|
Disconnected Application and LoginManager |
Post Reply 
|
| Author |
 Share Topic Printable Version Delicious Digg Facebook Furl Google Boomarks Google Buzz MySpace Newsvine reddit StumbleUpon Translate Twitter Windows Live Yahoo Bookmarks Topic Search  Topic Options
|
antalakas 
Newbie 
Joined: 25-Jun-2007 Location: Greece Posts: 28 |
 Post Options
 Quote Reply
 Topic: Disconnected Application and LoginManagerPosted: 25-Jun-2007 at 2:16pm |
|
Hello,
I followed the 306. Authenticationas well as the310. Role-Based Authorizationtutorials in order to use the LoginManager and the IPrincipal object.Now i want to be disconnected, i am investigating methods to do this and come up with several solutions that halt in the same point: I don 't know how to login while disconnected, after completing the above tutorials. Any help? Thank you |
|
 |
|
|
davidklitzke
IdeaBlade 
Joined: 14-Jun-2007 Posts: 715 |
Post Options
Quote Reply
Posted: 25-Jun-2007 at 2:37pm |
|
Here is one technique that you might consider. It requires that the user login and "connect" to a PersistenceManager at least once. On the initial login, read the necessary tables from the database (e.g., "User", "Roles") and store it to a known location in offline storage. On a subsequent occasion, if the user is offline, read the necessary tables from offline storage and do the authentication and authorization. I also recommend that every time the user connects that the necessary tables are updated. This keeps the data in the database and offline storage relatively consistent and up-to-date.
|
|
|
|
|
antalakas
Newbie
Joined: 25-Jun-2007 Location: Greece Posts: 28 |
Post Options
Quote Reply
Posted: 25-Jun-2007 at 2:50pm |
|
Thank you for your quick reply.
I understand the technique. What puzzles me is that the Persistence Manager is used internally in the Login function of the LoginManager. It uses the default Manager. If i save and load the relative tables, i have to pass the manager as an argument. Is that true? Or can i restore the entity set to the default manager and call the login function without changes? Thank you, Andreas |
|
|
|
|
davidklitzke
IdeaBlade
Joined: 14-Jun-2007 Posts: 715 |
Post Options
Quote Reply
Posted: 25-Jun-2007 at 3:52pm |
|
I would create a PersistenceManager, but I wouldn't use the DefaultManager because the DefaultManager will always try to connect. Even though your PersistenceManager will be disconnected, you should still be able to read and write to local storage. (Study the code in the tutorial on "Supported Disconnected Users")
I also wouldn't use a real LoginManager. I would just "borrow" the code so I could authenticate the user.
Your puzzlement about the PersistenceManager used in the LoginManager code is not surprizing. Most people don't realize that this PersistenceManager is not the client-side DefaultManager. It is a server-side PersistenceManager created by the PersistenceServer. Note that a PersistenceManager can be created on either the client or the server.
|
|
|
|
|
antalakas
Newbie
Joined: 25-Jun-2007 Location: Greece Posts: 28 |
Post Options
Quote Reply
Posted: 26-Jun-2007 at 8:32am |
|
I tried to Login while disconnected in several ways in my application but always there is the same answer: "Login failed", no additional comments.
I tried to implement LoginManager outside Server.dll but the answere was the same or even worst (Failed to login before using PersistenceManager or submitted null credentials.) Could you provide me with a working code snippet? Thank you Andreas |
|
|
|
|
antalakas
Newbie
Joined: 25-Jun-2007 Location: Greece Posts: 28 |
Post Options
Quote Reply
Posted: 26-Jun-2007 at 8:40am |
|
I tried to "borrow the code", but i have declared in ibconfig.config that LoginManager is required (in order to work in the online case). This means that i have to implement it. Every try have failed until now...
Andreas |
|
|
|
|
davidklitzke
IdeaBlade
Joined: 14-Jun-2007 Posts: 715 |
Post Options
Quote Reply
Posted: 27-Jun-2007 at 1:43pm |
|
I have built a sample solution that is a modification of the Authentication tutorial. i've included a picture of what the initial Login form looks like. In this solution, the user decides whether he wants to work in connected or disconnected mode by checking the "Work Offline" checkbox.
Here is how I implemented the code. When the user connects, I store the "SecureUsers" in offline storage. After this file is stored on the local computer, the user can login while disconnected. When the "Submit" button is selected, the Login takes a completely different path and executes a "ClientLoginManager" in the Model project. First, the "SecureUsers" are read in from offline storage into the PersistenceManager cache. Then the RdbQuery can be done to select the SecureUser. Since the PersistenceManager is disconnected, the query will be satisfied from the cache.
One security note. The SecureUser business object is in the Model project, not the Server project, so this disconnected solution is less secure than when using the Business Object Server (BOS).
I wanted to upload the .zip file, but the current upper limit on zip files is 80 KB. My .zip file is 130 KB. If you send an email to support@ideablade.com I will send you the solution.
 |
|
|
|
|
antalakas
Newbie
Joined: 25-Jun-2007 Location: Greece Posts: 28 |
Post Options
Quote Reply
Posted: 27-Jun-2007 at 4:33pm |
|
David,
Thank you for the solution you prepared. In a not-always-connected application like the one i develop, the user can "Login" disconnected but while the process is alive the communication can be "up" again and she can download "fresh" data (QueryStrategy.DataSourceOnly). According to the manual if in ibconfig there is true option for LoginManagerRequired, the developer HAS to implement IPersistenceLoginManager to use the Login function. Reading reversely someone gets the meaning: If you do not login you cannot get the data plain and simple. Using your solution I logged in using loginmanager The Users were saved I changed EmployeeForm_Load to the following: private void EmployeeForm_Load(object sender, EventArgs e) { mPersMgr = PersistenceManager.DefaultManager; mPersMgr.Connect(); mEmployees = mPersMgr.GetEntities<Employee>(); this.mEmployeesBS.DataSource = mEmployees; this.mManagersBS.DataSource = mEmployees; } Logged in disconnected: Everything OK While executing mEmployees = mPersMgr.GetEntities<Employee>(); the debugger said: Failed to login before using PersistenceManager or submitted null credentials. The only trick i found in order to play disconnected was to replace true with false in the LoginManagerRequired option in ibconfig. At this point we say good buy to all the theory related to "Secure Server Side User Validation". After all i think that this is fair:
Bottom Line: I wish DevForce had the option to handle disconnected login without failing security considerations. In a BOS deployment scenario this would be unacceptable, so why IdeaBlade says: Use BOS for fully smart client deployment? Of course maybe i miss something. Thank you for your patience Andreas |
|
|
|
|
davidklitzke
IdeaBlade
Joined: 14-Jun-2007 Posts: 715 |
Post Options
Quote Reply
Posted: 28-Jun-2007 at 8:36am |
|
Andreas,
The code sample I sent you wasn't quite complete. I am working on a new version that will allow you to login (connected or disconnected). Once the user logs in, he/she will be able to connect or disconnect through a Connect/Disconnect button.
Your comment that:
According to the manual if in ibconfig there is true option for LoginManagerRequired, the developer HAS to implement IPersistenceLoginManager to use the Login function. Reading reversely someone gets the meaning: If you do not login you cannot get the data plain and simple. This isn't quite true. If you do not login, you can't get data from the database. However, you can still get data from offline storage,
Your error message about "failing to login before using the Persistence Manager" will be fixed in my new version. In this version, I will not have a "real" LoginManager and a "fake" client LoginManager. I will have a single LoginManager that knows how to read SecureUser data from the database (if able to connect to the database) or how to validate the username and password from the file system (if not able to connect to the database) Another change in my next version is that the SecureUser will be returned to the Server assembly. I thought a lot about how to validate the username and password and came up with a better approach than reading the list of SecureUsers from offline storage. After logging in successfuly (using the SecureUser table on the Server), I will encrypt some string using the username and password as an encryption key). When a user tries to login later, the username and password will be used to see if it can unencrypt the encrypted string. It the unencryption is successful, the login will be declared successful. The IPrincipal will be returned from the Login function, and the IdeaBlade framework will set the IsLoggedIn property of the client-side Persistence Manager to true.
One final improvement would be to require a login using info from the database when connecting to the database if the current login used local data from offline storage. Just because a username and password once worked doesn't mean that that same username and password will always work. That means that there is a slight security hole here. If my username and password become invalidated, I can still access old data that I stored in local storage, but I can't read in any new data from the database. With this approach, do you still draw the same Bottom Line?
Bottom Line: I wish DevForce had the option to handle disconnected login without failing security considerations. In a BOS deployment scenario this would be unacceptable, so why IdeaBlade says: Use BOS for fully smart client deployment? Of course maybe i miss something. When I complete this new revised version, I will send it to you. |
|
|
|
|
TWIM
Newbie
Joined: 01-Aug-2007 Posts: 1 |
Post Options
Quote Reply
Posted: 01-Aug-2007 at 6:44am |
|
Hi David, I am really interested in doing something similar and I wonder if you could email the solution to me as well as we are looking at buying this tool but need to make sure it is suitable. Cheers
Mark
|
|
|
|
|
davidklitzke
IdeaBlade
Joined: 14-Jun-2007 Posts: 715 |
Post Options
Quote Reply
Posted: 02-Aug-2007 at 8:32am |
|
I'd be happy to send you the application. Please send me an email at support@ideablade.com
|
|
|
|
|
HFloyd
Groupie 
Joined: 27-Jul-2007 Location: United States Posts: 44 |
Post Options
Quote Reply
Posted: 05-Nov-2008 at 8:40am |
|
Just a tip for anyone who would like this sample solution. It has now been included with the Level 300 Advanced Tutorials installed with DevForce. You don't need to email support to get it.
- Heather |
|
|
|
|
Post Reply
|
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |