StrataFrame Forum » StrataFrame Application Framework - V1 » Role Based Security » Create a basic windows auth app in an isolated DB?

Create a basic windows auth app in an isolated DB?

Andrew Backer — Wed, 25 Oct 2006 13:10:56 GMT

Hello,

I am tying to set up a basic project, and I think I have it mostly there. I am a little stuck on how to set up the connections and the main StrataFrame database for security.

I have my database with all the StrataFrame security objects added to it (ie, my tables + SFSxxx).
I had a working project (usable BOs, etc), but started out with the 'with security' template this time.
I have set the AllowWindowsAuth=true
* when I try to flag a user as 'use windows auth', I am still required to enter a password for them

How do I configure the application so that login requests (and the security editor) are all handled by/routed to my application database, while leaving all the normal stuff in the main, shared SF database. After that, how can I map the user to a windows user? Ideally there would be no mapping, just group permissions assigned via windows groups. Maybe I am misunderstanding somewhat?

Sorry for the not-directly-technical question. Everything is abstracted, so I am not just setting the connection string myself which would, I think, clear up my confusion.

Thanks,
Andrew Backer

RE: Create a basic windows auth app in an isolated DB?

StrataFrame Team — Wed, 25 Oct 2006 13:10:56 GMT

We have a Step-by-Step document that is going to be in the next version of the security help that tells you step-by-step what you need to do to get the security working. It's a topic with links to the other topics within the application but it essentially gives you a checklist of things to do to get the security working.

RE: Create a basic windows auth app in an isolated DB?

Andrew Backer — Wed, 25 Oct 2006 12:47:15 GMT

Ok, I think I understand it a bit better. Through a mis-understanding I managed to make everything work up to a point but then fail in a 'legitimate' way.

I mentioned I had the security tables in my application database. Though this was not commented on in the reply, this made the app load up fine.

I had not provided any security connection string. Also not mentioned, but I did not know I had to. Because I did not do this, it tried to use my [i]application[/i] database. I have added a connection string I created manually to go to the main strataframe database.

When I want to move security to the application database, I suppose I will need to modify the connection string in code. Not sure how I can use the design-time security editor after that point. Perhaps I need an entirely new SF database for this (or each) project.

This is all a bit confuzing, but I can see how it seems simple once you know it. Practical considerations still remain, but now that I understand who controls what and where and under which circumstances, I think it is manageable for a small # of projects.

RE: Create a basic windows auth app in an isolated DB?

Andrew Backer — Tue, 24 Oct 2006 16:11:01 GMT

Sorry for the confusion.

[i]How do I configure the application so that login requests (and the security editor) are all handled by/routed to my application database[/i]
It appears this is not possible. I must have one database with everything and then "deploy". Unclear how this works with >1 project using security and needing different setups.

[i]After that, how can I map the user to a windows user?[/i]
On further reflection, windows user name probably = user name on form. Still must enter password, even if it will be ignored, which is the reason for the confusion.

[i]Ideally there would be no mapping, just group permissions assigned via windows groups[/i]
Mapping for users must be entered by hand. No apparent a way to map win-groups to sf-groups, this may need a custom app-level hack.

[i]"Security within the Application -> Logon - > Loggin into the Application"[/i]
I found the relevant help file. I have 3 strataframe helps linked already, this is the 4th.
The topic contains a paragraph and two screen shots, but the comment about the password being ignored is more relevant.

Still looking at what is going on. Maybe there is a nugget in the documentation.

RE: Create a basic windows auth app in an isolated DB?

Trent L. Taylor — Mon, 23 Oct 2006 16:53:29 GMT

Setting the AllowWindowsAuth to True does not automatically log the user in....it still shows a logon screen. The difference is that when using the windows authentication, the user is logged in checking the Windows environment rather than the SF user database.

You can see some more on this in the help docs under:

Security within the Application -> Logon - > Loggin into the Application