Company: Link Technologies
Case No: L09062. Project: 10.10: LinkSOFT Version 10.1
Logged By: Alvis (Link Technologies) on 15 Jan 2018 11:06AM
Priority: Medium
Product: Framework
Group: Enhancement
Time Taken: 45.00 (Weight: 45.00)
Version: 10.155.0117
Assigned To: Sanjay (Link Technologies)
Circulation: Alvis, Development, Rashna, Sanjay, Sanjeet
Resolve By: Monday, 15 January 2018 12:00 AM [2287 days since logged date]
Status: Closed
Subject: Use ASPNET framework for user management
Summary:    

Use ASPNET framework for user management.

The following changes are required:

  1. Backoffice user maintenance will use aspnet security
  2. Backoffice login
  3. POS login
  4. Reporter Login
  5. POS authorization
  6. Changes to replication
Audit Notes:Edited by alvis on 05/10/18 11:35. 
15 Jan 201811:06AM Comment 1 by Alvis (Link Technologies) Case 9062 added to project 8.3
23 Jan 201808:07AM Comment 2 by Alvis (Link Technologies) Case 9062 removed from project 8.3
23 Jan 201808:07AM Comment 3 by Alvis (Link Technologies) Case 9062 added to project 900
28 Jun 201811:57AM Comment 4 by Alvis (Link Technologies) Case 9062 removed from project 999
28 Jun 201811:57AM Comment 5 by Alvis (Link Technologies) Case 9062 added to project 998
20 Jul 201812:06PM Comment 6 by Alvis (Link Technologies) Assigned To: Sanjay (Link Technologies) Followup Date: 20-07-2018 12:06 PM Time Taken: 8.00 Notes: Edited by alvis on 20/07/18 13:04. 

The following design has been agreed:

  1. In order to secure existing BackOffice users, we need to have a single sign-on for all BackOffice functionality. Backoffice modules are PAY, HRM, INV, PUR, POS, FMS, ESS. This means we combine ESS, POS and FMS web applications into 1 web application named: Link Backoffice (LBO) 
    1. Existing roles will be prefixed with existing application code.
    2. Users imported from ESS, POS, and FMS will be mapped to respective roles.
    3. Users security will be merged. If you have access to "user maintenance" in ESS and not in POS, then you will have access in LBO.
  2. When a user is created in BackOffice, we have a two-stage save process:
    1. Pass ASPNET user details to dot net component
    2. Save Non-ASPNET  details into SY_USER which will be renamed to LT_SAA_User
  3. Password recovery and encryption will be handled by ASPNET. 
  4. Add reset password option in BackOffice  
  5. Create a user in BackOffice by passing username, password, and email address. For existing user, you have the option to reset the password (password will be emailed to the user)
  6. Change password. This will require the old password.
  7. BackOffice role menu access structure will remain unchanged.

23 Jul 201805:35PM Comment 7 by Sanjay (Link Technologies) Assigned To: Sanjay (Link Technologies) Followup Date: 23-07-2018 05:35 PM

The ASPNET framework allows us to maintain user security requirements based on Microsoft best practices without having to worry about the design considerations. As a result, we are considering making the following changes:

  1. Merging ESS, POS, FMS, RM, HEL into one application framework so users have a single sign-on
  2. Converting Backoffice user management into ASPNet framework using 1. above
  3. Simplifying licensing by merging common applications
  4. Checking "Named users" instead of "Concurrent users"
  5. Changing license check at "form level" instead of "user maintenance"

Version 9.5 is expected to have significant changes with the core aim being Simplification, Standardising and Ease of use.


09 Aug 201810:40AM Comment 8 by Sanjay (Link Technologies) Assigned To: Sanjay (Link Technologies) Followup Date: 09-08-2018 10:40 AM Time Taken: 32.00
Development work for this case has been completed.
The change will be available in version: 95

1. The following changes were made(Include Database object names, Program classes and any other relevant information):|

  1. Added backoffice login validation to use ASPNET user accounts
  2. Removed "Password change" and "Force Password change" options from Backoffice
  3. Changed Backoffice forms to accommodate user maintenance
  4. User Menu structure has not changed in backoffice, so users need to be added from the ASPNET user pool in Backoffice
  5. User maintenance is all handled in the WEB framework

2. The issue was caused by:

  1. Security concerns

    3. Next Step

    1. UAT

    13 Aug 201802:16PM Comment 9 by Sanjay (Link Technologies) Assigned To: Rashna (Edge Business Solutions) Followup Date: 13-08-2018 02:16 PM
    Proceed with UAT

    16 Aug 201803:01PM Comment 10 by Rashna (Edge Business Solutions) Assigned To: Sanjay (Link Technologies) Followup Date: 16-08-2018 03:01 PM Time Taken: 2.00

    Test Update

    1. Added backoffice login validation to use ASPNET user accounts - Logged case 9517 and 9158 
    2. Removed "Password change" and "Force Password change" options from Backoffice - Pass
    3. Changed Backoffice forms to accommodate user maintenance
    4. User Menu structure has not changed in backoffice, so users need to be added from the ASPNET user pool in Backoffice
    5. User maintenance is all handled in the WEB framework

    Thanks
    Rashna


    17 Aug 201809:50AM Comment 11 by Rashna (Edge Business Solutions) Assigned To: Rashna (Edge Business Solutions) Followup Date: 20-08-2018 12:00 AM Time Taken: 2.00
    QA Results
    Tests carried out according to requirements specified on the case header

    Test Results Summary

    Table 1 - Summarised list of issues
    NoTest Description Pass/Fail 
    1
     Added backoffice login validation to use ASPNET user accounts 
    		 Logged case 9517 and 9158  
    2
     Removed "Password change" and "Force Password change" options from Backoffice 
    Pass 
    3
     Changed Backoffice forms to accommodate user maintenance 
    Pass
    4
    		 User Menu structure has not changed in backoffice, so users need to be added from the ASPNET user pool in Backoffice 
    		 Pass. We can successfully map web users in 222. Case will be further tested in 9517.
    5
     User maintenance is all handled in the WEB framework 
    		Pass

    Environment Details

    1. OS version: Windows Server 2012
    2. Application version: 9.5 Alpha 1
    3. Database (Demo/New/Client): Demo - LINKSOFT-UAT95-LINKFJ

    Steps to reproduce failed scenarios: N/A

    Next Step: Case assigned to documentation que.


      20 Aug 201807:42AM Comment 12 by Rashna (Edge Business Solutions) Assigned To: Sanjay (Link Technologies) Followup Date: 20-08-2018 07:42 AM Time Taken: 1.00

      Hi Sanjay, 

      Documentation on the case has been completed.

      Document update under

      • Systems Manager -- Master Security -- User Login.

      Thanks
      Rashna


      20 Aug 201811:54AM Comment 13 by Sanjay (Link Technologies) Assigned To: Sanjay (Link Technologies) Followup Date: 20-08-2018 11:54 AM
      Thanks Rashna

      09 Oct 201908:14AM Comment 14 by Sanjay (Link Technologies) Quality control status: Pass. QC Not required - This case was created before quality check was implemented in version 11 on 30/06/2019
      If you have any queries regarding this support incident, please email admin@linktechnologies.com.au and include the Case No: L09062 in the subject line of all emails regarding this issue.

      Document size: 10.6 KB
      For call complaints, please contact the Managing Director of the company using this form