Hello,
I have a legacy database with data and also tables for users and roles.
Unfortunately Roles table is joined with application data because users can see only rows regarding their role.
How can I manage this situation with Radzen?
Can I create authentication pages specifying existing tables?
I will for sure do a custom query for radzen data grid but this is another topic.
Thanks,
Mario
I have a legacy database with data and also tables for users and roles.
Unfortunately Roles table is joined with application data because users can see only rows regarding their role. How can I manage this situation with Radzen?
Mario,
It looks like what you're asking for is not yet supported...
But, it was suggested in the following post:
“Out Of The Box” Security
All The Best,
SP
Using existing tables for users and roles should be doable because ASP.NET Core Identity (which is what Radzen applications rely on) supports that.
We will prepare a sample application and update this forum thread.
Thank you it is very important for me and for other people.
Your documentation says that you can "autocreate" login form and correlated tables but it does not say what will be modified on db.
It may help you to know that I had another rad tool that worked that way: when you start the login page creation wizard on first step it asked you if you have existing user table and choose the column for username and password and so on.
Thanks,
Mario
Radzen's security relies on ASP.NET Core Identity. The latter comes with default tables for users and roles (AspNetUsers, AspNetRoles etc.)
The demo that we are preparing will implement custom user and role persistence via code. You could modify the code so it works for your case with your existing tables.
It may help you to know that I had another rad tool that worked that way: when you start the login page creation wizard on first step it asked you if you have existing user table and choose the column for username and password and so on.
Not sure wow would this work if the passwords are hashed and or encrypted (as they should be for security reasons). How would that tool know what hashing and or encryption algorithm was used?
If you look at ASP.NET Maker, it creates a "Hashed password".
Assuming you use a "different" password encryption algorithm, you could simply force them to do a "forgot password" to create a new one...
It is not optimal... But, it is a "one time deal" for users.
@mgiammarco the custom security example is now ready. It shows how to use existing tables for security in a Radzen application. To adapt it to your case you will have to edit the CustomSecurity.cs file so the methods use your own tables. They should be available if Radzen has inferred them from the database data source.
@SteelPhantom I see what you mean. This is a good way of handling custom security for sure. We will have it in mind should we decide to implement out of the box support for such cases.
3 Likes
It was a nice surprise to see this thread and the example.
After reading @SteelPhantom's post and yours, I'm wondering why this wouldn't be implemented "right out of the box."
It could be a simple panel with a bunch of options. Those who don't want or need it simply ignore it.
I, personally, dislike adding "outside infrastructure code" to my application that should be generated by the tool, maintained and updated by the tool vendor.
Having to maintain that.... or keep it manually synchronized with code on GitHub is another "wheel" I don't want to reinvent. It will be another "time wasting" task that could easily be handled by the tool simply generating the code.
I also think this will be support nightmare for your team. You'll have to be sure defects are actually defects and not issues with the client having an old version of the code or bugs they introduced.
If the code is generated, you'll know the code is the latest version.
I think this is a glaring weakness in Radzen when one is evaluating tools like Radzen, PHP Maker, ASP.NET Maker and AppGini.
It doesn't surprise me this has not been brought up before. Most evaluators will simply see functionality is missing and move on to the next competitor. They won't even invest a couple minutes to post... I posted because I fell in love with Radzen.
1 Like
After reading @SteelPhantom's post and yours, I'm wondering why this wouldn't be implemented "right out of the box."
Well I didn't say it wouldn't be implemented. We are working on other tasks at the moment.
I, personally, dislike adding "outside infrastructure code" to my application that should be generated by the tool, maintained and updated by the tool vendor.
This is 100% correct. We created the demo to show that it is still possible via custom code. I agree that having this as an out of the box feature is better. Frankly a lot of Radzen features happened after we created similar examples that required custom code.
I think this is a glaring weakness in Radzen when one is evaluating tools like Radzen, PHP Maker, ASP.NET Maker and AppGini.
I am glad you have put Radzen in the same basket with those industry veterans. Thanks!
It doesn't surprise me this has not been brought up before. Most evaluators will simply see functionality is missing and move on to the next competitor.
This issue hasn't indeed been brought up before. Most of the people we have spoken with looked for a solution for developing new applications. I guess existing security isn't that much of a problem for those cases.
They won't even invest a couple minutes to post... I posted because I fell in love with Radzen.
I knew there was something you liked in Radzen after all 
Do you mind telling us what?
Mind... not at all... 
A little background...
I've evaluated over two dozen "code generators" over two plus decades.
I've also written eight Enterprise code generators from scratch... for clients.
I found and fell in love with PHP Maker and ASP.NET Maker many years ago...
I loved the overall experience... I loved how it handled all of the tedious tasks.
But, after years of dealing with their "convoluted and oddly written code," I went in search of something else...
I came across Radzen in a message on the Blazor community...
On to your question...
What I love about Radzen is the code is MUCH cleaner than ASP.NETMaker...
When handing off my solution to a client, I am much more comfortable with the Radzen code than I'd ever be with the ASP.NETMaker code.
Note: I had to remove the space and change the text to ASP.NETMaker because it was automatically adding the links.... and then complaining about too many links. 
1 Like
Thanks for sharing your experience!
I came across Radzen in a message on the Blazor community...
How important is Blazor to you? Do you plan to ship Blazor applications when Microsoft officially releases it?
When handing off my solution to a client, I am much more comfortable with the Radzen code than I'd ever be with the ASP.NETMaker code.
Does this mean that you are using Radzen mostly as a code generator? Also are your client technical people that would care about the source code of the application?
Note: I had to remove the space and change the text to ASP.NETMaker because it was automatically adding the links.... and then complaining about too many links.
Just disabled the autolinking feature of our forum Typing ASP.NET won't be a link automatically any more.
Blazor is very, very, very important... I've used it since the day it was "released" in alpha... and will continue to use it.
First, because I am going to start on a large project that will be around for many years.. I prefer to use as few technologies as possible... and to have as little JavaScript and Typescript as possible. Fewer technologies makes it less expensive to build and maintain while making it easier to find Developers. ( With Developers choosing to use 18 different JavaScript libraries and variety of other "duplicate" technologies, I know this is radical concept. )
Second, I've firmly believed in the concept of WebAssembly.... years before it came to pass...
Finally, I see WebAssembly as a unifying factor... so one won't need to build "native" mobile apps in most cases.
As far as how I use Radzen, I use it primarily as a code generator today....
While I don't deal with "highly technical" clients, I still want to provide the highest quality code possible.
Thanks I will look at it now!
I add my 2 cents too. I know that doing a rad tool is very difficult because you must cover all use cases of your users even when they do not seems strategic to you.
In the past I have used and I am using several RAD frameworks/tools: openxava, apache isis, wavemaker, nowicket
I have chosen Radzen after evaluating many competitors. I was tempted about skipping on next competitor but you have done "template form" very fast and I am here now.
So I have chose Radzen because:
- uses modern frameworks;
- generates clean code;
- new features are added very fast;
- good support;
- "right" price (I use in Italy for small projects because here we have small enterprises and I cannot afford to pay the tool more than what I gain for the project)
- blazor support (frankly speaking, I came from Java world and there we have vaadin and apache wicket with nowicket that have a better approach to web programming than asp.net or angular, it seems that with blazor they can reach parity)
I do not like very much the scaffolding part because I have seen spring root and nowicket that creates gui without the need of scaffolding but I can live with it.
Thanks for reading me,
Mario