Skip to main content
BuyLog In
eXpressApp Framework
Search in…
Docs > Data Security and Safety > Security (Access Control & Authentication) > Authentication > Get the Current User in Code
All docs
V23.1
.NET Framework 4.5.2+
Cross-Platform .NET App UI (XAF)
Getting Started
Installation, Upgrade, Version History
Backend Web API Service
UI Shell and Base Infrastructure
Storage, ORM, and Business Model Design
Data Manipulation and Business Logic
User Interface and Behavior Customization
Data Filtering
Data Security and Safety
Security (Access Control & Authentication)
Security Tiers
Authentication
Authentication System Architecture (Blazor)
OAuth and Custom Authentication
Passwords in the Security System
Customize the Logon Window
Get the Current User in Code
Predefined Users, Roles and Permissions
Security Permissions Caching
Permissions for Associated Objects
Merging of Permissions Defined in Different Roles
Permission Policy
Use the Security (Access Control & Authentication) API in Non-XAF Applications - Free Offer
Task-Based Help
Audit Trail (History of Data Changes)
Multitenancy Support (CTP)
Validation (Prevent Data Errors)
Conditional Appearance (Manage State of UI Elements)
Reporting (Shape, Export & Print Data)
Analytics (Extract Data Insights)
Document Management
Business Process Management
Event Planning
Localization
Security Consideration
Debugging, Testing and Error Handling
Deployment
Support, QA & Troubleshooting
API Reference
Download CHM

Get the Current User in Code

  • 3 minutes to read

An application’s functionality may depend on the user who is currently logged on. So, you may be required to get the user name, user ID, or the entire user object. For this purpose, the static SecuritySystem class exposes the following properties:

ASP.NET Core classes (MVC controllers, Razor components) and Web API controllers cannot use these static properties. The following help topics describe how to use dependency injections to access an object that stores the current user:

The current user is also available in criteria expressions. In this topic, several popular scenarios of accessing the current user are listed.

Access Current User in Criteria

When you are required to use the current user in a filter criteria, use the CurrentUserId function criteria operator.

Initialize the Object Owner

EF Core

To assign a current user reference to the Owner property of your business class, support the IXafEntityObject and IObjectSpaceLink interfaces in this class and implement the IXafEntityObject.OnCreated method in the following manner:

void IXafEntityObject.OnCreated() {
    Owner = objectSpace.FindObject<ApplicationUser>(CriteriaOperator.Parse("ID=CurrentUserId()"));
}

Alternatively, you can inherit your business class from the DevExpress.Persistent.BaseImpl.EF.BaseObject and override its OnCreated method:

public class TestClass : BaseObject {
    public override void OnCreated() {
        Owner = ObjectSpace.FindObject<ApplicationUser>(CriteriaOperator.Parse("ID=CurrentUserId()"));
    }

Note

The complete example is available in the IXafEntityObject interface description.

XPO

When using XPO, you can also override the BaseObject.AfterConstruction method as follows:

public override void AfterConstruction() {
    base.AfterConstruction();
    Owner = Session.FindObject<ApplicationUser>(CriteriaOperator.Parse("Oid=CurrentUserId()"));
}

Check Security Permissions in Code

The following help topic describes how to check if a user has a specific role or has permission to perform a specific operation: Determine if the Current User Has Specific Permissions.

Configure Permissions Based on the Object Owner

To grant access to objects that are owned by the current user and prohibit access to other objects, implement the Owner property as demonstrated above, and configure the security permissions as follows:

  • Add a Type Permission for the object type you wish to filter and set its ReadState property to Deny or leave it empty if the role’s Permission Policy is DenyAllByDefault.
  • Add an Object Permission to this Type Permission, and set its ReadState property to Allow and the Criteria property to Owner.Oid = CurrentUserId().
userRole.AddObjectPermission<Note>(SecurityOperations.Read, "Owner.Oid = CurrentUserId()", SecurityPermissionState.Allow);
//or
userRole.AddObjectPermissionFromLambda<Note>(SecurityOperations.Read, n => n.Owner.Oid == (Guid)CurrentUserIdOperator.CurrentUserId(), SecurityPermissionState.Allow);
See Also