Would you like to add signatures to your form, but are concerned about the challenges of setting up digital certificates? Qdabra’s Electronic Signature Template Part may be right for you! Here’s a sneak peak:
Note: The PIN field is highlighted as shown in the figure above, but it normally wouldn’t be seen since the texts are colored white.
User enters invalid information:
User enters valid information:
What is it? What does it do?
- Electronic signatures don’t require digital certificates
- Electronic signatures ask for a personal identification key, for example a PIN
- Electronic signatures use your logged-in user credentials to look up a previously recorded key in the Signature library
Ø If the entered data matches the key data stored in the Signature library, the electronic signature adds a signature image to your form.
- Electronic signatures can include a purpose field for auditing
Cool feature alert! InfoPath 2007 introduces XML Template Parts (XTPs), one of the coolest features you probably never used! XTPs let you take whole sections of a form – fields, rules, data connections, conditional UI, etc. – and package them up so you can reuse them in all of your forms.
What will I need to use the Electronic Signature Template Part in my InfoPath form?
- InfoPath 2007 –Template parts (XTPs) aren’t supported in InfoPath 2003
- Scanned in signatures and employee aliases – to create your library
- SharePoint list – secure storage employee PINs and signatures
Why do I need SharePoint?
SharePoint feature alert! One of the best things to note about using SharePoint is that there is no need to create a form to store the signature. Your users can store their signature in a picture library and secure each signature image so that users cannot access other users’ signatures and PINs. And the best part is – no code needed!
Why not a secondary XML resource?
Good idea! We could add a secondary XML file in the InfoPath template that stores the employee alias, PIN and signature image (as Base64), but here again, we have two issues:
a) Security – we’d have to encrypt the PIN so that users couldn’t steal it by cracking open the cached template file. Encryption requires code and that won’t work for XTPs.
b) Updating the XML file would be costly. Every time a new employee joins, you have to update the file.
Granted, the security issue is only a big deal if you have malicious users and you could make it a little harder by hiding the Design This Form button in the toolbar. Fair enough! If you don’t have SharePoint, and want us to blog the non-secure secondary XML file send us e-mail and complain loudly. If we hear from enough of you, we’ll post another blog using the XML file technique.
If you don’t have SharePoint, you can still read about the technique to learn about how to use XTPs.
Why not digital signatures? What limitations do electronic signatures have?
Security warning: An electronic signature doesn’t prevent a malicious user from downloading and modifying the XML data after signing. That’s what Digital Signatures are for – they include special checks that prevent data tampering. The problem with Digital Signatures is that they require digital certificates and that means you have to have your system admin turn on Certificate Authority, or purchase certificates from a Web provider. Electronic signatures are a semi-secure substitute and with SharePoint permissions, you can prevent most tampering using the following three techniques:
a) Don’t store employee’s PINs in the main data source. Even though you need the field in the XTP, you can blank the field out after you replace it with the signature image (assuming the user entered a valid PIN)
b) Remove the Save and Save As options from the InfoPath File menu (Form Options -> Open and Save)
c) An administrator secures each signature image so that users cannot access other users’ signatures and PINs. A good way to do this is to have an admin upload “dummy” signatures and PINs and then place security on each one. The users can then go in and modify the signature image and PIN, replacing them with their own.
d) Digital Signatures require domain users but Electronic Signatures do not.
Are you ready to create the solution?
Create your Picture Library
1. Create a SharePoint Picture library in a location accessible to all employees needing an electronic signature by going to Site Actions > View All Site Content > Create and choose Picture Library.
2. Give your picture library a name such as ElectronicSignatures, and choose whether or not you want to add it to the Quick Launch bar and create versions. Click Create.
Note: Since we’re using a separate library for the PIN storage, make the picture library read only for all users. Each signature should be editable by whomever it belongs to. The issue is that currently, the signature is populated by a link. If the link is not reachable by other users, the signature will not show in the form. So the URLs of the picture library need to have read access. Signature is then created from pulling the pin from one list and the document from another.
3. Upload “dummy” or false signatures using the following guidelines:
a. Signatures should all be of the same type (.jpg, .gif, .tiff, etc.)
b. Signatures should be given the name that the user has for his/her Network ID (machine name). For example, if the network recognizes John Smith as SHAREPOINT\JSmith, his signature should be named “JSmith”.
In some cases, the document’s Name field is not available to users, so we can make use of the Description field too. Enter the same name (user’s network ID) in the Description field.
c. Signature image “Title” should be the user’s full name.
d. Signatures should all be uploaded to the same library.
4. Once all the dummy signatures are uploaded, have an administrator go in and secure each of the signatures.
a. Select a signature picture by clicking on it. The picture will display as an enlarged thumbnail with a toolbar across the top.
b. From the toolbar, select Manage Permissions.
c. Currently, each picture inherits its permissions from the library it resides in, so first we need to break inheritance. Click Actions > Edit Permissions. You will receive a warning that you are breaking inheritance.
d. Click OK to continue.
e. Your permission list will now have check boxes next to all the users.
f. Ensure that the owner of the electronic signature is listed as one of the users in this list.
If they are not, select New > Add Users. Choose the owner of the signature by typing their username or using the browse function of the Add Users text box. Select the permission level you want them to have (Contribute is the safest option. This will allow them to manage their signature without being able to change the permissions on it.) Click OK.
g. Once the user is added to the permissions list, place a check in the boxes next to all the other names, and click Actions > Remove User Permissions. You will be asked if you are sure you want to do this. Click OK. The other users will be removed from the list and the only remaining user should be the owner of the signature.
h. You may test this by signing in with a dummy account or having another user who does not have access to the signature sign in with their account. They should not see the protected signature.
i. Now that your signatures are protected, have your users go in and change the dummy signature image to be their real signature that is in .jpg format. They can just give their signature the same name, that is their useralias, and upload it – it will overwrite the dummy signature.
Note: Please configure permissions so that users can upload their own signature image but that others cannot view them. You’ll also want to make sure that only one signature exists for each user.
Create a list to hold the PINs
1. Create a Sharepoint Custom List by clicking View All Site Content > Create, and choose Custom List.
2. Give your custom list a name such as PIN List and choose whether or not you want to add it to the Quick Launch bar. Click Create.
3. Add a column for a PIN by clicking Settings > Create Column.
4. For each user, create an item specifying the user’s alias as the Title, and leave PIN blank.
5. Secure each PIN access by only the user who owns the PIN (follow the same procedures as above for protecting the signature images).
6. Have your users enter their individual PINs.
Create your Template Part
1. Launch InfoPath and select Design a Form Template from the left hand menu pane. In the resulting wizard, select Template Part from the radio button selection. Ensure that “Blank” is selected and click OK.
2. Setup a data connection to receive data from your Signature Library stored in SharePoint.
a. Click Tools > Data Connections > Add.
b. Select Receive data > Next.
c. Select SharePoint library or list from your list of options
d. Type the location of your SharePoint picture library and click Next:
The location should be in the following format: http://<SharePointSite>/<PictureLibrary>/
e. Select your Signatures Library and click Next.
f. The information you want to include in your form will be Title. Place a check in the box next to the Title field.
g. Click Next twice.
h. Type a name for your Data Connection such as “Verify Pin,” ensure that the data will pull whenever the form is opened and click Finish.
3. Repeat the same procedures above to add another data connection that receives data from your SharePoint PIN list. Include the fields Title and PIN in your form:
4. Next, setup the main data source. Name the root node qESxtp and create the following nodes:
| Node |
Type |
Default Value |
| Validate |
boolean |
False |
| DisplayError |
boolean |
False |
| ErrorMessage |
string |
Invalid User Name/PIN. Please try again. |
| UserInfo |
Group |
|
| UserName |
string |
userName()- to auto-populate the field with the current user’s alias |
| PIN |
string |
None |
| LibraryURL |
string |
<URL of the library that stores the signatures> |
| Sign |
Group |
|
| Signature |
string |
None |
| DisplaySignedBy |
string |
concat("Signed by ", @Title, " ", "on", " ", SignedDate, " ", "at", " ", SignedTime)- to reference the user’s full name using the Title field in the PIN List stored in SharePoint and add the signed date and time |
| SignedDate |
date |
today() |
| SignedTime |
time |
substring-after(now(), "T") |
Your data source should look like the following:
5. Design your template part as shown in the figure below:
6. Add conditional formatting to the sections so the form displays either the UserInfo section or the Sign section.
a. UserInfo section:
b. Sign section - Hide the control if:
7. Add a conditional mapping to the ErrorMessage field so that it only displays error whenever user enters invalid User Name / PIN.
Now that we have set up our groups and fields with their default values and conditional formatting, our next action is to make the validation happen, hence the existence of the Validate field. This field is responsible for the following actions:
1. If the SharePoint library stores a signature for the user, and user enters PIN that matches the one stored in the PIN list:
a. Retrieves the URL for the user’s signature, and since the Signature field uses a picture control, it will display the signature image instead.
b. The form does not store PIN.
c. No error message displays.
2. If there is no signature stored for the user, and/or user enters invalid PIN:
a. Validation fails.
b. Displays error message.
c. The form does not store PIN.
Additionally, the Validate check box is disabled if:
a. Signature exists; or
b. User has not entered a PIN
Once we accomplish all these, save the template part as qESxtp.
Test the template part
We can test the Electronic Signature template part that we have designed by adding it in InfoPath as a custom control, after which would be available in the Custom section of the Controls task pane.
After doing so, you can then add qESxtp to your existing solutions and see the wonders of using electronic signatures!
One Caveat for those of you that want to use this with browser enabled forms: Browser forms do not support picture controls. So, instead of using both the signature picture and the DisplaySignedBy field, you will only be able to use the DisplaySignedBy field. In most cases, this workaround is just fine, since it takes up less room on the page and fits the same purpose.
For your convenience, we are providing the Electronic Signature template part for sale via our Web store. Benefits:
- Comes with a User Guide that contains in-depth instructions on how to add the rules for validation
- Saves you time spent creating the XML Template Part. We’ve done it for you.
- Includes PIN field and rules to check it.
- Comes with one hour of hands-on support to help you get the XTP working quickly if you run into trouble.
We sell the XTP for just $149. Of course, if you aren’t fully satisfied we’ll be happy to refund the money (only exception is if you have used the support time).
Purchase the Electronic Signature template part here.