Skip to main content

AccessSettings Class

Allows you to restrict external resource locations for security reasons.

Namespace: DevExpress.Security.Resources

Assembly: DevExpress.Data.v22.2.dll

NuGet Package: DevExpress.Data

Declaration

public class AccessSettings

The following members return AccessSettings objects:

Remarks

The following image illustrates how to use the AccessSettings class to allow or restrict certain resource locations:

AccessSettings

The table below gives a brief overview of all the API and provides links for more information.

StaticResources

A static property that allows you to specify access settings for images.

DataResources

A static property that allows you to specify access settings for data resources (JSON, Extract, and Excel data sources).

ReportingSpecificResources

A static property that allows you to specify access settings for report style sheets and serialization formats.

SetRules(IAccessRule[])

TrySetRules(IAccessRule[])

Register resource access rules.

DirectoryAccessRule.Allow

A static method that allows access to all or only specified directories.

DirectoryAccessRule.Deny()

A static method that denies access to all or only specified directories.

UrlAccessRule.Allow()

A static method that allows access to all or only specified URLs.

UrlAccessRule.Deny()

A static method that denies access to all or only specified URLs.

You can also create a CustomAccessRule to implement custom logic when a URI is checked.

You can call the SetRules(IAccessRule[]) method only once during a single application run. Subsequent calls raise an exception. This ensures that rules cannot be overridden once specified. Alternatively, use the TrySetRules(IAccessRule[]) method. It does not raise an exception, but returns false.

If no access rules are registered, resources can be loaded from any location.

Examples

// Allow images to be loaded only from the "C:\\StaticResources\\" file directory and "http://mysite.dev" site
DevExpress.Security.Resources.AccessSettings.StaticResources.SetRules(DirectoryAccessRule.Allow("C:\\StaticResources\\"), UrlAccessRule.Allow("http://mysite.dev"));
// Allow JSON data load only from the "http://mysite.dev" URL
// Prohibit Excel data load (Excel data load from URLs is not supported)
DevExpress.Security.Resources.AccessSettings.DataResources.SetRules(UrlAccessRule.Allow("http://mysite.dev"), DirectoryAccessRule.Deny());
// Allow style sheets to be loaded only from the "C:\\StaticResources\\" file directory
// Deny CodeDOM report layout serialization format
DevExpress.Security.Resources.AccessSettings.ReportingSpecificResources.SetRules(DirectoryAccessRule.Allow("C:\\StaticResources\\"), SerializationFormatRule.Deny(SerializationFormat.CodeDom));

The following code snippet (auto-collected from DevExpress Examples) contains a reference to the AccessSettings class.

Note

The algorithm used to collect these code examples remains a work in progress. Accordingly, the links and snippets below may produce inaccurate results. If you encounter an issue with code examples below, please use the feedback form on this page to report the issue.

Inheritance

Object
AccessSettings
See Also