Posts Tagged ‘Technology’
Monday, December 5th, 2011
I am pleased to announce a beta release of my cross-portal symbolic link folder provider. It may be downloaded via CodePlex on its project homepage. As is all of my DotNetNuke work, this project is fully open-source and available under a liberal BSD license.
The DotNetNuke content management system is designed with multi-tenancy in mind, and allows an arbitrary number of websites (“portals”) to be created therein. These portals may be configured at the root of a given domain (e.g., “http://dotnetnuke.com”) or as a child portal below the root of a portal hierarchy (e.g., “http://dotnetnuke.com/mychildportal”). Historically these child portals have had no structural link to their parent counterpart, other than sharing a similar base URI.
This provider is designed to expose the file system in a parent portal to all child portals via specially-formed symbolic links. This allows administrators of child portals to access and utilize these files in a natural manner via existing dialogs and other DotNetNuke services. It creates an implicit linking between these two portal entities, and in configurations where there is significant overlap in data usage between parent in child portal (for example, when a child portal represents a single department within a larger corporate environment) allows for greatly simplified administration. (more…)
Tags:ASP.NET, Data, DotNetNuke, DotNetNuke (DNN) Content Management System, DotNetNuke Integration, Provider, Technology
Posted in DotNetNuke (DNN) Content Management System, Technology | Comments Closed
Monday, May 17th, 2010
The W3C Indexed Database API working draft defines an method by which a developer may operate on a set of indexable object stores persisted in a client’s web browser environment. Values in an object store or index may be associated with a developer-specified primary/secondary key, or alternatively keys may be automatically generated based upon the value inserted. Left-, right-, full-, and un-bounded cursors are supported in both the forward and reverse direction. Each connection supports up to one active transaction across any set of open object stores (as is elucidated by the working draft).
The working draft exists as a incremental improvement over previous specifications (e.g. web storage) in that robust indexes and duplicate keys are supported. Indeed, an object store may have an arbitrary number of such indexes, each manually or automatically populated according to a developer’s needs. This API allows for advanced data scenarios on the client that were until now quite difficult (or not possible).
Unfortunately, there currently exists no reference implementation for this working draft. This project serves to fill this need, and exists as a browser plug-in that implements the API defined by the working draft. (more…)
Tags:Data, Database, IndexedDB, Indexing, Technology, W3C
Posted in Technology, W3C IndexedDB | 3 Comments »
Monday, August 31st, 2009
Over the last few months, I have been doing some initial architectural research regarding the integration of DotNetNuke with arbitrary external e-commerce systems. Note that this research is highly embryonic, largely experimental, and highly likely to not reach any sort of production-ready fruition. Its purpose is to inspire discussion, not demonstrate code. Caveat lector!
As one of my goals is reasonable provider-independence (via adaptation), this is not about realizing any particular vendor (despite the fact that I address one specific such vendor herein). That said, I have been asked by several parties to share a bit more about where this stands; it is with this in mind that I present an initial update.
(more…)
Tags:5.1, Cloud Computing, DotNetNuke, DotNetNuke (DNN) Content Management System, DotNetNuke 5.1, DotNetNuke Integration, E-Commerce, ECommerce, Magento, Technology
Posted in Technology | 2 Comments »
Friday, August 28th, 2009
I am pleased to make available a whitepaper detailing the high-level motivation and approach involved in the creation of the recently-released DotNetNuke Multi-Factor Authentication Provider, along with a discussion of the unique characteristics of a DotNetNuke installation that render the approaches of other vendors (e.g. RSA SecurID) incomplete or unsatisfactory. Additionally, each out-of-the-box factor is described in general detail in a format that is digestible by an audience of varying technical sophistication.
This paper is intended for all audiences who might have an interest in overall DotNetNuke installation security, and is designed to assist management in identifying an appropriate level of authentication-related risk.
Tags:Authentication, DotNetNuke, DotNetNuke (DNN) Content Management System, DotNetNuke Integration, Multi-Factor, Multifactor, Provider, Security, Technology
Posted in DotNetNuke (DNN) Content Management System, Security, Technology | 4 Comments »
Wednesday, June 17th, 2009
Slightly more than a year ago, I detailed the steps necessary to integrate Commerce Server 2007 — and specifically the UpmMembershipProvider membership subsystem — into the DotNetNuke web application framework. This entry is located here: Using Commerce Server’s UpmMembershipProvider with DotNetNuke.
However, subsequent to my original posting detailing this approach, I experienced some IPR issues that required my removing the download links to the actual assembly and source code. While the information in the entry itself was largely sufficient to recreate this adapter, it required a reasonably significant amount of expertise to do so. As a result, I suspect that many were unable to utilize the material therein.
I am pleased to announce that I have reached resolution on the relevant IPR issues that precluded my releasing the associated code, and have re-enabled the download links in the original post. For convenience, I am also including them below.
(more…)
Tags:ASP.NET, Authentication, Commerce Server, Commerce Server 2007, DotNetNuke, DotNetNuke (DNN) Content Management System, Technology, UpmMembershipProvider
Posted in DotNetNuke (DNN) Content Management System, Microsoft Commerce Server, Technology | Comments Closed
Monday, June 8th, 2009
As many are aware, I will be presenting a session at the upcoming Day of DotNetNuke conference in Orlando, Florida. The session is entitled “The Cutting Edge: Advanced Authorization in DotNetNuke 5.1.” The abstract for this session reads:
Among the many improvements present in DotNetNuke version 5.1, this latest release includes authorization as a first-class extension point. This allows customization previously impossible without core modification. Additionally, the permission model (and the internal use thereof) has been significantly streamlined and centralized, allowing for great flexibility across myriad use scenarios.
In this session, we explore the new permission provider in detail. This includes a discussion of how (and why) authorization services were centralized and abstracted, the overall design and structure of the provider, and available points of access control. Finally, we examine some concrete ways in which the provider might be extended to meet real-world policy requirements.
When presenting architectural or theoretical material, I always strive to include a demonstration of how the material might be applied to a real-world scenario. In this case, I will be demonstrating how a custom authorization provider can be used to enable full DotNetNuke integration with cloud-based Amazon S3 webservices. A screenshot of the file manager in an Amazon S3-enabled installation is displayed below.
This session should appeal to a wide audience; I cover enough theoretical background for individuals new to security theory, and delve deep enough into the 5.1 authorization architecture to satisfy those that have high familiarity with the platform. If you are interested in learning more about the internals of the framework — and how 5.1 authorization might be utilized — be sure to stop by!
Epilogue: The presentation materials are now available here, and the Amazon S3 Integration providers may be found here.
Tags:5.1, Authorization, DotNetNuke, DotNetNuke (DNN) Content Management System, DotNetNuke 5.1, Security, Technology
Posted in DotNetNuke (DNN) Content Management System, Security | 6 Comments »
Friday, May 1st, 2009
DotNetNuke Multifactor Authentication Requiring Password, One-Time SMS PIN, and X.509 Certificate
I am pleased to announce an initial release of a multi-factor provider for the DotNetNuke content management system.
This authentication provider allows a host to configure enhanced authentication (including SMS, SMTP, YubiKey, and X.509 certificates) for any number and combination of portal roles. Each factor must be fulfilled prior to authentication being granted, increasing overall security.
This package may be downloaded from it’s project site, located at http://dnnmultifactor.codeplex.com.
Goals
- A robust, extensible multi-factor authentication framework for the DotNetNuke content management system.
- Complete integration into the framework using existing extension points, with no core modifications or recompilation required.
- Support for host-, administrator-, and user-level configuration, with the ability to vary required factors across an arbitrary set of roles.
- A robust set of included factor providers, including SMS, secure SMTP, YubiKey (www.yubico.com), and X.509 certificate.
- Extension points in the authentication system allowing for development of custom factors by third parties.
- Reliance on the existing ASP.NET membership subsystem for existing (first-factor) authentication.
- Minimization of “custom security” risk by relying, insofar as is possible, upon existing security infrastructure (ASP.NET membership, DotNetNuke portal security, password generation, et cetera.
- As small an overall surface area as is possible, and an absolute reliance upon the existing ASP.NET membership system as a first-factor fallback, should any unforeseen vulnerability exist.
Tags:Authentication, DotNetNuke, DotNetNuke (DNN) Content Management System, Security, Technology
Posted in DotNetNuke (DNN) Content Management System, Technology | 16 Comments »
Wednesday, March 11th, 2009
I have, for some time, been maintaining debug-build versions of the standard DotNetNuke releases. The debugging symbols contained in these assemblies make some types of problems easier to diagnose (see this for a detailed discussion).
To date, a number of people have successfully used these builds in correcting a number of reasonably arcane problems. As such (and after some delay), I have elected to deploy debug-build version of the core DNN assemblies for the recently-released 4.9.2 and 5.0.1 version.
Please see this entry for downloads and usage patterns for these versions.
Tags:Debugging, DotNetNuke, Technology
Posted in DotNetNuke (DNN) Content Management System, Technology | Comments Closed
Wednesday, February 18th, 2009
In a recent article, I developed a theoretical basis for an adapter that allows for the adaptation of Entity Framework (EF) entities into IDataReader-implementing form, and announced the preview availability of this software.
Herein I describe with more specificity the use of the adapter generator and the resultant adapters, and announce the release of the first production-ready version of the adapter generator software.
(more…)
Tags:Entity Framework, Entity Framework (EF), Linq, Linq to Entities, Technology
Posted in Entity Framework (EF), Technology | Comments Closed
Sunday, December 14th, 2008
Microsoft’s Entity Framework (EF) introduces a new data design paradigm within .NET. This framework, however, can be difficult to implement in projects that internally rely heavily on the exchange of IDataReader-implementing objects between layers (or within interface contracts). This is a shortcoming that is not easily overcome, especially without a standardized method with which to convert EF entities into an object implementing this interface. In many ways, migration of these projects to the Entity Framework is an all-or-nothing proposition. This is a shortcoming that begs for remediation.
(more…)
Tags:Entity Framework, Linq, Linq to Entities, Technology
Posted in Entity Framework (EF), Technology | 4 Comments »
