Best way to make a secure submission on forms with dynamic users

(0) Share

Report

Posted on by Lucas001

2,434 Super User 2025 Season 2

Hi @Fubar,

@ragavanrajanas you have also been in the post I refer to. Mentioning you as well.

Post I refer to: https://powerusers.microsoft.com/t5/General-Discussions/Adding-icon-as-navbar-element-instead-of-text/m-p/2471665#M5456

Coming back to your answer on another post:

I am aware of the mentioned security issue.

Question would be if I have a form and submit that the metadata does not show who submitted the data.

As different users would be possible the contact is dynamic and a weakness in security. Question would be on how to get the contact value without somehow passing the value with the form via lookup or something similar.

Do you guys have some recommendations?

Categories:

General topics

I have the same question (0)

All responses (3)

Answers (1)

Fubar 8,354 Super User 2025 Season 2 on at

Like (1)

Report

You can store the Logged in Portal User via Form/Step Metadata (you can also get their Account) use the portal/Pages Management App to setup the Metadata .
https://learn.microsoft.com/en-us/power-pages/configure/configure-basic-form-metadata#set-value-on-save
All you do is create a Lookup for your Table to hold the Portal users Contact record (and account also if you want), and then use the onsave settings in the metadata.
(As your form/step will be either an Insert or Edit/Update you can do both created by portaluser and modified by portal user).

By 'Dynamic' what i was referring to is probably more of a specific example, that you will see if you've set up a Customer Self-Service portal where they populate a Customer lookup on the Case table, in that code they use JavaScript because if the logged in Portal User has an Account they populate it in the Customer Lookup and the Portal user in the Contact Lookup, but if the Portal User does not have an Account they only populate the Portal User in the Customer Lookup (and as that scenario logic cannot be covered by Metadata they dynamically set the values using JavaScript).

Was this reply helpful? Yes No
Lucas001 2,434 Super User 2025 Season 2 on at

Like (0)

Report

Hi @Fubar,

haven't been aware of that solution.
Somehow I get an error when trying to populate the contactid which I would need to later use it in my flows.
It works with all other fields I tested (createdOn, email, fullname etc).
Filling out the value does not change a thing.
Do you know how to fix that?

Filled out metadata:

Value of attribute inside field:
Cleartext: "Microsoft.Xrm.Sdk.EntityReference"

Was this reply helpful? Yes No
Verified answer

Fubar 8,354 Super User 2025 Season 2 on at

Like (1)

Report

Make sure the Value field is empty, and the Attribute you selected at the top of the form is a Contact lookup field.

Was this reply helpful? Yes No