I'm very new to CRM and was looking into the CRM plugin event pipelines and wanted to create a few plugins for practice purposes. I created a plugin for pre-validation which will just set the account name (a mandatory field) to null. I assumed that this will just throw a validation error. But that's not happening, the entity is getting saved with an empty name. Could anyone explain why this is happening?
That's because name of account is not "Platform required" field. "Required" or fields with red asterisk are required only when you create/edit information from CRM UI.
Related
Using Symfony 5, Is there any way to avoid user edit (using browser inspector) on hidden input field?
My use case is:
My website can display to a user A a list of recommended user.
For each recommend user displayed, the user A can click on a recommended user to send him a message.
To do that, I am generating a specific form for each recommended users and the form contains an hidden input field with the recommended user ID as value, and a submit button to send the message.
I would like to ensure that the user A do not change the input hidden field in order to contact a user which is not recommended.
To do that, I am checking on server side, when the form is sent, that the user id in the form sent is an ID of a recommend user. It is working but I would like to avoid this double check on my side.
Nevertheless, as I am already using CSRF default protection, do you know if Symfony could do that natively? I mean to ensure that this hidden input field has not been changed by the user? By configuring a parameter for this HiddenType field?
Because as I am already using CSRF protection, symfony guarantee the security (against CSRF attacks) when I use $myForm->isValid().
I guess Symfony is storing the CSRF token somewhere...
So we could imagine Symfony could store solewhere HiddenType fields that we could flagged as "not-changable".
And the $myForm->isValid() could check CSRF token validity as usual + hiddenType field flagged as "not-changable".
What do you think about it?
This feature already exists?
Is it a good idea? New potential feature?
checking on backend is a must, it will be bad idea to relay on security or a control on client side
as far as I know, there is no option to set displayName with email and password when signing up a user using firebase auth.
for example, if I have a signup form like this
I can handle the profile update just after the createUserWithEmailAndPassword has succeeded.
or I can create an onboarding section where I could just ask the user separately for their name, and remove the name from this form. which is what I'm currently doing.
but when asking for the name in the form itself what if the signup has succeeded but the display name update has failed. what am I supposed to do in that situation
You'll have to define the course of action on your own, depending on the requirements of your app. There is not a single correct way to handle this.
You could send the user to another form that asks them for their profile information again, or you could simply ignore the error and let them update profile information later. It's entirely up to you.
I was wondering if it is possible to make it so the editors within sitecore can set it so you require a username/login to only one specific page.
www.yourwebsite.com - No password required
www.yourwebsite.com/internalstuff - password required and set within CMS by the editors.
This is explained extensively in the Security Administrator's Cookbook that is supplied by Sitecore.
This is what you need to do, in a few short steps:
Create a user group with the User Manager (on the Extranet domain, that's how it's called by default, could be different in your installation)
Add users to the group
Go to the Security Editor, select the item(s) you want to protect, and disallow Read rights for the Anonymous user (this makes it impossible for not-loggedin users to view it)
Enable Read rights on your item(s) for your new user group
Make sure to read the cookbook so you know how to use security inheritance properly. That will save you a lot of time in the future.
Actually it's possible with no coding if you have Web forms for Marketers installed. It's not an enterprise ready login with e-mail activation etc. but it works. First, you should of course set up access rights and roles as mentioned in this answer by Ruud plus you need WFFM ready with forms styled and a placeholder configured to accept forms.
Go to WFFM and create a registration form (username as single-line text field, password as password-confirmation field)
as save action add "Create User" (configure correct domain/role there) (you could also add a "User Login with Password action and log the user in directly after registration)
add the registration form to a public page
create a login form (username as single-line text field, password as password field); again map the data to the username, password and domain set up for your extranet)
add the login form to a public page
enjoy :)
Note: this requires you to have write access to the asp.net user tables (by default set up in the core database). Make sure your security requirements are compliant with that. And as already mentioned this will not give you a basic e-mail validation up on registration.
Could anyone please provide me with guidance on whether it's possible to use aspNetActiveDirectoryProvider for Authentication and aspsqlProfile Provider to store user specific details?
I'm not quiet getting my head around on how do I get userID that's required for aspnet_profile table if I were to switch to Active Direcory.
Also, is it possible to change password from aspnet admin page if active directory is used?
Regards,
Changing password is possible with AD provider: see ActiveDirectoryMembershipProvider.ChangePassword method.
ASP.NET profile generally associates profile with user name. Typically, user name value will be same as the user identity value used by authentication system. So in active directory case, it would be user's domain qualified login-name (in form of <domain>/<login>) - see this link for more info: http://msdn.microsoft.com/en-us/library/ewfkf772.aspx
You may also create a custom profile provider if you need more control at database schema side - sample is already available from microsoft and you can use that as base, check these links:
http://msdn.microsoft.com/en-us/magazine/cc163457.aspx
http://www.asp.net/downloads/sandbox/table-profile-provider-samples
I've seen examples of producing a custom registration control which persists its information with some extra fields (or a table depending on the problem) in the corresponding Sql Server.
It's also said that there is a way to do the same thing with the Profile API (persist custom info in a registration control). Is there a walkthrough for this?
Thanks
Check out this link from MSDN Storing User Information with ASP.NET 2.0 Profiles
You'll also need to know how to Create the Application Services Database for SQL Server