The Microsoft InfoPath team did a nice job a few months ago of calling out the new userName function in Office InfoPath 2007. This addition is just another example of how to use declarative logic in the design mode to improve form functionality. But does this new function offer enough in terms of verifying users? The answer to that question depends on your scenario.
The userName function does what you would expect it to do: it returns the username of the individual that is currently editing a form file. However, we had a customer recently that wanted to extend the building permit application end-to-end solution by having the compliance reviewer’s full credentials verified. For that scenario, the userName function would not work because it does not return the user’s domain. Fortunately, there was a simple code solution.
In the updated scenario, we added a ReviewerLogon node to the form’s data source. This node identified the full credentials of the compliance reviewer assigned to the building permit application, and it was automatically set based on the lot number that was provided (e.g., if the lot number started with a C, then the ReviewerLogon value was set to LITWAREINCdaver). We then used the LoginName property in the form’s Loading event to ensure that the user opening the form file was in fact the compliance reviewer assigned to the application. If the full credentials were not verified, then the Loading event was canceled, thus closing the InfoPath client.
public void FormEvents_Loading(object sender, LoadingEventArgs e)
if (MainDataSource.CreateNavigator().SelectSingleNode("//my:RoleID", NamespaceManager).InnerXml == "2")
string currentReviewer = MainDataSource.CreateNavigator().SelectSingleNode("//my:ReviewerLogon", NamespaceManager).InnerXml.ToLower();
if (currentReviewer != Application.User.LoginName.ToLower())
e.CancelableArgs.Message = "You are not the compliance reviewer assigned to this application.";
e.CancelableArgs.Cancel = true;
If you recall from a previous post, the RoleID node in the form’s data source identified the role of the current user. So, the code was executed only when the current user was the compliance reviewer (i.e., RoleID equals 2).