DPS907 notes – Tue Nov 19

Topics that will help you with your programming assignment.

.

Security infrastructure reminder

DPS907 students working on the Graded Work project will be interested in this important note. In the professor’s security app, create an account with a user name that matches your exiting My.Seneca user name, and choose the “Student” role for this new account.

In your web service, a ‘student’ will be able to perform tasks only on their own Student object. Your code must prevent a request from a specific ‘student’ to access data for a different ‘student’. How?

The controller method will have an Authorize attribute, with Roles = “Student”.

Then, in the method’s code, compare/match the logged-in user name (User.Identity.Name) with the Student object’s user name property. If they do not match, then return HTTP 403.

Please note that the professor’s security app includes a composite ‘user name plus app name’ string, and configures it as the logged-in user name. Therefore, before you do the compare/match, remove the ‘app name’ portion of the string, which is “_SecurityTestApp”.

For all students, you will be interested in the following:

You must create several accounts to use an app. Make sure that you write down (remember) your credentials.

Assuming that your My.Seneca user name is “pmcintyr”, create these accounts if you are in DPS907:

  1. pmcintyr (choose the “Student” role)
  2. pmcintyr_fac (choose the “Faculty” role)
  3. pmcintyr_coord (choose the “Coordinator” role)

Assuming that your My.Seneca user name is “pmcintyr”, create these accounts if you are in WSA500:

  1. pmcintyr_editor (choose the “Editor” role)
  2. pmcintyr_reviewer (choose the “Reviewer” role)
  3. pmcintyr_publisher (choose the “Publisher” role)

.

Deploy your app to Windows Azure

The how-to instructions on the November 12 notes page have been updated.

The ‘academic pass’ codes will be distributed this week.

.

Professor’s example apps

Your professor has published example apps that are intended to fulfill all or most of the specifications:

For DPS907 – http://dps907fall2013.azurewebsites.net

For WSA500 – http://wsa500fall2013.azurewebsites.net

They were created for a couple of reasons: 1) to serve as example apps for your work, and 2) to serve as working targets for students in the other course that your professor teaches (Mobile App Development – iOS). They do not represent perfection, or an ideal to be attained. Continue to follow the specifications.

The functionality of the example apps on November 19 is limited (as you will see if you send a request using the HTTP OPTIONS method). However, in the coming days, more functionality will be added. Note that some tasks will require a valid Authorization header.

.

.

.

.

.

.

.

.

Advertisements
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: