I am very happy to announce that the DotNetNuke 3.3/4.1 release is now in full Stabilization phase. The initial Beta build ( 3.2.3 ) was released to Platinum Benefactors last Monday, April 24 and there has been a lot of valuable discussion and feedback in the private Release Discussion forum over the past week.
The purpose of providing early access to Platinum Benefactors was to allow for sufficient compatibility testing of complementary products and services, as well as to provide serious DotNetNuke vendors with the ability to get familiar with new features and enhancements which can be leveraged in their business as soon as the release goes public. Early indications seem to indicate that this program is a complete success.
A new Beta build ( 3.2.4 ) was released to the Platinum Benefactors yesterday. It contains defect corrections and minor enhancements to the previous Beta build and represents a "feature-complete" release package. Depending on the quantity/severity of defects identified, we expect that DotNetNuke 3.3/4.1 will be in Stabilization for a minimum of 4 weeks as we work with our partners to deliver the highest quality public offering.
There has not been a lot of detailed communication regarding the scope of the DotNetNuke 3.3/4.1 release, so I thought it might be useful to outline the various enhancements which have been introduced over the past 4 month development cycle.
More than 1000 individual transactions were recorded in the DotNetNuke_Core source code repository since Dec 22, 2005 ( the release date of DNN 3.2.2 ). The majority of the enhancements were focussed on the three major framework providers - Membership, Roles, and Profile. Since these providers are the underpinnings of any professional software application, we felt that a complete refactoring was in order to provide our community with the most powerful and extensible web application framework available.
Some of the more powerful core improvements are outlined below...
Membership
- Provider Abstraction - create our own provider to abstract ourselves from the Microsoft provider.
- HttpContext - eliminate dependence on HttpContext
- ApplicationName - manage our multi-portal capabilities within DNN rather than trying to hack the Microsoft provider
- Question and Answer - the ability for a user to enter and store a private question and answer which can be used for a password reminder
- Hashed Passwords - hashed passwords are supported through the Microsoft Membership Provider. We should provide a mechanism to support hashed password in DNN as they are much more secure then encrypted passwords and do not rely on MachineKeys. ( It would be advantageous to make this the default but the side effect would be that we would no longer have a password retrieval mechanism )
- CAPTCHA - add the ability to display a small image with embedded text which bots can not read. Prevents brute force dictionary login attacks.
- Public Registration - the system should send an email to the user on public registration ( to prevent cases where another user registers with their email address ).
- Profile Change Notification - when any profile attribute is changed, the owner of the account should be notified ( using the original email address ). This is to alert people in the event that an unauthorized user has gained access to their account and made changes to their profile ( password, email ).
- Login Redirect - after login there should b a way to send a user to a specific page. This could be implemented at the portal or user level.
- Password Generation - the ability for an admin to automatically generate a secure password for a user on account creation
- User Account Creation Notification - when an admin creates a user account they should have an option to send the account details to the user
- Force Profile Update - ability to force a user to update their user profile ( implemented at a granular level based on required Profile fields )
- Force Password Change - ability to force a user to change their password
- Password Complexity - add the ability to define some passord complexity requirements ( ie. mixed upper/lower case, numeric and alpha-numeric, etc... )
- Password Length - increase the default minimum password length from 4 characters ( will require a more secure host password on initial install )
- Password Expiry - a mechanism for expiring a password which would force a user to enter a new password. This could be done through password aging parameters defined at the portal level ( ie. every 2 months ). Would likely need to be associated with a reminder email to let people know their password was going to expire ( a similar requirement is needed for Role expiry ).
- Display Name Field - the membership schema should store the DisplayName of the user for demographic purposes - this item is critical for international users where their name is not represented as "FirstName LastName". Modules should link to the DisplayName for audit purposes rather than using FirstName and LastName.
- Preserve Login Parameters - when a user is directed to the login screen, the system needs to retain the original url ( with parameters ) so that it can redirect back after successful login ( especially useful in nested module UIs like Forum )
- Logout Behavior - after logging out, the user should be able to remain on the same page rather than being redirected to the home page ( the only reason they are being redirected now is because they may no longer have access to the page because of roles - but this is largely unnecessary and can be handled other ways ).
Roles
- Provider Abstraction - create our own provider to abstract ourselves from the Microsoft provider.
- HttpContext - eliminate dependence on HttpContext
- ApplicationName - manage our multi-portal capabilities within DNN rather than trying to hack the Microsoft provider
- Effective Date - effective date is used to specify when a role becomes active ( we already have ExpiryDate which specifies when role access terminates )
- RSVP code - this is a code which can be assigned to a role which would allow a user to obtain access to thge role if they entered the RSVP value. A use case would be an administrator working with a group of users could send them an RSVP code which they could then enter on the site to get instant access, rather than the admin having to assign the users to roles manually.
- Avatar field - the administrator should be able to associate an avatar to a role.
- Role Groups - administration mechanism to group roles within the same portal to provide a faster, easier way to manage/assign them. This affects the Role Management, User Role management, and Permissions grids.
- Manage User Roles - once a site has more than 1000 users the user combobox, displayed when you access Manage User Roles from the Roles UI, contains too much data and sometimes times out. As a result there is no easy way to see the users who are assigned to a role ( the bottom portion of the UI ).
Profile
- Provider Abstraction - create our own provider to abstract ourselves from the Microsoft provider.
- HttpContext - eliminate dependence on HttpContext
- ApplicationName - manage our multi-portal capabilities within DNN rather than trying to hack the Microsoft provider
- Company Name Field - the default list of profile properties should contain the CompanyName of the user for demographic purposes
- Default Properties - In the default install we should provide a comprehensive collection of properties (consistent with W3C's Platform for Privacy http://www.w3.org/TR/P3P)
- Module Profile Properties - Modules should be able to add profile properties for module-specific information.
- Portal Properties - the Profile Properties should be defined at the Portal level (not the host level)
- Dynamic Definition - the Portal level properties should be managed by the Portal Administrator.
- Searchable - Profile Properties should be Searchable (ie we should be able to do Find Users By City or Find Users with Green Eyes)
- Profile Property Order - To support certain eastern cultures the order of Profile fields is important.
Event Queue
- generic framework which allows managed code to create and consume custom events ( including parameters ). Events are persisted to the data store so they can survive app restarts.
File Management
- Storage Location - new Folder level specification to identify whether files should be stored on the file system ( unsecure ), file system ( secure ), or database ( secure ).
- File Manager - refactored to use the database as the source for file/folder information rather than the physical file system. Improved user interface to accomodate new Storage Location options as well as provide Synchronization at the folder level.
- File/Folder Association - added referential integrity between the Files and Folders table
- File Server - HTTP Handler for serving files regardless of Storage Location. Takes advantage of Folder permissions to ensure secure access to files.
- URLControl - leverage folder permissions and storage location in file selection and upload options.
Usability
- Copy Content - in Add Page, a new option which allows an admin to select a page and the granularly select the modules to copy as well as whether to make a New, Copy, or Reference.
- Page Template - template which defines a default set of modules to insert into the page when the page is added. The template is based on a portal template fragment and is currently defined at the host level. The default template provided contains a single HTML/Text module which helps address the usability issue of new portal administrators who do not understand that you need to add modules to your page once it is created.
- Host Space - increased host space capacity from 999.
- Module Title Editing - enabled AJAX-style editing of the Module Title by default
- ClientAPI - fixes and enhancements to ClientAPI javascript library as well as navigation controls ( ie. treeview, SolPartMenu, DNNMenu )
- Navigation Provider - fixes and enhancements to Navigation provider library
- AJAX - fixes and enhancements to DNN AJAX library
- URL Rewriter - adjusted logic so that full URL can be used in rewriter rules.
- Rich Text Editor - added support for URLControl in hyperlink popup so that a user can select from a file, page, or external URL. Also added Insert Smiley option.
- Newsletter - added ability to enter From: address.
Framework
- Remove dnn.config - the perceived performance benefit of the dnn.config was far outweighed by the support implications.
- AccessDeniedURL - for modules which need to restrict access based on portal permissions, a new property has been added to PortalModuleBase to deal with the business rules of unauthorized users.
- Module Actions - Moved ModuleActions from Container to PortalModuleBase for proper encapsulation of ModuleAction collection ( no longer dependent on the existence of an Actions skin object ). Allow custom module actions to be created as sub-items below the root.
- Permissions Grids - refactored to handle viewstate properly, allow extensibility for custom permission types, and eliminate errors related to rolenames containing embedded colons.
Data Access
- Generic Methods - new generic data access methods as part of core DataProvider. The purpose is to simplify DAL development for modules where a full Data Provider is not necessary. Detailed tutorial provides information on how they can be leveraged.
Performance
- Caching Code Pattern - code pattern for accessing the ASP.NET cache had the potential for threading issues. These issues were exposed on the ASP.NET 2.0 platform due to changes in the run-time model.
- Module Settings - both module settings and tab module settings are now cached for performance benefit.
Module Definitions
- Version - display the module version in the default Module Definitions view
- Interfaces - display module interface settings in the Edit Module Definitions UI and ensure the SupportedFeatures bits are set properly when updating.
- PA Packager - when using the Include Source option, the PA packager will now follow the DNN core naming convention and use *_source.zip as part of the filename for the source resource file.
- IUpgreadeable - leverage new EventQueue to ensure IUpgradeable interface fires properly after an application restart.
E-Commerce
- Subscriptions - new portal settings to manage PayPalIPN behavior.
- Text Banner - added support for a "display url" for text banners ( via the ImageURL property ). Also optimized the FindBanners stored procedure to exclude expired banners.
Design
- HTML Skins - skins created as HTML files can now include a section. The skin parsing engine will parse the content within the BODY tag when creating the ASCX skin file.
Please remember that there is still time to become a Platinum Benefactor and participate in the private Beta phase.
