Skip to main content

AccessSettings Class

Allows you to restrict external resource locations for security reasons.

Namespace: DevExpress.Security.Resources

Assembly: DevExpress.Data.v24.1.dll

NuGet Package: DevExpress.Data

Declaration

public class AccessSettings

The following members return AccessSettings objects:

Remarks

The following image illustrates how to use the AccessSettings class to allow or restrict certain resource locations:

AccessSettings

The table below gives a brief overview of all the API and provides links for more information.

StaticResources

A static property that allows you to specify access settings for images.

DataResources

A static property that allows you to specify access settings for data resources (JSON, Extract, and Excel data sources).

ReportingSpecificResources

A static property that allows you to specify access settings for report style sheets and serialization formats.

SetRules(IAccessRule[])

TrySetRules(IAccessRule[])

Register resource access rules.

DirectoryAccessRule.Allow

A static method that allows access to all or only specified directories.

DirectoryAccessRule.Deny()

A static method that denies access to all or only specified directories.

UrlAccessRule.Allow()

A static method that allows access to all or only specified URLs.

UrlAccessRule.Deny()

A static method that denies access to all or only specified URLs.

You can also create a CustomAccessRule to implement custom logic when a URI is checked.

You can call the SetRules(IAccessRule[]) method only once during a single application run. Subsequent calls raise an exception. This ensures that rules cannot be overridden once specified. Alternatively, use the TrySetRules(IAccessRule[]) method. It does not raise an exception, but returns false.

If no access rules are registered, resources can be loaded from any location.

Examples

// Allow images to be loaded only from the "C:\\StaticResources\\" file directory and "http://mysite.dev" site
DevExpress.Security.Resources.AccessSettings.StaticResources.SetRules(DirectoryAccessRule.Allow("C:\\StaticResources\\"), UrlAccessRule.Allow("http://mysite.dev"));
// Allow JSON data load only from the "http://mysite.dev" URL
// Prohibit Excel data load (Excel data load from URLs is not supported)
DevExpress.Security.Resources.AccessSettings.DataResources.SetRules(UrlAccessRule.Allow("http://mysite.dev"), DirectoryAccessRule.Deny());
// Allow style sheets to be loaded only from the "C:\\StaticResources\\" file directory
// Deny CodeDOM report layout serialization format
DevExpress.Security.Resources.AccessSettings.ReportingSpecificResources.SetRules(DirectoryAccessRule.Allow("C:\\StaticResources\\"), SerializationFormatRule.Deny(SerializationFormat.CodeDom));

Inheritance

Object
AccessSettings
See Also