Wednesday, February 9, 2011

Secure RSS, Spreadsheet, and CSV Data Feeds

The follow-up release of Code On Time introduces significant security enhancements to user identity validation performed when RSS , CSV, and live Microsoft Excel data feeds are generated.

The feeds are retrieved by external applications such as browsers, RSS readers, and Excel via a URL generated by application. User identity is not embedded into the data feed URLs.

These are the examples of the data feeds:

Click on any of the links and you will be prompted to enter a name and password if your application is using ASP.NET Membership authentication. The application framework will detect access to data export resources and will request user name and password through Basic Authentication.

Enter the user name and password and the credentials will be authenticated against the ASP.NET Membership database. The URLs above will allow access to data if you enter admin / admin123% or user / user123% when prompted for username/password. These user accounts are registered on our demo server.

If you sign into the application at http://dev.codeontime.com/demo/websitefactory6 using one of the accounts listed above then try the following.

Live RSS Feed

Select the list of customers and choose Action | View RSS Feed option on the action bar.

image

The RSS feed will be presented.

image

Do not close the feed and return to the browser window with the application, click Logout link on the membership bar. You will be logged out and a fly-over login dialog will be displayed.

image

Return to the RSS feed and click Refresh button. You will be prompted to login via Basic Authentication.

image

Live Excel Spreadsheet

Select Export to Spreadsheet option from the action bar of the customer list.

image

The prompt to download an IQY file will be displayed. The file extension stands for “Internet Query” and is recognized by Microsoft Excel. Click Open button.

image

Microsoft Excel will start and will present an additional warning about security risks linked to the content that comes from Internet. We do know the source of data that we are downloading. The data itself is a simple XML data feed. Click Enable button.

image

Code On Time application will request the user identity. Enter one of the accounts that we have used above.

image

If the user name and password are matched to an ASP.NET Membership record then the data will be downloaded.

image

Use Excel to create dynamic and impactful business charts and refresh charts on-demand to see changes in the live data to reflect in your chart. You can email the spreadsheet to users in your organization. Users with valid application accounts will be able to refresh the data as well.

image

Conclusion

Business users can take full advantage of amazing data reporting and analytical capabilities available in Code On Time applications. Secure data feeds ensure safe shared environment.

Developers can create sophisticated virtual views that will utilize the user identity to filter the data accessible to the user.

No comments:

You can find more about Code OnTime Generator, Data Aquarium Framework, and other great products here.


© 2010 Code OnTime LLC. Intelligent code generation software for ASP.NET. Visit us at http://codeontime.com