Skip to main content
BuyLog In
WinForms Controls
Search in…
Docs > Data Access Security
All docs
V24.2
WinForms Controls
.NET Support and Migration
Prerequisites
What's New
What's Installed
Build an Application
Redistribution and Deployment
Controls and Libraries
Icon and Image Library
AI-powered Extensions
Common Features
Security Considerations
Data Access Security
Connect to Secure OData Service
Connect to a Secure Middle Tier API Server
Connect to an Arbitrary API Service
Hybrid & Enterprise Development
UI Templates
Desktop & Web App UI Framework (Powered by EF Core)
Get More Help
API Reference
Download CHM

Data Access Security

  • 3 minutes to read

The architecture of Windows Forms applications has shifted significantly from straightforward two-tier “client/server” models to distributed systems. This shift places new demands on how developers design, secure, and optimize their applications:

  1. Backend and Frontend Separation

    In modern applications, backend and frontend components are often separated into different services. Separating the backend and frontend ensures that sensitive data and business logic are protected. The frontend only communicates with the backend through secure APIs. This minimizes the risk of direct access to the database or sensitive operations. This design also makes it easier to implement authentication and authorization.

  2. Increased Complexity in Data Persistence

    Data storage has expanded beyond traditional relational databases (for example, SQL) to include NoSQL solutions and distributed structures such as Event Sourcing backends. In distributed systems, it is important to implement role-based access control (RBAC) to ensure that only authorized users can access specific data or perform certain operations.

  3. Asynchronous UI Clients (Frontend)

    As modern applications become more distributed, the need for asynchronous UI clients has become increasingly important. The application should remain responsive while waiting for data or performing long-running operations, rather than blocking the user interface and making users wait.

    The async, await, and Task<T> features enable developers to prevent the UI from freezing or becoming unresponsive, which results in a smoother and more intuitive user experience.

Secure Data Access in .NET 8+ WinForms Apps

This section contains an overview of various ways to secure access to data in DevExpress-powered WinForms applications for .NET 8+. The help topics referenced in this section include examples that demonstrate how to securely connect the DevExpress WinForms Data Grid to backend services, including OData services, middle-tier API servers, and arbitrary API services.

Connect to a Secure WebAPI Service (EF Core and OData)

Learn how to establish a secure connection between your WinForms application and an OData service, and activate authentication and authorization for the application using Web API endpoints:

Connect to a Secure OData Service Powered by EF Core

Connect to a Secure Middle Tier API Server

Learn how to use a Middle Tier Server that ships as part of DevExpress XAF (Cross-Platform .NET App UI) to securely communicate with a backend. By using a middle tier server, you can reduce security-related risks associated with direct database connections:

Connect to a Secure Middle Tier API Server

Connect to an Arbitrary .NET Core Service

Learn how to shift database connections away from the desktop app, which allows you to create a cleaner architecture and improve maintainability. The following help topic shows how to connect a WinForms UI client to a general-purpose data service using Entity Framework Core. This service was created using the standard ASP.NET Core WebAPI template with endpoint handlers (without using OData or external security systems):

Connect to an Arbitrary ASP.NET Core WebAPI Service Powered by EF Core

Examples