OK, I've been a bit quiet lately - I was on travel last week, plus I've been
grappling with some ASP.NET weirdness. Anyway, I just committed some more
changes. Details below, but the gist of it is that authentication
integration between is vastly improved. You'll see a login link on every
page now that's smart about whether you're using Windows or Forms
authentication.
The biggest issue right now is that Windows authentication is currently
pretty funky when you want to mix it with anonymous. What happens is that
after you log in, sometimes you appear to be anonymous and sometimes you
appear to be authenticated. I haven't worked out yet what's up with this,
but it's probably related to browser caching. I have a strategy for
addressing it if that's the case, but first I need to check a few more
things out. Note that the case where you want everyone to authenticate via
Windows should work just fine - just don't check "anonymous" in the virtual
directory configuration. Still, I'd like to support the mixed scenario
because I can see it being pretty useful.
Once I get all that working reasonably well, I'll fix the last three
problems I'm aware of with the site itself: broken admin pages, a slight
problem with search related to security, and the SqlProvider. I may wait to
fix the SqlProvider until after I get server-side caching working again.
Changes:
. Augmented build so that flexwiki.config and log4net.config are
overwritten by flexwiki.config.template and log4net.config.template before
the distribution zips are built. This ensures that developers can change
settings in these files and not accidentally push them out in the release.
It also gives a good place to put a complete example of these configs, as
updates of the files by the wiki application will overwrite comments and
remove elements (a byproduct of using XmlSerialization).
. RFE SECURITY: Enhanced borders to return user to page from which
logon link was clicked.
. RFE SECURITY: Added "log in" link to borders when user is not
logged in.
. RFE SECURITY: Updated LinkMaker.TopicLink so that a null or empty
link links to the namespace/wiki homepage.
. RFE SECURITY: Updated Request object to drive identity from
Thread.CurrentPrincipal rather than the Http pipeline user.
. RFE SECURITY: Added global catching of security exceptions with
link to login page.
. REFACTOR: Changed BasePage.RootUrl from a method to a property.
. REFACTOR: Moved a bunch of logic out of BasePage into
PageUtilities.cs.
. REFACTOR: Changed to use built-in support for sending mail rather
than FlexWiki-specific implementation.
. REFACTOR: Added logging of all uncaught exception.
. LOGGING: Changed default logging from FileAppender to
RollingFileAppender.
. SECURITY: Added full support for simple Forms authentication using
ASP.NET membership provider.
. SECURITY: Added somewhat broken support for Windows
authentication. Not working very well when some users are authenticated and
some are not.
. SECURITY: Enhanced logoff message.
. SECURITY: Added preliminary (broken) administration page for
enabling new users.
. SECURITY: Added SecurityContext diagnostics page.
. SECURITY: Added simple password recovery page.
. SECURITY: Added simple new user registration page.
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Flexwiki-users mailing list
Flexwiki-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/flexwiki-users
