(Base One logo) .NET database and distributed computing tools

More on Base One's Sample Web Site
 
Reporting and Security Features
 

Base One's sample web application illustrates how easy it can be to build and maintain a secure, database-driven web site. The sample uses high-efficiency connections to Microsoft, Oracle, IBM, Sybase, and MySQL databases, and you can switch between database systems with only a simple change to a single parameter.

BFC includes integral support of Seagate Crystal ReportsStarting from this example, you can create an industrial-strength web site supporting a large database and many users. The sample shows you how to add presentation quality output and data exporting capabilities.

BFC has built-in features for comprehensive application-level security Because the web sample is fully integrated with Base One's Rich Client architecture, you can immediately use it to manage your site's database, do user/security administration, and run large-scale back office data processing jobs.

The sample web sites (BAWDemo) includes the full ASP.NET, JavaScript and Crystal Reports source code. BAWDemo ships with the Base One Foundation Component Library (BFC).

Flexible web security and database administration

The sample web site provides examples of how Rich Client security controls can be used in a Thin Client application. With scripts for database setup, you can easily expand the sample database and data dictionary to fit the requirements of your own application. Then use the sample Rich Client application (Base One's Foundation Application) to create and load the sample database, and perform user and system administration. The supplied Security record types (database tables) include user administration records, database access control records, database session records, and screen records. Each user belongs to one User Group and one Security Group. Adding, changing and deleting users, User Groups, Security Groups, and Security Rules only requires operating on the user administration records in the database.

Database Access and Session Control

The Database Access Control record is used to give administrators special powers. Administrators can force users to log off, restrict logons, and broadcast warnings or other messages, for example, in preparation for system maintenance, data loading, or shutdown. Screen records help in creating security rules for restricting user access to particular user interface objects in the web site (menus, buttons, forms, links).

If there is no activity from a user for a specified amount of time, the client is automatically logged off to prevent unauthorized access or wasted resources. Every web page is classified as to whether logon authentication is required to access the page. Secured pages cannot be accessed without valid logon, even if the complete URL of the page is entered into the browser. (This prevents unauthorized access, for example, using the "History" feature of the browser.)

Database Session records are used for tracking who is logged on, with what application (web or Windows) and version. These records assist in preventing multiple logons to the database with the same User ID. Session validation for the web site ensures that only one user can log on at a time with a given User ID. A duplicate logon with the same User ID forces off the first user with notice, regardless of what server they come through. No performance compromises are required to distinguish crashed or interrupted sessions from real use of a single User ID by multiple individuals - it's simply prevented with an appropriate message. This makes it practical to charge customers for each User ID even if the number of users becomes very large.

Flexible web reporting

The bulk of the Base One sample web site code is devoted to building a secure, flexible, database reporting system. Users can create their own custom reports, save them, share them with others in their User Group, produce high-quality printouts, and export them to Excel or Word. The application allows users to set the selection criteria for a database query, which is used to produce a table of results.

Advanced reporting features demonstrated include:

  • Reporting on large volumes of data, broken into multiple web pages
  • Report linking, with "drill-down" navigation between reports
  • High quality printing
  • Saving report specifications for future use
  • Sharing saved reports with other users
  • Controlling report access based on user privileges

Efficient reporting on large volumes of data

If the amount of data presented in a tabular fashion is large (does not fit on a single page), Next and Previous links are provided automatically for navigating through the report. The maximum number of rows to be displayed per page is configurable. This report scrolling feature is particularly efficient. Data is presented at at high speed, without using any temporary file or cache, and without maintaining any locks or cursors on the database back-end.

Report linking / drill-down reports

Reports can be linked. The sample web site demonstrates how each detail line (row) can be hyperlinked, so that clicking a row takes the user to another related report, run with the appropriate selection criteria. There can be series of such steps, i.e. user can "drill-down" from one report to next logical report, and the lists of selected items are preserved where they apply to the new report.

Behind the scenes, report specifications are automatically generated and run when drill-down takes place. In the sample application, for example, clicking on a user in the User Report takes you to the report listing the Security Rules (privileges) for that particular user. Thus, when a "Data Entry Operator" in the user report is clicked, Security Rules for that Data Entry Operator are listed.

High quality printing

When a report is presented as an HTML page, using the “Print” menu of the browser invariably gives poor quality results:

  • a fragmented look caused by wrapping lines and improperly split images
  • extra junk that comes from printing the entire screen, such as URLs, hyperlinks and all other objects on the page
  • formatted report headers, page headers, and footers are not available
  • if the report spans more than one page, another Print command has to be issued for each page
In the sample web application, reports incorporate a special link for "High Quality Print". This demonstrates the great improvement in report quality that can come from using Crystal Reports through its ActiveX control. Each HTML report page includes the "High Quality Print" link, enabling the production of presentation quality printed reports tailored to the user's local printer. In addition, users are given the option of exporting the report into other useful formats such as Word, Excel, etc.

Flexible Report Specifications

Report Specifications allow users to generate dynamic reports. Users can provide or alter the values of the parameters for the database query to obtain the desired report. The Report Specification can include a range of dates and multiple optional lists of selected items, as appropriate for that Report Type. For example, users can easily create reports based on their choices of items (such as Companies, Products, Security Groups, Accounts, Radio Stations - whatever the application requires).

Saving Report Specifications

When a user generates a report by setting all of the required query parameters, that report specification can be saved for reuse. This means the user can run the report again by just a single click, without having to provide values for the parameters.

When a user initially works on a report specification, it is only temporary. The user can run the report, but upon exit these temporary report specifications are discarded. Temporary new reports are named "New Report 1", "New Report 2", etc., stored in temporary records. 

This design shows how the browser <Back> and <Forward> actions can be supported, so that full browser navigation between report specifications is provided, even in cached pages.

Users can name any temporary report, which then automatically turns it into a saved report. When a report specification is saved, the user provides a report name and optional explanatory remarks. Note that only the report specification is saved, not the data. The data is always obtained afresh from the database every time the report is run.

Listing saved Report Specifications

Users can always examine the list of their saved report specifications. Clicking on a report in the list, runs that saved report against the latest data. The report specification can also be altered and re-saved, and unwanted reports can be deleted.

Sharing Report Specifications

Once a user saves a report specification, it can be shared with other users. Users can be broken down into multiple User Groups, with users in the same User Group able to view each other's reports, but restricted from modifying or deleting someone else's reports. However, they can copy other users' reports, and then change them. Copying a report automatically picks up the list of selected items from the other user's reports, and provides a starting point from which to make further modifications. (A user could run the reports of others in the same group without copying the report.)

It is also possible to copy one type of report to a different type of report. This operation copies as much of the list of selected items as applies to the new report. The new report specification can be automatically pre-filled with the original selection criteria, so the user can both run this new report and also change the list of selected items.

The supplied Report record types (database tables) provide a structure that is easily extended with new report types and additional user-specifiable selection criteria. This allows interesting "canned" (i.e. commonly used) reports to be added to the web site.

More about building and administering secure, database-driven web sites with BIS

Database Technology | Thin Client | Sample Intro | Sample Details | BFC


Home Products Consulting Case Studies Order Contents Contact About Us

Copyright © 2012, Base One International Corporation