AccessSettings Class
Allows you to restrict external resource locations for security reasons.
Namespace: DevExpress.Security.Resources
Assembly: DevExpress.Data.v24.2.dll
Declaration
Related API Members
The following members return AccessSettings objects:
Remarks
The following image illustrates how to use the AccessSettings class to allow or restrict certain resource locations:
The table below gives a brief overview of all the API and provides links for more information.
A static property that allows you to specify access settings for images. | |
A static property that allows you to specify access settings for data resources (JSON, Extract, and Excel data sources). | |
A static property that allows you to specify access settings for report style sheets and serialization formats. | |
Register resource access rules. | |
A static method that allows access to all or only specified directories. | |
A static method that denies access to all or only specified directories. | |
A static method that allows access to all or only specified URLs. | |
A static method that denies access to all or only specified URLs. |
You can also create a CustomAccessRule to implement custom logic when a URI is checked.
You can call the SetRules(IAccessRule[]) method only once during a single application run. Subsequent calls raise an exception. This ensures that rules cannot be overridden once specified. Alternatively, use the TrySetRules(IAccessRule[]) method. It does not raise an exception, but returns false.
If no access rules are registered, resources can be loaded from any location.
Examples
// Allow images to be loaded only from the "C:\\StaticResources\\" file directory and "http://mysite.dev" site
DevExpress.Security.Resources.AccessSettings.StaticResources.SetRules(DirectoryAccessRule.Allow("C:\\StaticResources\\"), UrlAccessRule.Allow("http://mysite.dev"));
// Allow JSON data load only from the "http://mysite.dev" URL
// Prohibit Excel data load (Excel data load from URLs is not supported)
DevExpress.Security.Resources.AccessSettings.DataResources.SetRules(UrlAccessRule.Allow("http://mysite.dev"), DirectoryAccessRule.Deny());
// Allow style sheets to be loaded only from the "C:\\StaticResources\\" file directory
// Deny CodeDOM report layout serialization format
DevExpress.Security.Resources.AccessSettings.ReportingSpecificResources.SetRules(DirectoryAccessRule.Allow("C:\\StaticResources\\"), SerializationFormatRule.Deny(SerializationFormat.CodeDom));