OUR WEBSITES
CLOSE

Know it first and engage with us on all channels

USA / Canada
1111, St-Charles Street West, Suite 255
Longueuil, Quebec
Canada J4K 5G4
Toll Free: 1-877-398-0999
Phone: 1-514-398-0999
Europe

Hoejbro Plads 10
1. Floor
1200 Copenhagen
Denmark
General Inquiries & Sales:
+45 39157600

Add-ons
Share your Add-on
Add-on Market Q&A

icon Form Builder
Created by Orckestra

Form Builder Developer Guide

How to create a new security handler

To ensure data submissions via secure connections, you can create a security handler and use it on forms built with the Form Builder.

A security handler is a Razor Function that handles the security connection.

The Form Builder comes with its own security handler, available as the Razor function “Composite.Forms.FormBuilder.Handlers.HttpsCheck”.

It is disabled by default in the Form Handler’s configuration file.

You can use this security handler for secure data submissions if your website has HTTPS support.

The general procedure for creating and using a security handler is as follows:

  1. Make sure your website has the HTTPS support.
  2. Create a Razor function that will serve as a security handler, i.e. handle the secure form submission.
  3. Register the security handler in the Form Handler’s configuration file.
  4. Select the secure connection in the form’s settings.

Configuring HTTPS

Before using a security handler on forms, make sure:

  1. The Certificate Server is installed on the target server with IIS.
  2. A proper certificate is installed on the server. You might need to request the certificate with a certificate issuing company such as VeriSign.
  3. SSL is configured on IIS for your website.

For testing purposes, you can generate your own certificate by using ad-hoc utilities such as openssl or SelfSSL. For example, see “Enabling SSL on IIS 7.0 Using Self-Signed Certificates”.

Creating and a security handler

To create a security handler:

  1. From the Functions perspective, add a new Razor function using, for example, “Composite.Forms.FormBuilder.Handler” for its namespace. Alternatively, you can create a Razor function in Visual Studio 2012. (Please see “Creating Razor Functions in Visual Studio”).
  2. Add necessary code and markup.
  3. Save the function.

For illustration, you can use the security handler that comes with the Form Builder “Composite.Forms.FormBuilder.Handlers.HttpsCheck”.

@inherits RazorFunction
@using Composite
@using Composite.Forms.FormBuilder
@functions {
    public override string FunctionDescription
    {
        get  { return "Redirects to https url if http connection is not already secured."; }
    }
}
 
@{
    var formContext = FormHelper.GetFormContext();
    if (formContext == null)
    {
        return;
    }
    if (Request.IsSecureConnection || Data.CurrentPublicationScope == PublicationScope.Unpublished)
    {
        return;
    }
    formContext.FailPrerequisites();
    var url = Request.Url.AbsoluteUri;
    Verify.That(url.StartsWith("http://", StringComparison.OrdinalIgnoreCase), "Incorrect schema");
    string secureUrl = "https" + url.Substring(4);
    Response.Redirect(secureUrl, false);
}

Listing 7: HttpsCheck security handler as a Razor function

Registering the security handler

If you choose to use the out-of-the-box security handler of the Form Builder:

  1. Edit ~/App_Data/Composite/Configuration/Composite.Forms.FormBuilder.xml.
  2. Locate and uncomment the security handler already available there within the <SecurityHandlers/> element.
  3. Save the file.
  <SecurityHandlers>
    <SecurityHandler name="Https" label="${Composite.Forms.FormBuilder,SecurityHandlers.Https.Label}">
      <Prerequisites>
        <f:function name="Composite.Forms.FormBuilder.Handlers.HttpsCheck">
        </f:function>
      </Prerequisites>
      <Postrequisites>
      </Postrequisites>
    </SecurityHandler>    
  </SecurityHandlers>

Listing 8: HttpsCheck security handler registered in the configuration

To register your own security handler:

  1. Edit ~/App_Data/Composite/Configuration/Composite.Forms.FormBuilder.xml.
  2. Within the <SecurityHandlers/> element, add a <SecurityHandler/> element and specify values in its name and label attributes.
  3. Add a <Prerequisites/> element and a <Postrequisites/> element as child elements of the <SecurityHandler/> element.
  4. Within the <Prerequisites/> element add one or more Razor functions that serve as the security handlers, which must be executed before the form submission.
  5. Within the <Postrequisites/> element add one or more Razor functions that serve as the security handlers, which must be executed after the form submission.
  6. Save the file.

Using security handlers on forms

To enable a specific security handler on a form:

  1. Edit the form you want to enable a security handler on.
  2. On the Settings tab, select the security handler in the “Security” drop-down list.
  3. Save the form.

Figure 7: A security handler available in the Form Builder

 
Back to top
Part of subscriptions:
Version 1.3.4
Tags Form

Have a question?

Phone: +45 39 15 76 00
Email: Write us
9:19 AM
(Local time at HQ)

ABOUT C1 CMS IN SHORT

C1 CMS is a powerful Content Management System that scales out in the cloud. C1 CMS Foundation is one of the world’s best-rated free Open Source CMSes. Built on the Microsoft stack and installed in more than 100 countries. C1 CMS is also seamlessly integrated in our Unified Commerce offering - Orckestra Commerce Cloud.


UPDATES ABOUT C1 CMS

Get a regular digest about the C1 CMS. Learn about releases, solutions, features with a dash of technology.