Advanced Field Solutions- Let your customers manage your service department

Customisation

Advanced Field Solutions® is easily customisable. It allows a user to customize:

Data entry forms (web forms)
Language
Data storage
Presentation

Security

Advanced Field Solutions® leverages the following products' security infrastructure:

IIS - the product uses SSL/HTTPS and strong 128-bit encryption when sensitive data is being transmitted.
ASP.NET - the product uses the role-base page access control mechanisms of ASP.NET. A user will be able to open a page in IE only if he belongs to a role that has access to the page.
SQL Server - All Advanced Field Solutions® data will be stored in a SQL server database and will be accessed by ASP.NET using a Windows 2000 system account and Security Service Provider Interface with a password inaccessible to the SQL server users.

Web page access security

Authentication: When a user tries to access any web page from Advanced Field Solutions® he is redirected to a SSL login page, where they must enter a user name and password. The user name and the password are sent securely over SSL to the ASP.NET application and the password is hashed using unidirectional SHA-1 algorithm.
Then the user name/hashed password pair are checked against the SQL server database. In this way, direct storage of the passwords in the database is completely avoided. Even if someone could access the user table in the SQL Server database, they will not be able to decrypt users' passwords because of the asymmetrical nature of SHA-1.
After the username/password is authenticated, an authentication ticket is issued to the user. This ticked is strongly encrypted and is then is stored as a cookie by the browser.
It is used throughout the Advanced Field Solutions® session of the user. If an authenticated user with a ticket does not access a Advanced Field Solutions® page for 20 minutes, his/her ticket expires and they will need to provide their login credentials once again.

Web access security

Authorisation: After successful authentication, the application retrieves from the database the list of the roles for that user. Typical roles can be:

Dispatcher
Engineer
Report reader
Invoice poster, etc

Depending on the roles, a navigation bar for the user is constructed containing hyperlinks only to the pages relevant for these roles. ASP.NET provides further level of protection - if a user has no access to an application page, they will not be able to access it even by typing the address in the IE address bar.

The role membership, the construction of the navigation bar for each role and the roles with access for each application page can be configured by the company's Advanced Field Solutions® administrator.

Data Security: Using SQL server database gives the following advantages:

Data integrity - SQL server supports ACID (Atomic, Consistent, Isolated, Durable) transactions so data is always in consistent state
Inter-company protection - the SQL server database is partitioned in such a way that each query or transaction can be executed only against a single company. This way, the data for one company using Advanced Field Solutions® is accessible only by users of that company
Data recovery - Advanced Field Solutions® data is backed up regularly and backup media are stored in a protected location

System: Advanced Field Solutions® is a 3 tiered .NET web application. The presentation layer controls access to the business layer, where Advanced Field Solutions®'s business rules are implemented, which manages access to a data access layer, which in turn manages access to the data layer. Data access is implemented using OLE-DB. Communication between each distinct layer is achieved using the Simple Object Access Protocol (SOAP). Advanced Field Solutions® is designed to the most modern object-oriented design patterns. It is designed in such a way to make it easily customizable across many business and industrial domains.