Wednesday, January 11, 2017

Announcing COT v9

We are pleased to announce that the new year brings about an all-new version of Code On Time, called COT v9. This product will come in three flavors: Code On Time, Cloud On Time, and Cloud On Time Private Edition.

The new version brings a unified development environment directly into your application. Users with development privileges will be able to activate the Project Designer from within the live app. The Project Explorer will be displayed alongside application pages and will synchronize itself with the currently visible content. Changes to the project will be reflected instantly in the presentation. The Project Designer communicates with the backend, implemented differently for every flavor of COT v9.

The “Code On Time” flavor of v9 will interact directly with the application generator that you are familiar with. The app generator will run in a batch mode in response to developer actions. Application code will be created, generated, and modified in the exact same fashion you are used to. Visual Studio IDE will be launched when you need to see a C#/Visual Basic business rule, or would like to see the source code of the project. The source code is stored on your computer. You can use your own version control system. You can work with any supported database engine. You will install COT v9 on your computer. The price for Code On Time edition of v9 will remain the same as the current shipping version of the product. Licenses will continue to be perpetual. Active customers will receive “Code On Time” flavor of v9 as a regular product update.

The “Cloud On Time” flavor of v9 will interact with a hosted version of the application generator. Applications and data are stored in the Microsoft Azure Cloud. A built-in Database Designer will be used to create database tables and views within the live app. Developers will be offered a choice of SQL, JavaScript, and Email business rules. “Cloud On Time” does not require installation, and works on any web-enabled device. A monthly subscription fee is based on the number of developers and the number of records in the database. A free trial will be available.

The “Cloud On Time Private Edition” flavor of v9 will interact with a hosted version of the application generator installed on the customer premises. This product is targeted towards privacy-conscious customers with a need for rapid application development. It will be possible to create business rules with C# or Visual Basic to extend applications. The product will be sold with a perpetual license with 6, 12, or 24 months of updates.

Applications created with COT v9 support code-free integration with Google Apps and popular content management systems, such as SharePoint or DotNetNuke.

Rapidly build universal business apps on any device, and in any environment.

Modal login form with three external login options.

Split view displayed on Suppliers page created with Code On Time.

Context panel with new material icons in application using Touch UI.

Image headers and form action bar in Categories form.

Modal page sliding when opening additional pages.

Modal page with mini sidebar.

Pricing for “Cloud On Time” and “Cloud On Time Private Edition” will be announced soon.

We are estimating that COT v9 will become available in March-April of 2017.

We know that many of you awaiting anxiously for the next product update. Release 8.5.12.0 is expected to arrive very soon, and brings many features of COT v9 into your hands. Please stay tuned.

Monday, January 2, 2017

Authenticating Users with Windows Live

Every application requires a list of user accounts that have been granted (or denied) access to the data. In order to maintain membership consistency, every user needs to be associated with a password. Recommended practices for passwords dictate that every password must be unique, contain a long series of mixed alphanumeric characters, and that users should change their passwords regularly. It is likely that many users do not follow these recommended practices, and tend to reuse simple and easy to remember passwords across various systems. This can lead to a security issue if one of the systems becomes compromised – malicious users can then gain access to all systems that share the same password.

In an attempt to solve solutions to the problems mentioned above, authentication can be delegated to a “higher authority”. Application admins can register their app to accept responses from a federated authentication server. When a new user attempts to sign up to the application, they can choose to register an account using their federated account. They will be redirected to the authentication server’s login page, and grant permission for the app to gain access to their email. This information is then used to automatically create an account in the app and sign them in. Therefore, the user simply has to ensure that their account in the federated system is secure.

Applications created with Code On Time can use OAuth 2.0 to register their users. Simply define a resource under the Content Management System (CMS) that lists your client ID, client secret, and redirect URI. A local redirect URI can be defined for testing purposes.

Registering Your App

The first step to enable Windows Live authentication is to register your app.

Navigate to https://apps.dev.microsoft.com. In the top-right corner, press “Add an App”. Enter a name for your app and press “Create Application”.

Adding an application to Windows Live.

Under the “Application Secrets” section, press “Generate New Password”.

Generating a new password for the application.

Make sure to copy the new secret.

Next, press “Add Platform” under the “Platforms” section. Select “Web”.

Adding a platform for the app.

Enter your application URI, with the path “/appservices/saas/windowslive”. Optionally add a local URI for testing purposes.

Adding redirect URI for the app.

Scroll to the bottom of the page, and press “Save”.

Enabling Windows Live Login in the App

The connection needs to be registered in your application. Navigate to the Site Content page of your app, and create a new record with the following settings:

Property Value
File Name windowslive
Path sys/saas
Text

Client Id:
1234567890

Client Secret:
12345mysecret67890

Redirect Uri:  
https://demo.codeontime.com/appservices/saas/windowslive

Local Redirect Uri:
http://localhost:31733/appservices/saas/windowslive

Make sure to change the Text to the correct values for your app.

Logging In with Windows Live

Log out of your app, and press Login to open the login form. The “LOGIN WITH WINDOWS LIVE” action will now be displayed.

The login form now displays a button to "LOGIN WITH WINDOWS LIVE".

Press “LOGIN WITH WINDOWS LIVE”, and you will be redirected to the Windows Live login screen. Once logged in, a permission request will be displayed.

Windows Live displays a permission request - the app is requesting access to the profile's email.

Press “Yes”, and your browser will be redirected back to the app. The app will attempt to sign in with the account matching the returned email. If no account is found, then an account will be created with the email as the username, and a random GUID assigned to the password and password answer.

Authenticating Users with Google

Every application requires a list of user accounts that have been granted (or denied) access to the data. In order to maintain membership consistency, every user needs to be associated with a password. Recommended practices for passwords dictate that every password must be unique, contain a long series of mixed alphanumeric characters, and that users should change their passwords regularly. It is likely that many users do not follow these recommended practices, and tend to reuse simple and easy to remember passwords across various systems. This can lead to a security issue if one of the systems becomes compromised – malicious users can then gain access to all systems that share the same password.

In an attempt to solve solutions to the problems mentioned above, authentication can be delegated to a “higher authority”. Application admins can register their app to accept responses from a federated authentication server. When a new user attempts to sign up to the application, they can choose to register an account using their federated account. They will be redirected to the authentication server’s login page, and grant permission for the app to gain access to their email. This information is then used to automatically create an account in the app and sign them in. Therefore, the user simply has to ensure that their account in the federated system is secure.

Applications created with Code On Time can use OAuth 2.0 to register their users. Simply define a resource under the Content Management System (CMS) that lists your client ID, client secret, and redirect URI. A local redirect URI can be defined for testing purposes.

Registering Your App

The first step to adding Google Login to your app is to register the app.

Navigate to https://console.developers.google.com. Press “Create a project”, specify a name for the project, and press “Create”.

Creating a new project under the Google Developer dashboard.

When the project creation is complete, press “Credentials” in the left navbar. Select “Create credentials”, and choose “OAuth client ID”.

Creating OAuth credentials to the project.

Choose “Web Application” type. Under “Authorized redirect URIs”, add the URL for your site, with a path of “/appservices/saas/google”. It is recommended to add a test URL for testing from your local machine as well.

Adding OAuth credentials to the project.

The next screen will display your client ID and client secret. Make sure to write these down.

Client ID and secret have been created.

Enabling Google Login in Your App

Navigate to your website, and switch to the Site Content page. Add an entry with the following properties:

Property Value
File Name google
Path sys/saas
Text

Client Id:
1234567890.apps.googleusercontent.com

Client Secret:
12345mysecret67890

Redirect Uri:  
https://demo.codeontime.com/appservices/saas/google

Local Redirect Uri:
http://localhost:16588/appservices/saas/google

Make sure to replace the values above with the relevant values for your site, and save the record.

Logging In With Google

Log out of the application, and press the Login button. A “LOGIN WITH GOOGLE” action will be displayed above the form.

The "LOGIN WITH GOOGLE" action is now visible in the login form.

Press “LOGIN WITH GOOGLE”, and you will be redirected to the Google login screen. Once logged in, grant permission for the app to access your profile.

Granting permission for the app to access the Google profile.

By pressing “Allow”, the application will redirect back to your app. The user will be signed into the account matching the email returned by Google servers. If that user was not found, it will be created with a random password and password answer.

You can find more about Code OnTime Generator, Data Aquarium Framework, and other great products here.


© 2010 Code OnTime LLC. Intelligent code generation software for ASP.NET. Visit us at http://codeontime.com