First of all I read the help and it instructed me to add the following line to Global.asax file:

SecurityBasics.IsWebEnvironment = true;

Then using the code copied from the help files (see below) I try to authicate the user.  However, the login fails.  I know this code and username and password works, because I used the exact same code from a Windows form.  When looking at the user name returned by SecurityBasics.CurrentUser after the authentication fails, it is 'Administrator' even though I am trying to authenticate another user.  What is wrong or what do I have to do to get this same code to work from a Web form? 

//-- Establish locals

StringBuilder sb = new StringBuilder();

String userName = "";

MicroFour.StrataFrame.Security.Login.LoginResult loResult;

//-- Attempt to authenticate the user

loResult = MicroFour.StrataFrame.Security.Login.SetLoggedInUser(this.txtUsername.Text, this.txtPassword.Text, "");

//-- If the result if Success, AdminLoggedOn, or SecMaintUserLoggedOn, the

// SecurityBasics.CurrentUser object will be changed to the correct user

//-- Do something based upon the result

switch (loResult)

{

case MicroFour.StrataFrame.Security.Login.LoginResult.Success:

sb.AppendLine("Login successful.");

userName = MicroFour.StrataFrame.Security.SecurityBasics.CurrentUser.UserName;

sb.AppendLine(userName);

this.lblMessage.Text = sb.ToString();

return true;

case MicroFour.StrataFrame.Security.Login.LoginResult.Failure:

this.lblMessage.Text = "Login failed.";

return false;

case MicroFour.StrataFrame.Security.Login.LoginResult.UserDeactivated:

this.lblMessage.Text = "User Deactivated.";

return true;

default:

this.lblMessage.Text = "Unexpected Error: No login result returned.";

return false;

}

}

 

Hi SF,

It has been several days and I have not received a response to this post.  I am trying to test using the RBS authentication from a Web form vs using ASP.NET authentication.  Or would it be better to use the built-in ASP.NET authentication and security for web apps?

Thanks,

Jeff

You most definitely do not want to use the built-in .NET security environment as it is a massive pain.  We had a web developer that worked for us a while come in, and without talking with us or later taking our advice, used these controls and created an interface.  It has been a painful experience in every way and now that he is no longer here, we get the pleasure of working on the site....and I can tell you, this is painful.

Let's backup for a minute and assume that you are having a similar problem as you were on the WinForms.  Are you connected to the correct database?  You showed me all of your execution logic, but nothing about how you are connecting to your database or initializing the security environment.  You must still initialize security just like you do on WinForms.

Second, what results do you get just calling AuthenticateUser?

Dim users As new MicroFour.StrataFrame.Security.BusinessObjects()
Login.AuthenticateUser("MyUser", "MyPassword", String.Empty, users)

This will isolate the login since you are required to pass over a users BO.  When you create the instance of this BO, you can then query on it, etc. to make sure you are pulling from the correct database if this initial query doesn't work.  I am almost positive that you are not talking to the correct database or have the security environment setup correct.  This is a good starting place to work through it.

Below is my database application settings in the Global.asax file:

//------------------------------------

// Setting the data sources manually

//------------------------------------

//-- SQL Server

//-- Database which contains the application tables

System.Data.SqlClient.SqlConnectionStringBuilder builder = new System.Data.SqlClient.SqlConnectionStringBuilder();

builder.DataSource = "1LPJPAGLEY\\SQLEXPRESS";

builder.InitialCatalog = "CEI";

builder.UserID = "sa";

builder.Password = "access";

DataLayer.DataSources.Add(new SqlDataSourceItem("", builder.ConnectionString));

// Database which contains the Role Based Security tables

string keyRoleBaseSecurity = "RBS";

System.Data.SqlClient.SqlConnectionStringBuilder builderRBS = new System.Data.SqlClient.SqlConnectionStringBuilder();

builderRBS.DataSource = "1LPJPAGLEY\\SQLEXPRESS";

builderRBS.InitialCatalog = "StrataFrame";

builderRBS.UserID = "sa";

builderRBS.Password = "access";

DataLayer.DataSources.Add(new SqlDataSourceItem(keyRoleBaseSecurity, builderRBS.ConnectionString));

//Set the data source key for the security tables

SecurityBasics.SecurityDataSourceKey = keyRoleBaseSecurity;

Also I queried the SFSUsersBO (see code below) as you suggested and got back one record which is correct because I have only one user setup at the moment:

MicroFour.StrataFrame.Security.BusinessObjects.SFSUsersBO users = new MicroFour.StrataFrame.Security.BusinessObjects.SFSUsersBO();

MicroFour.StrataFrame.Security.Login.LoginResult loResult;

users.FillAll(1);

But the code you suggested to use failed (see below):

loResult = MicroFour.StrataFrame.Security.Login.AuthenticateUser("jeff", "jeff", String.Empty, ref users);

 

First, I noticed that you are still talking straight to the StrataFrame database....this is REALLY bad mojo and you are going to have some major issues down the road if you continue to do this into a production environment.  You should never let your run-time environment (production or testing) touch your development environment.  The mingling of the two always spells disaster in the end.

Second, if you just open up SQL Server Management Studio, and query all of the SFSUSers, can you see the user you are trying to retrieve?

Next, if this shows up, then you need to compile StrataFrame in debug mode and step into the AuthenticateUser method to see if the database gets filled.  One other thought, after you create the SFSUsersBO, check the users.DataSourceKey to see if it points to RBS.  If that doesn't line up nothing will work.

Hi Trent,

You are right about talking staight to Strataframe.  I do have the SF RBS tables in my testing/production database. I just changed this to help troubleshoot the problem.   Also, I just want to make sure you know that this same code and database configuration works fine with a Windows Form.  It is ONLY when I am attempting to use the code from a Web Form that it fails.  So I don't know  why I would need to debug Strataframe.  I did query the SFSUsers from within SSMS and the records are there.  Also, I did check the users.DataSourceKey and it is the correct one ("RBS").

Jeff

Jeff,

I am going to have to ask you to double check your logic then.  Remove all of the calls to SF RBS as this is just confusing the issue.  I know for a fact, that if one can talk to it so can the other.  This is nothing more than a business object retrieving data from a data source.  So there has to be a wiring issue here.

Instead of calling the AuthorizeUser, use the same query you did in the SSMS on the users BO.

users.FillDataTable("SELECT * FROM SFSUSers WHERE....")

If you can't get that to talk, then your web environment and connection strings are not setup correctly.  As for debugging, my point was not that it works in one and not the other.  But rather, to see what the query was doing.  So when you get to the point of calling the above query in your debug session, check the following:

1. What is the data source key of the users BO instance?
2. Check the connection to make sure it is valid immediately prior to executing the query: MicroFour.StrataFrame.Data.DataBasics.DataSources("RBS").ConnectionString
3. Verify your query to make sure it is valid and double-check in SSMS

Jeff, I know you don't believe me , but I know that this is a wiring issue.  If the BO can see the right database, it will retrieve the data....period.  This is where your issue is, once this is resolved, then you can move on to implementation.

Hi Trent,

The code below in the Web Form works fine and returns the correct count of one:

MicroFour.StrataFrame.Security.BusinessObjects.SFSUsersBO users = new MicroFour.StrataFrame.Security.BusinessObjects.SFSUsersBO();

users.FillDataTable("SELECT * FROM SFSUsers WHERE (us_sproj_PK = 1) AND (us_Username = N'jeff')" );

System.Diagnostics.Debug.Print(users.Count.ToString());

I know this is fustrating for the both of us, but I have no problem when using the SFSUsers BO object in the Web form in this test and the previous ones.  Everything is connected and works fine.  Is there a way to query the password field in this query to mimic the AuthenticateUser method?    I know the password is correct, because I am able to use the same password in the AuthenticateUser function within my Windows Form and it works.  So what's next?

Jeff

No, otherwise the password would not be secure.  It is embedded and encrypted.  This is why I wanted you to debug.  This way you can see what is returned.  By not debugging, what could be a 5 minute problem could drag into days going back and forth on the forum.  In the Login class in StrataFrame, the AuthenticateUser method will give you the answer:

On line 462 of Login.vb in the MicroFour StrataFrame Security assembly, you will see what is going on .  There you can see what is retrieved and step until you see the password verified.  I am going blind here.  The only other option is to send me a sample that reproduces the steps....though I don't think that this is feasible since it is environment and getting this reproduced and to me may take even longer.

One other thought, in the WinForm app, manually call the AuthenticateUser method on a test form and see if you get the same results.

Hi Trent,

As I mentioned in my previous posts, I have a test WinForm in a Windows project as part of the same solution which works just fine using the AuthenticateUser method.  That was the first thing I tested before contacting the forum to verify my code was correct.  Therefore, why would the same method AuthenticateUser from the same SF Security DLL assembly work for the WinForm and not for the Webform?

If you still want me to debug the Strataframe security module then exactly how do I compile the module into debug mode, point to the DLL and step into the code.  I haven't done this before.

Jeff