none
Lightswitch entity level permissions is not working correctly in internet explorer

    General discussion

  • I think I found a bug in lightswitch and I searched throughout google to try to find someone else who has the same problem, but haven't had any luck so far.

    Seems that lightswitch caches the entities' delete/insert/update/view permissions into some files called __GetEntitySetCanInformation?entitySetName=EntityName in the temporary internet files directory. The problem is that if you login with a diferent user, the permissions to the entities remain the same as it was for the previous user. So if you where logged with a user who has update permission to a certain entity, when you login with a diferent user, he will have update permission to this entity even if he wasn't suposed to have.

    I don't have this problem in chrome. Just in internet explorer. Tested in ie7 and ie8, both have the same problem. Also tested in other computers and all of them had the same problem.

    I created a logout button in my application that calls an asp.net page that does all the loging out. I tryed to make it also remove all cookies, but didn't work. I can't find a solution for this.

    Monday, July 30, 2012 5:57 PM

All replies

  • Does it still happen when close all IE windows and sign back in with different user?
    Monday, July 30, 2012 10:30 PM
  • Sounds like a web application that isn't being closed correctly & cookie information isn't being cleared.

    Yann - LightSwitch Central - Click here for FREE Themes, Controls, Types and Commands
     
    If you find a reply helpful, please click "Vote as Helpful", if a reply answers your question, please click "Mark as Answer"
     
    By doing this you'll help people find answers faster.

    Tuesday, July 31, 2012 2:47 AM
  • In some computer if you close IE window and sign back in with a different user it works as aspected, but in some computers the problem remains.
    Tuesday, July 31, 2012 11:11 AM
  • So how should I close it correclty? This is what I did:

    In the logout button I inserted this command:

            public void Execute()
            {
                Dispatchers.Main.Invoke(() =>
                {
                    HtmlPage.Window.Navigate(new Uri("LogOff.aspx", UriKind.Relative));
                });
            }

    And in the LogOff.aspx Load event I inserted this command:

            protected void Page_Load(object sender, EventArgs e)
            {
                //FormsAuthentication.SignOut();
                Response.Cookies.Clear();
                Microsoft.LightSwitch.Security.ServerGenerated.Implementation.AuthenticationService x = new Microsoft.LightSwitch.Security.ServerGenerated.Implementation.AuthenticationService();
                x.Logout();
    
                Response.Redirect("Home.aspx");
            }

    As you can see, I also tryed FormsAuthentication.SignOut()

    Tuesday, July 31, 2012 11:21 AM
  • Web applications aren't my forte I'm afraid. I would have thought that using "FormsAuthentication.SignOut" &/or "Response.Cookies.Clear" would have done all that was necessary.

    As Wiliam touched on earlier though, are you closing ALL IE windows?

    I wish I could do more to help, but I'm going to have to leave this one for someone with more web application experience.


    Yann - LightSwitch Central - Click here for FREE Themes, Controls, Types and Commands
     
    If you find a reply helpful, please click "Vote as Helpful", if a reply answers your question, please click "Mark as Answer"
     
    By doing this you'll help people find answers faster.

    Wednesday, August 01, 2012 12:01 AM
  • Yes, if I close IE window I can login with a diferent user and the application works as aspected, but in some computers, not even that works. I guess the ones that work must be configured to delete cookies when IE closes or something like that.

    Wednesday, August 01, 2012 11:44 AM