Portals; A method of allowing file downloads for another Account from Web Services

When a Client is signed in to a Client-based Portal, many security checks should be made or, in many cases, are made automatically.

One of these checks is that when running under Web Services, a Client cannot execute any Account-based services that relate to Accounts that they are not a Client of. E.g., the Client cannot run an Application Shortcut to download a document from an Account which is not their own.

There may be situations where it is desirable to allow a Client to download an Account document from an Account which they do not own, e.g., in the case of an Investor Portal, investment documents may be held on a central Account.

To allow this functionality, a new finBL.HtmlWidgetUtilities.EncryptId method has been added.

If an Account Id is encrypted as part of an Application Shortcut then this will allow a file to be downloaded regardless of whether the Account belongs on a Client. Since this encryption can only be performed by server-side code (i.e., the Script Code), it provides security since the Application Shortcut URL cannot be tampered with to simply download a document from any Account.

The following example creates an Application Shortcut that encrypts the Account Id.

Application Shortcut = finBL.CreateApplicationShortcutDocumentManagerFile("Account", DocumentFile.FileNameWithCategoryAndExtension, finBL.HtmlWidgetUtilities.EncryptId(Account.AccountId))