This document provides an overview of the new features released in Aptify version 7.4. The content of this document is divided into the following sections:
For details on resolved issues, visit: Aptify 7.4 Resolved Issues.
Azure Enablement in Aptify
Azure Scale-Out Feature implementation in Aptify
Starting with Aptify release 7.4, Azure scale-out feature has been implemented in Aptify Web and Aptify e-Business using Redis technology to overcome the limitations of in-memory cache setups for single instance. Redis (Remote Dictionary Server) is an open-source, in-memory key-value store widely used for caching, real-time data processing, and session management which provides a centralized caching mechanism that scales efficiently with Aptify applications.
For information on how to setup Redis in the Azure portal and in Aptify applications, refer to the Implementing Azure Scale-Out Feature in Aptify Using Redis document.
Support for '@' Symbol for SQL Users in Azure Managed Instance
Aptify 7.4, supports user creation with '@' symbol for non-trusted users like SQL users on Azure managed instances. Previously, users with '@' symbol were considered as AD users. With the new implementation, user creation in Smart Client for untrusted users with '@' symbol is considered as SQL user. To support all existing non-trusted users with '@' symbol on managed instance a script has been provided.
For more information on the script, refer to Supporting '@' Symbol for SQL Users document.
CM Pack Deployment Automation
In the Aptify 7.4 release, enhancements have been made to automatically deploy CM packs on Azure. The automation of CM packs is a further enhancement to automation of deployment of Aptify Web on App services which was released in Aptify 7.2. Please refer to Automating Aptify Web and CM Pack Deployment in Azure for information on how to use the automated deployment of CM packs and App Services.
Aptify Web
Aptify - PayPal Advanced Checkout Integration
Aptify Release 7.4 includes the PayPal Advance Checkout integration with Aptify Smart client and Aptify Web applications, and the PayPal Advance and Standard Checkout integration (only pay with PayPal) with Aptify e-business application. Refer to PayPal Checkout for more information on the checkout options.
For more information on how to configure and use the advanced PayPal checkout feature, refer to Integrating with PayPal eCommerce
Aptify Web UI Enhancement for Session Timeout
The Session Timeout message, introduced in Release 7.3 as part of the Aptify Web UI enhancement, has been modified to make it more user-friendly. Now, when a user session times out, the following pop-up message appears. Pressing the OK button will redirect the user to the login page.
Previously, the message was as follows:
e-Business 7.4
Automated Product Image Upload Utility
With the e-Business 7.4 release, the product image upload functionality has been automated on the e-Business application. Whenever a new product record is created, or an existing product record is updated in Aptify database, it is automatically synced with e-Business application. Users are no longer needed to manually run the Image Sync Utility. The utility only needs to be run once initially to export all existing product images.
For detailed instructions on setting up this functionality users should refer to Uploading Product and Company Images in e-Business 7.4 and higher version document.
Google reCAPTCHA Verification for Payment Process
Beginning with Aptify release 7.4, the e-Business application now integrates Google reCAPTCHA verification for payment processing. This integration offers robust protection for your websites and mobile applications against spam, abuse, and various fraudulent activities, such as credential stuffing, account takeovers (ATO), and automated account creation.
Refer Integrating Google reCAPTCHA with e-Business 7.0 document for the integration details.
e-Business Feature build in React Interface
Here is the list of features developed in React interface as part of 7.4 Release:
- Features for Company Administrator Role:
Company Directory
Purchasing Membership
Managing Orders
Managing a Company
Add Member
- Features for Members:
Downloadable Products
Committees Management
Company Directory
Donate Now
Event Registration
Melissa Address Verification
Topic of Interest
For the list of features developed as part of React MVP release, refer to e-Business React Application Overview document.
Single Sign-On Implementation Using SAML
Single sign-on (SSO) is an authentication method that enables users to securely authenticate multiple applications and websites by using just one set of credentials. In Aptify release 7.4, SSO feature is implemented between e-Business Classic and e-Business React applications. When a user logs into e-Business classic application with their credentials, they will be automatically logged into e-Business React application without needing to re-enter the credentials. Refer to SSO Support Between Classic and React e-Business Application documentation for the implementation details.
Aptify Smart Client
Enhancements to Data Archive Functionality in Smart Client Application
Aptify release 7.4 implements UI improvements for the archive functionality in Smart Client application. This includes enhancing the user experience for the existing functionality and adding a new archive type for cleaning the Error logs (ErrorLog).
Below are the details of the enhancements:
Enhanced User Experience: In earlier releases, running the archive process on databases with large entities caused the UI to hang, preventing users from performing other operations until the archive run was completed. This enhancement addresses the UI hang issue by executing the archiving process runs in the background, allowing the users to perform other tasks simultaneously.
For information on the existing archive functionality, refer to the Archiving Transactional Data.
New Archive Type: A new archive type has been added for cleaning Error logs (ErrorLog). For information on the new archive type record, refer to the Adding New Archive Type for Error Logs document.
Archive Report Features: The archive report now displays the start time, end time, and the progress of the archive run, enabling the users to monitor the progress and the total time taken for the run.
In the new implementation, the archive report on the ‘Execution & Result’ tab is fully updated upon completion of the process. Users must close and reopen the newly created archive record to view the report.
Security Enhancements
Secret Key Vault Feature Enhancement
In Aptify release 7.4, support for the Secret Key Vault feature has been added to the AptifyServicesAPI SQL user password configuration. This enhancement improves security by using a secure Key Vault, whereas previously, the passwords were stored in plain text within configuration files.
For more information on this topic refer Configuring Secret Key Vault for Aptify Services API.
Cross-Site Request Forgery (CSRF) for cross site interaction
Cross-Site Request Forgery (CSRF) is a type of cyber-attack where a malicious website, email, or program tricks a user’s browser into performing an unwanted action on a different, trusted site where the user is authenticated.
Starting with release 7.4, application security has been enhanced by allowing cross-site interaction between e-Business SOA and e-Business frontend (Knockout and React) while keeping the CSRF protection enabled.
Previously, users had to disable CSRF protection for cross-site interactions, which exposed the application to CSRF attacks.
Configuring CSRF for Aptify e-Business 7.x
To configure CSRF in the application, add the below attribute to web.config of e-Business SOA where the cross-site interactions is required. This sets the SameSite and the Secure attributes to the cookies.
<system.web>
<httpCookies sameSite="None" requireSSL="true"/>
</system.web>
Stored Cross-Site Scripting Vulnerability
As part of Aptify Web Penetration Test findings, code review was conducted on Classic e-Business source code to assess the cross-site scripting vulnerability issues. As part of this review, to avoid the cross-site scripting vulnerability issues, clients must add httpProtocol tags in web.config file along with appropriate URLs in the Content-Security-Policy key as shown in below table.
Comments
Please sign in to leave a comment.