locked
Can html client screen be security trimmed based on login users? RRS feed

  • Question

  • Hi I am using Visual Studio 2013 Lightswitch html client. I have a requirements that based on authenticated users, some screens may not be accessible for them. Is there any security feature for html client screens? and how to implement them?

    jl

    Wednesday, November 13, 2013 5:53 AM

Answers

  • Hi,

    1. Suppose you have three different classes of user, "Limited", "Normal", and "Admin".  And you have three home screens, "HomeLimited", "HomeNormal", and "HomeAdmin"

    2. You set up a blank "Home" screen that is the default home screen for the app.  It has logic that determines, based on permissions/database info which screen to redirect to.  It then redirects to "http://yourwebsite.com/HTMLClient/default.htm?home=HomeAdmin" for admin users... or "home=HomeLimited" for limited users, etc.

    3. In the default.htm you have some javascript which parses the url to get the "home=" parameter and calls msls._run with the appropriate screenId.

    4. In your HomeAdmin, HomeLimited, and HomeNormal screens, you have some code which verifies that the user has appropriate privileges to use the screen.

    Source from: http://social.msdn.microsoft.com/Forums/vstudio/en-US/f2384c96-42db-4d2b-94d7-5b691d7beed3/programatically-select-home-screen-html?forum=lightswitch

    In addtion, you can refer to the article below:

    #Filtering data based on assigned user in LightSwitch

    http://www.lightswitchspecial.com/2012/03/filtering-data-based-on-assigned-user.html

    Hope it can help you.


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    • Marked as answer by Joe Lee Saturday, November 16, 2013 11:42 PM
    Friday, November 15, 2013 12:31 PM

All replies

  • Hi jl

    I haven't personally dealt much with security/permissions in LightSwitch however I have seen some articles which go into detail regarding screen level and entity level permissions, at this point all the permissions are managed via the LS Desktop Application but I have read somewhere that this will be available in the html client in the near future.

    Here is a good resource for info: http://msdn.microsoft.com/en-us/vstudio/gg604823

    Sorry it's not a definitive answer.

    Wednesday, November 13, 2013 6:50 AM
  • Hi,

    Do you want to know how to assign user permissions to a LightSwitch HTML mobile app? If so, I'd like to suggest you to read the blog below:

    How to Assign Users, Roles and Permissions to a LightSwitch HTML Mobile Client 

    http://blogs.msdn.com/b/bethmassi/archive/2013/06/25/how-to-assign-users-roles-and-permissions-to-a-lightswitch-html-mobile-client.aspx

    In the blog, it describes that we need to deploy a desktop client to perform the security administration for your application.

    Please let me know if I have miunderstood you.


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Thursday, November 14, 2013 11:16 AM
  • Hi Yunjie

    It is great that I can get a reply from MS moderator. I had good look at the article and it only talks you can use the security feature on the server site such as data access. What I am looking for is how to security trim on html screens based on login users. I would appreciate if you can direct me the right links on how to achieve this.

    Thanks 


    jl

    Thursday, November 14, 2013 10:19 PM
  • Hi,

    1. Suppose you have three different classes of user, "Limited", "Normal", and "Admin".  And you have three home screens, "HomeLimited", "HomeNormal", and "HomeAdmin"

    2. You set up a blank "Home" screen that is the default home screen for the app.  It has logic that determines, based on permissions/database info which screen to redirect to.  It then redirects to "http://yourwebsite.com/HTMLClient/default.htm?home=HomeAdmin" for admin users... or "home=HomeLimited" for limited users, etc.

    3. In the default.htm you have some javascript which parses the url to get the "home=" parameter and calls msls._run with the appropriate screenId.

    4. In your HomeAdmin, HomeLimited, and HomeNormal screens, you have some code which verifies that the user has appropriate privileges to use the screen.

    Source from: http://social.msdn.microsoft.com/Forums/vstudio/en-US/f2384c96-42db-4d2b-94d7-5b691d7beed3/programatically-select-home-screen-html?forum=lightswitch

    In addtion, you can refer to the article below:

    #Filtering data based on assigned user in LightSwitch

    http://www.lightswitchspecial.com/2012/03/filtering-data-based-on-assigned-user.html

    Hope it can help you.


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    • Marked as answer by Joe Lee Saturday, November 16, 2013 11:42 PM
    Friday, November 15, 2013 12:31 PM
  • Thanks. It is a good work around. One more question, is there any offical MSDN reference for LS Html client object model, such as screen, element, contentItem, etc?

    jl

    Saturday, November 16, 2013 11:45 PM
  • Hi,

    Regarding Lightswitch HTML reference, I'd like to suggest you to read the articles below:

    Understanding LightSwitch

    http://msdn.microsoft.com/en-US/vstudio/htmlclient

    HTML Client Screens for LightSwitch Apps

    http://msdn.microsoft.com/en-us/library/vstudio/jj674623.aspx

    Hope it helps.


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Monday, November 18, 2013 2:11 AM