User Security Manager
User Security Manager for Web Connection 1.10 released
Gravatar is a globally recognized avatar based on your email address. User Security Manager for Web Connection 1.10 released
  Rick Strahl
  All
  May 11, 2020 @ 04:41pm

I've released an update to the West Wind User Security Manager for Web Connection as well as a new Getting Started Video. This tool is a plug-in user security management solution that provides the missing user management features that Web Connection doesn't provide out of the box.

The User Security Manager provides:

  • Account Creation
  • Account Validation
  • Password Recovery
  • Password Changes
  • User Administration

Feature Overview

This application comes as a sample application that is ready to run, as well as some tooling that allows you to add the User Security Manager features to a Web Connection 7.x application. The application provides a standalone UserSecurityManagerProcess.prg class that can manage user management independently of your main application's process classes. You can simply use the existing, built-in Web Connection User Security features like lIsAuthenticated, cAuthenticatedUser, cAuthenticatedName and .oAuthenticatedUser to access authentication status and profile information.

The User Security Manager is ready to run in an application it's been added to, but it is meant to be customized for a specific application by adding additional user profile fields and updating the UI to match new features and custom site styling.

Version 1.10 Updates

This Release is mainly a maintenance release that updates the sample application to the latest Web Connection 7.12 support files, as well as updating the build and launch scripts to include the latest Web Connection Web Server improvements and Live Reload functionality.

There have also been a number of fixes and tweaks to the automated UserSecurity_AddToProject.prg script to keep in line with the latest Web Connection releases and some of the changes related to the way projects work since the original v7.0 release.

The documentation has also been updated with updates for configuration and integration. There's also a new Feature Overview that goes through each of the screens that this solution provides and that walks you through the full process of account creation and validation, logging in, admin account management, password recovery.

Thanks to James Monte for his help with troubleshooting some of the issues and some valuable feedback...

If you need User management for your Web Connection application, the User Security manager will save you a ton of time. Even if you need to build something completely different and custom, this library is a great resource on how to hook extended security functionality into the existing Web Connection eco-system.

Check it out.

Aloha,

+++ Rick ---

Gravatar is a globally recognized avatar based on your email address. re: User Security Manager for Web Connection 1.10 released
  Jim Monte
  Rick Strahl
  May 13, 2020 @ 05:33am

Thanks Rick.. and thanks for keeping this VFP/WC eco stystem alive and well!!!

Gravatar is a globally recognized avatar based on your email address. re: User Security Manager for Web Connection 1.10 released
  Eric Selje
  Rick Strahl
  May 25, 2020 @ 02:04pm

Very nice. Any plans for 3rd party authentication? (I'd assume the answer is "when a client pays me to do it" but thought I'd ask)

Gravatar is a globally recognized avatar based on your email address. re: User Security Manager for Web Connection 1.10 released
  Rick Strahl
  Eric Selje
  May 25, 2020 @ 02:27pm

Eric,

Yes more or less 😄

The problem with this is that that becomes an endless pit as each provider requires a different oAuth profile to deal with, it's own token set and configuration, process to onboard etc. etc.

This is one of those cases where automation doesn't necessarily make it much easier to package the configuration up generically. Integration still requires you get the Application Token setup and go through all the Setup goo that the providers require.

All that's then left is the protocol navigation which - while not trivial - is relatively easy to implement with a couple of endpoints (although the token decryption can be tricky)... and then I end up supporting the endless variations of providers and configuration issues.

There are integration solutions like Auth0 that can provide a flexible front end for this without much fanfare, but $$$ especially for busy applications.

But definitely for the Web Connection end of things - without some other financial incentive (ie. paying work to build it) this is not going to happen 😃 As it is, the User Security Manager hasn't been of interest except to a very few people so even that wasn't really worth the dev effort that went into, but at least this is something that has a very fixed scope and is something I can use myself in most applications for myself and those that I help others start. In an ideal world where there was a lively market this would be built into Web Connection, but given the market reality adding any additional high level features at this points will end up being paid addons...

+++ Rick ---

© 1996-2020