Security Package Widgets

Once the security package is installed, it adds a number of security-related widgets that come as part of this package. These widgets are already pre-wired to the back-end functionality. All you need to do is to place them on your application forms – there is no need for coding.


Login Bar Widget


The Login Bar widget provides a convenient way to expose all the necessary user interface elements required by an application to allow user login, user logout, user registration, security administration, changing password, password recovery and displaying user name after the user has logged in.


security-figure19.png
Figure 19: Login Bar Widget


Remarks: This widget is particularly useful when placed in the header of an application’s main form providing a central location for accessing security related functionality within an application. It can be used by itself or in conjunction with other security widgets without the need for synchronisation of state between different widgets.

The font properties of TextLabel controls used inside this widget can be edited by using the “Edit Parts” command which is located in the Layout section on the Home ribbon when the form designer is active. The Left and Top properties of the TextLabel controls cannot be changed as the widgets uses the Flow layout for the arrangement of controls inside its main container.

The Login Bar widget contains the Login Name and Login Status widgets.

Published Properties: None.

Published Events:

OnLogin – This event is invoked after a login attempt is made and the login result is returned to the browser. This event is triggered no matter where the login attempt is made from.

OnLogout - This event is invoked after the user is logged out. This event is triggered no matter where the logout attempt is made from.


Login Name Widget


The Login Name widget displays the current username using a simple TextLabel control.


security-figure20.png
Figure 20: Login Name Widget


Remarks: This widget is pre-configured to monitor user login/logout activities and to display the current username after a successful log in or display “anonymous” when the user logs out or when the application has just started. You could place multiple instance of this widget throughout your application without the need to manually synchronise their states.

Published Properties: None.

Published Events:

OnLogin – This event is invoked after a login attempt is made and the login result is returned to the browser. This event is triggered no matter where the login attempt is made from.

OnLogout - This event is invoked after the user is logged out. This event is triggered no matter where the logout attempt is made from.


Login Status Widget


The Login Status widget provides a link for invoking the login dialog box. After a successful login the same link displays a “sign out” link which can be clicked to invoke the logout command.


security-figure21.png
Figure 21: Login Status Widget


Remarks: This widget is pre-configured to monitor user login/logout activities and to display “Sign in“, when no user is logged in, or to display “Sign out” after a user has successfully logged in. You could place multiple instance of this widget throughout your application without the need to manually synchronise their states.

Published Properties: None.

Published Events:

OnLogin – This event is invoked after a login attempt is made and the login result is returned to the browser. This event is triggered no matter where the login attempt is made from.

OnLogout - This event is invoked after the user is logged out. This event is triggered no matter where the logout attempt is made from.


Login Widget


The Login widget provides a pre-configured set of user interface elements that prompt the user to enter username and password, and then it calls the mfk_secLogin web method on the server side to perform user authentication.


security-figure22.png
Figure 22: Login Widget


Remarks: it is common to hide/show this widget upon successful login/Logout. This can be done by intercepting widget’s OnLogin and OnLogout Events and then setting the widget’s visible property to true or false. The widget’s events are not however triggered when the login or logout occur via other widgets or programmatically. When this widget is used in an application main header or side panel, it is recommended to register for global notification of login/logout events so that this widget can hide or show irrespective of where the login or logout occurs within the application. Please see Receiving Global Login/Logout Notifications.

Published Properties: None.

Published Events:

OnBeforeLogin – This event is triggered after the user has pressed the login button and before the login request is made to the server. This event provides an opportunity to do custom validation of username and password.

OnAfterLogin - This event is triggered after the login request is made and the login result is returned.


Change Password Widget


The Change Password widget provides a pre-configured set of user interface elements that allow the user to change his/her password by entering and confirming a new password. It then calls the mfk_secChangePassword web method to affect the change.


security-figure23.png
Figure 23: Change Password Widget


Remarks: The security package also provides a popup dialog form, mfk_secChangePwdDialog, for changing password. The change password dialog uses the Change Password widget and is used by the Login Bar widget. To activate simply call the global function RunChangePasswordDialog in the mfk_secChangePwdDialog form module.

Published Properties: None. Published Events:

OnBeforeChangePassword – This event is triggered just after the user presses the Submit button and before the request to change password is sent to the server. This event provides an opportunity to do custom validation of the new password.

OnAfterChangePassword – This event is triggered after the result for the change password request is returned to the browser.

OnCancel – This event is triggered when the user presses the cancel button.


Password Recovery Widget


The Password Recovery widget provides a pre-configured set of user interface elements that allow the user to reset his/her password.


security-figure24.png
Figure 24: Password Recovery Widget


Remarks: This widget, contrary to what its name might suggest, cannot recover a password! Once forgotten, a password cannot be recovered as the system only keeps a hashed version of the actual password. The original password is not known to the system and therefore impossible to recover. This widget simply calls the mfk_secResetPassword web method to reset the password.

When a password is reset the system triggers the OnResetPassword event on the server side. This event must be used to send an email to the user informing him/her of the new password. The new password will be sent in clear text (human readable) and as such should be viewed as temporary. The user should be encouraged to change his/her password immediately after resetting.

This widget is used in the mfk_secLoginDialog popup form which combines the Login and Password Recovery widgets to provide a common user login dialog that can be invoked from any context by simply calling the RunLoginDialog global function.

Published Properties: None.

Published Events:

OnBeforePasswordRecovery – This event is triggered just after the user presses the Submit button and before the request to reset password is sent to the server. This event provides an opportunity to do custom validation of the username supplied.

OnAfterPasswordRecovery – This event is triggered after the result for the reset password request is returned to the browser.


Create User Widget


The Create User widget provides a pre-configured set of user interface elements that allow a new user to self-register. It also provides a way (Captcha) of verifying that it is a human user that is attempting to register rather than malicious software trying to tamper with your website.


security-figure25.png
Figure 25: Create User Widget


Remarks: The Create User widget validates the data entered by the user before executing the web method that registers the user with the back-end system. If there is invalid data entered the widget would display an error squiggle below the control in which the invalid data is entered. A short explanation is displayed when the user moves the cursor on the control with error squiggle. Use the OnBeforeCreateUser event to perform custom validation.

The security package also provides a popup dialog form, mfk_secRegisterDialog, for user registration. The dialog form uses the Create User widget and is used by the Login Bar widget. To activate simply call the global function RunRegisterNewUserDialog in the mfk_secRegisterDialog form module.

Published Properties: None.

Published Events:

OnBeforeCreateUser - This event is triggered just after the user presses the Submit button and before the request to create a new user is sent to the server. This event provides an opportunity to do custom validation of various fields of the Create User widget.

OnAfterCreateUser - This event is triggered after the result for the Create User request is returned to the browser.

OnCancel - This event is triggered when the user presses the cancel button.


Related Topics

See Also

Back to top