04 Feb 2009 00:07:26 GMT

Hi again

Thinking, the DDT package yes, but the new structures? I don't know which are does structures?

I don't have indications to compare what is missing.

Regards

RE: Administrative and security maintenance usernames and passwords problem

Juan Carlos Pazos — Wed, 04 Feb 2009 00:05:57 GMT

Yes, as I'm developing the application, I add several tables and update the database with DDT.

Regards

RE: Administrative and security maintenance usernames and passwords problem

Ivan George Borges — Tue, 03 Feb 2009 20:27:28 GMT

Good.

Just thinking, have you tried refreshing your DDT package with the new structures and re-deploying it into the client, if that is the case?

RE: Administrative and security maintenance usernames and passwords problem

Juan Carlos Pazos — Tue, 03 Feb 2009 18:53:09 GMT

yes I did. Every installation I let the installer modify the tables.

regards

RE: Administrative and security maintenance usernames and passwords problem

Ivan George Borges — Tue, 03 Feb 2009 13:39:41 GMT

Hi Juan.

I think that what Trent meant is if you let your StrataFrame database structures to be changed the time you installed the last version of the framework. This is important since there has been some changes in its structures.

RE: Administrative and security maintenance usernames and passwords problem

Juan Carlos Pazos — Tue, 03 Feb 2009 13:06:19 GMT

Hi Trent

I make that BO's procedure that you indicate in the page with the last version update. But not other changes.

Wait for your indications because I really need to enter with the incorporated ADMIN account, Any one of the users can access to the security dialog.

Regards

RE: Administrative and security maintenance usernames and passwords problem

Trent L. Taylor — Tue, 03 Feb 2009 10:29:09 GMT

There have been some structure changes. Did you update the structures when you instaled SF?

RE: Administrative and security maintenance usernames and passwords problem

Juan Carlos Pazos — Mon, 02 Feb 2009 17:17:07 GMT

No recently, the two users that I had before the last version of SF are the same users.

As I try to explain, everything is the same (regarding security and users) than previous the update to the last SF version.

Regards

RE: Administrative and security maintenance usernames and passwords problem

Ivan George Borges — Mon, 02 Feb 2009 16:12:35 GMT

Hi Juan.

Have you got any user added to your security table?