Welcome to the User Security Manager for Web Connection
The Web Connection framework includes only includes minimal built-in authentication features. It basically provides authentication checks within the framework, but as far user interface is concerned the only thing shipped in the box is a login form. Everything else surrounding user administration and profile management is left up to the developer.
The User Security Manager library provides these features in an easy to drop in package that provides the following:
- Enhanced sign in form
- Add and edit user profiles
- New account validation
- Password recovery
- Change password
- Menu login widget
- User administration interface
This library provides the most common user interface feature and support features related to user authentication and basic user management. The templates and default files provide just the minimum user features and are easy to customize and fit to your specific application needs.
The best way to see what how this all works, is to take a look at a sequence of screen shots that show the various UI forms that make up this library. There's nothing fancy here and it is all built ontop of the standard Web Connection framework and contained in its own
UserSecurityManagerProcess.prg process class that provides the code backbone for these forms.
This tool comes with all source code and you can customize the UI and logic to your heart's content.
Enhanced Login Form
The main entry point to the User Manager is the Login form. This is the page most users are likely to use to interact with account management, using it for signing in, creating a new profile or recovering of a password.
The login form requests a username which is typically an email address. We recommend you always use email addresses for user names, but it's not a requirement. The advantage of email is that email addresses are unique by default so it's easy to keep accounts matched properly.
Once you are logged an optional login Widget in the toolbar shows your logged in account along with a drop down menu to log out, view your profile or if you are an admin manage user accounts.
If you don't have an account you can create a new profile using the Create Account button which takes you to the Profile form.
The form is pretty sparse because the default implementation doesn't have any custom info to store there. However you can customize this form and add additional detail, that maps to additional data you can add to the custom
AppUserSecurity.dbf user security table. Any fields yo add there are available on the
When creating a new account the same form is used but you'll be prompted for password and password validation in addition to the base data.
When a new account is created an email validation request is sent (if
AppUserSecurity.ValidateEmail is .t.).
The user can follow this link to validate the account which effectively activates the account. At this point you can now log in as a new user.
The login form includes the ability to create a new account, and if necessary recover a password:
The password recovery form lets the user enter an email address, which is used to send a recovery email. When recovering an email you are sent a recovery link via email which contains a validation key that is matched in the user table.
The email looks like this (captured in an email proxy called PaperCut here):
When you click on this link you are taken to a form where you can reset your email:
Once you've entered a new password you are taken back to the login form where you can then login with your username (email) and password.
If the logged in user is an administrative user (Admin flag .T. in to the user record) he or she can also browse and administer the user list.
The user management screen lets you edit an individual user.
The User Security Manager is implemented as a separate Web Connection Process class that takes over all authentication related tasks. This means authentication becomes separated from your main application's code and the only thing you do with authentication is check for permissions or validation status in your main app. All the logistics of logging in, creating accounts validation is managed in the separate process class.
To integrate the User Security Manager we provide an automated FoxPro script that merges the User Security Manager process class into an existing Web Connection 7.0 or later project. This automated process hooks up the process class, configures the
.usm scriptmap, hooks up the configuration for the AppUserSecurity, enables the shared Session management between your application and the User Security Process.
Alternately, for older versions or if you're running a highly customized version of Web Connection that doesn't follow the standard project layout practices, we also provide manual installation instructions in the documentation. Manual configuration is a one time step and can easily be done in 15 minutes or less, following the instructions.
In short, it's easy to integrate the User Security Manager, and once integrated the authentication features are isolated and don't clutter up your main application.
The User Security Manager is available with full source code and is available as a downloadable zip file of source files.
- Web Connection 7.0+
- Visual FoxPro 9.0
- .NET Framework 4.0 (full framework) or later
Got questions, suggestions or just want to discuss Web Connection or FoxPro development issues? Then come and hang out on our new and redesigned West Wind Message Board to interact with the author and other Web Connection and FoxPro developers.Visit the Message Board