Subject: | Use ASPNET framework for user management |
Summary: | Use ASPNET framework for user management. The following changes are required: - Backoffice user maintenance will use aspnet security
- Backoffice login
- POS login
- Reporter Login
- POS authorization
- Changes to replication
|
Audit Notes: | Edited by alvis on 05/10/18 11:35. |
15 Jan 2018 | 11:06AM Comment 1 by Alvis (Link Technologies) Case 9062 added to project 8.3 |
23 Jan 2018 | 08:07AM Comment 2 by Alvis (Link Technologies) Case 9062 removed from project 8.3 |
23 Jan 2018 | 08:07AM Comment 3 by Alvis (Link Technologies) Case 9062 added to project 900 |
28 Jun 2018 | 11:57AM Comment 4 by Alvis (Link Technologies) Case 9062 removed from project 999 |
28 Jun 2018 | 11:57AM Comment 5 by Alvis (Link Technologies) Case 9062 added to project 998 |
20 Jul 2018 | 12:06PM Comment 6 by Alvis (Link Technologies) Assigned To: Sanjay (Link Technologies) Followup Date: 20-07-2018 12:06 PM Time Taken: 8.00 Notes: Edited by alvis on 20/07/18 13:04. |
| The following design has been agreed: - In order to secure existing BackOffice users, we need to have a single sign-on for all BackOffice functionality. Backoffice modules are PAY, HRM, INV, PUR, POS, FMS, ESS. This means we combine ESS, POS and FMS web applications into 1 web application named: Link Backoffice (LBO)
- Existing roles will be prefixed with existing application code.
- Users imported from ESS, POS, and FMS will be mapped to respective roles.
- Users security will be merged. If you have access to "user maintenance" in ESS and not in POS, then you will have access in LBO.
- When a user is created in BackOffice, we have a two-stage save process:
- Pass ASPNET user details to dot net component
- Save Non-ASPNET details into SY_USER which will be renamed to LT_SAA_User
- Password recovery and encryption will be handled by ASPNET.
- Add reset password option in BackOffice
- Create a user in BackOffice by passing username, password, and email address. For existing user, you have the option to reset the password (password will be emailed to the user)
- Change password. This will require the old password.
- BackOffice role menu access structure will remain unchanged.
|
|
23 Jul 2018 | 05:35PM Comment 7 by Sanjay (Link Technologies) Assigned To: Sanjay (Link Technologies) Followup Date: 23-07-2018 05:35 PM |
| The ASPNET framework allows us to maintain user security requirements based on Microsoft best practices without having to worry about the design considerations. As a result, we are considering making the following changes: - Merging ESS, POS, FMS, RM, HEL into one application framework so users have a single sign-on
- Converting Backoffice user management into ASPNet framework using 1. above
- Simplifying licensing by merging common applications
- Checking "Named users" instead of "Concurrent users"
- Changing license check at "form level" instead of "user maintenance"
Version 9.5 is expected to have significant changes with the core aim being Simplification, Standardising and Ease of use. |
|
09 Aug 2018 | 10:40AM Comment 8 by Sanjay (Link Technologies) Assigned To: Sanjay (Link Technologies) Followup Date: 09-08-2018 10:40 AM Time Taken: 32.00 |
| Development work for this case has been completed. The change will be available in version: 95 1. The following changes were made(Include Database object names, Program classes and any other relevant information):| - Added backoffice login validation to use ASPNET user accounts
- Removed "Password change" and "Force Password change" options from Backoffice
- Changed Backoffice forms to accommodate user maintenance
- User Menu structure has not changed in backoffice, so users need to be added from the ASPNET user pool in Backoffice
- User maintenance is all handled in the WEB framework
2. The issue was caused by: - Security concerns
3. Next Step - UAT
|
|
13 Aug 2018 | 02:16PM Comment 9 by Sanjay (Link Technologies) Assigned To: Rashna (Edge Business Solutions) Followup Date: 13-08-2018 02:16 PM |
| Proceed with UAT |
|
16 Aug 2018 | 03:01PM Comment 10 by Rashna (Edge Business Solutions) Assigned To: Sanjay (Link Technologies) Followup Date: 16-08-2018 03:01 PM Time Taken: 2.00 |
| Test Update - Added backoffice login validation to use ASPNET user accounts - Logged case 9517 and 9158
- Removed "Password change" and "Force Password change" options from Backoffice - Pass
- Changed Backoffice forms to accommodate user maintenance
- User Menu structure has not changed in backoffice, so users need to be added from the ASPNET user pool in Backoffice
- User maintenance is all handled in the WEB framework
Thanks Rashna |
|
17 Aug 2018 | 09:50AM Comment 11 by Rashna (Edge Business Solutions) Assigned To: Rashna (Edge Business Solutions) Followup Date: 20-08-2018 12:00 AM Time Taken: 2.00 |
| QA Results Tests carried out according to requirements specified on the case header Test Results Summary Table 1 - Summarised list of issues No | Test Description | Pass/Fail | 1 | Added backoffice login validation to use ASPNET user accounts | Logged case 9517 and 9158 | 2 | Removed "Password change" and "Force Password change" options from Backoffice | Pass | 3 | Changed Backoffice forms to accommodate user maintenance | Pass | 4 | User Menu structure has not changed in backoffice, so users need to be added from the ASPNET user pool in Backoffice
| Pass. We can successfully map web users in 222. Case will be further tested in 9517.
| 5 | User maintenance is all handled in the WEB framework | Pass |
Environment Details - OS version: Windows Server 2012
- Application version: 9.5 Alpha 1
- Database (Demo/New/Client): Demo - LINKSOFT-UAT95-LINKFJ
Steps to reproduce failed scenarios: N/A Next Step: Case assigned to documentation que.
|
|
20 Aug 2018 | 07:42AM Comment 12 by Rashna (Edge Business Solutions) Assigned To: Sanjay (Link Technologies) Followup Date: 20-08-2018 07:42 AM Time Taken: 1.00 |
| Hi Sanjay, Documentation on the case has been completed. Document update under - Systems Manager -- Master Security -- User Login.
Thanks Rashna |
|
20 Aug 2018 | 11:54AM Comment 13 by Sanjay (Link Technologies) Assigned To: Sanjay (Link Technologies) Followup Date: 20-08-2018 11:54 AM |
| Thanks Rashna |
|
09 Oct 2019 | 08:14AM Comment 14 by Sanjay (Link Technologies) Quality control status: Pass. QC Not required - This case was created before quality check was implemented in version 11 on 30/06/2019 |