In previous tutorials we explained how you can enable the Silver Essence Framework in Custom Pages and User Controls. Simply by using the SilverSolutionBasePage in your Page, or the SilverSolutionBaseControl in your User Control. This will not just enable the Essence Framework for you, it also handles the User Login. But did you know you can also access the Essence Framework, without forcing the user to login? In this post we will show you how to do just that!
But why should you want to do that?
One of the main purposes of the Essence Framework is to enable Frontend Developers to create advanced web applications with extensive Security and complex data handling. This is all handled by the Essence Framework so a Frontend Developer can really focus on the design and the user experience.
But some of that data might also be publicly available. For example, a Product Catalog based on Items in an ERP back-office. Or a Calendar with Training Events. If you want to make that data available in a Public Webpage, you cannot use the SilverSolutionBasePage since this would force the visitor to login with an existing User Account. So instead, you can use the SilverApplicationBasePage. With just a few lines of extra code and a bit of configuration you are good to go.
How can you do that?
To give you an impression of the necessary steps, here's what the complete setup looks like:
Now let's break this down so you know what's going on.
What to register?
When using the SilverSolutionBasePage, some DLL's you need are already added by that BasePage. When you use the SilverApplicationBasePage, some extras need to be included manually. In this example you see the following:
What must be added are the Silver.Application, Silver.Configuration and the Silver.Core. As marked bold and italic.
Initializing the Solution
When you use the SilverSolutionBasePage, initializing the Solution will be done by the Login Page. But since we want to skip the login we need to do this from Code. You can use the InitPublic from the SilverApplicationBasePage to load the Solution.
As you can see, you need to provide the name of the Solution you want to use. Again, when the user has to login, we can determine the Solution that is associated with that user and do it automatically. But since we bypass that, you should specify the name here.
And that's basically all there is to it. You have now access to the Essence framework and all the Controllers from that Solution.
Is that all there is to it?
Well, actually that is really all. Just register some extras and use the InitPublic. But there was more in the example, so let's dive into that and see why it was in the example in the first place.
Check the User Session
First we have a check on the User Session:
securityProperties = null;
securityProperties = USER_SESSION.GetSecurityProperties();
Since we skipped the login, there shouldn't be a User Session, right? Well, but what if the user opens up another tab and goes into the Portal? Or what if the user was already logged in and decided to visit the Public Page?
In those cases, a User Session might very well exist. And then you might want to show some more information than you would show for an anonymous user. Or you might want to redirect the user to a different page.
Of course, often that doesn't have to be the case. But when you need to do that, just use the USER_SESSION_EXISTS and decide what you want to do if it does exist.
So what about the Configuration?
Sorry to say, but you cannot access just any Business Controller from your configuration when skipping the login. That would make it too easy. Now we want to make it as simple as possible, but we always have security on top of mind as well. So to prevent data to be available without a login, you must set the Business Controllers you want to use to Public.
This can be done from the Business Controller Attributes:
Best practice here is to create a copy of the Business Entity you want to use and rename it to something that is easily identified as public. Usually I remove the Business Entity Properties that are never going to be used on the Public Page. Again, just to make sure that no data is available for publishing that should not be published publicly.
Be sure that the new Business Entity has no Security PreChecks, Filters or Exceptions that are dependant of the User Session. If you forget to remove them, you will get a "No rights" message when you call for the data.
Now just promote the Business Entity to a Business Controller and you can use it in your page:
Using the Business Controller in your Page
Creating the Business Controller in your Page or User Controller can be done using the SilverPortalFunctions. When using the SilverSolutionBasePage you would do this:
From there on, it's business as usual. You can search, create, update and even delete data. Of course, all within the Security Context of the Business Controller. So most obviously you would set the Allow Retrieve in the Business Entity Security to Allow. If you want to do entry forms as well, make sure you use a Business Entity with the Allow Create set to Allow.