icon Form Builder
Created by Orckestra

Form Builder Developer Guide

How to create a new security handler

To ensure data submissions via secure connections, you can create a security handler and use it on forms built with the Form Builder.

A security handler is a Razor Function that handles the security connection.

The Form Builder comes with its own security handler, available as the Razor function “Composite.Forms.FormBuilder.Handlers.HttpsCheck”.

It is disabled by default in the Form Handler’s configuration file.

You can use this security handler for secure data submissions if your website has HTTPS support.

The general procedure for creating and using a security handler is as follows:

  1. Make sure your website has the HTTPS support.
  2. Create a Razor function that will serve as a security handler, i.e. handle the secure form submission.
  3. Register the security handler in the Form Handler’s configuration file.
  4. Select the secure connection in the form’s settings.

Configuring HTTPS

Before using a security handler on forms, make sure:

  1. The Certificate Server is installed on the target server with IIS.
  2. A proper certificate is installed on the server. You might need to request the certificate with a certificate issuing company such as VeriSign.
  3. SSL is configured on IIS for your website.

For testing purposes, you can generate your own certificate by using ad-hoc utilities such as openssl or SelfSSL. For example, see “Enabling SSL on IIS 7.0 Using Self-Signed Certificates”.

Creating and a security handler

To create a security handler:

  1. From the Functions perspective, add a new Razor function using, for example, “Composite.Forms.FormBuilder.Handler” for its namespace. Alternatively, you can create a Razor function in Visual Studio 2012. (Please see “Creating Razor Functions in Visual Studio”).
  2. Add necessary code and markup.
  3. Save the function.

For illustration, you can use the security handler that comes with the Form Builder “Composite.Forms.FormBuilder.Handlers.HttpsCheck”.

@inherits RazorFunction
@using Composite
@using Composite.Forms.FormBuilder
@functions {
    public override string FunctionDescription
    {
        get  { return "Redirects to https url if http connection is not already secured."; }
    }
}
 
@{
    var formContext = FormHelper.GetFormContext();
    if (formContext == null)
    {
        return;
    }
    if (Request.IsSecureConnection || Data.CurrentPublicationScope == PublicationScope.Unpublished)
    {
        return;
    }
    formContext.FailPrerequisites();
    var url = Request.Url.AbsoluteUri;
    Verify.That(url.StartsWith("http://", StringComparison.OrdinalIgnoreCase), "Incorrect schema");
    string secureUrl = "https" + url.Substring(4);
    Response.Redirect(secureUrl, false);
}

Listing 7: HttpsCheck security handler as a Razor function

Registering the security handler

If you choose to use the out-of-the-box security handler of the Form Builder:

  1. Edit ~/App_Data/Composite/Configuration/Composite.Forms.FormBuilder.xml.
  2. Locate and uncomment the security handler already available there within the <SecurityHandlers/> element.
  3. Save the file.
  <SecurityHandlers>
    <SecurityHandler name="Https" label="${Composite.Forms.FormBuilder,SecurityHandlers.Https.Label}">
      <Prerequisites>
        <f:function name="Composite.Forms.FormBuilder.Handlers.HttpsCheck">
        </f:function>
      </Prerequisites>
      <Postrequisites>
      </Postrequisites>
    </SecurityHandler>    
  </SecurityHandlers>

Listing 8: HttpsCheck security handler registered in the configuration

To register your own security handler:

  1. Edit ~/App_Data/Composite/Configuration/Composite.Forms.FormBuilder.xml.
  2. Within the <SecurityHandlers/> element, add a <SecurityHandler/> element and specify values in its name and label attributes.
  3. Add a <Prerequisites/> element and a <Postrequisites/> element as child elements of the <SecurityHandler/> element.
  4. Within the <Prerequisites/> element add one or more Razor functions that serve as the security handlers, which must be executed before the form submission.
  5. Within the <Postrequisites/> element add one or more Razor functions that serve as the security handlers, which must be executed after the form submission.
  6. Save the file.

Using security handlers on forms

To enable a specific security handler on a form:

  1. Edit the form you want to enable a security handler on.
  2. On the Settings tab, select the security handler in the “Security” drop-down list.
  3. Save the form.

Figure 7: A security handler available in the Form Builder

 
Back to top
Version 1.3.4
Tags Form

Have a question?

Phone: +45 39 15 76 00
Email: Write us
6:39 AM
(Local time at HQ)