Get the Current User in Code
- 4 minutes to read
An application’s functionality may depend on the user who is currently logged on. So, you may need to get the user name, user ID, or the entire user object. This topic describes how to access the current user information in popular use case scenarios.
In .NET 6+ Applications
The following help topics describe how to use Dependency Injection to access an object that stores the current user information:
- Access Object Space, Security System, Caption Helper, and XAF Modules in the ASP.NET Core Environment
- Access Object Space, Security System, and Caption Helper in Custom Endpoint Methods
In .NET Framework Applications
In .NET Framework Applications, you can use the following static properties exposed by the SecuritySystem class to access the current user information:
- SecuritySystem.CurrentUserName
- SecuritySystem.CurrentUserId
- SecuritySystem.UserType
- SecuritySystem.CurrentUser
Note
ASP.NET 6+ classes (MVC controllers, Razor components) and Web API controllers cannot use these static properties.
Access Current User in Criteria
When you are required to use the current user in a filter criteria, use the CurrentUserId
function criteria operator.
Initialize the Object Owner
EF Core
To assign a current user reference to the Owner
property of your business class, implement the IXafEntityObject and IObjectSpaceLink interfaces in this class and implement the IXafEntityObject.OnCreated method in the following manner:
using DevExpress.ExpressApp.Security;
// ...
public class TestClass : IXafEntityObject, IObjectSpaceLink {
public virtual ApplicationUser? Owner { get; set; }
void IXafEntityObject.OnCreated() {
Owner = ObjectSpace.GetObjectByKey<ApplicationUser>(
ObjectSpace.ServiceProvider.GetRequiredService<ISecurityStrategyBase>().UserId);
}
// ...
}
Alternatively, you can inherit your business class from the DevExpress.Persistent.BaseImpl.EF.BaseObject and override its OnCreated
method:
using DevExpress.ExpressApp.Security;
// ...
public class TestClass : BaseObject {
public virtual ApplicationUser? Owner { get; set; }
public override void OnCreated() {
Owner = ObjectSpace.GetObjectByKey<ApplicationUser>(
ObjectSpace.ServiceProvider.GetRequiredService<ISecurityStrategyBase>().UserId);
}
// ...
}
Note
The complete example is available in the IXafEntityObject interface description.
XPO
When using XPO, you can also override the BaseObject.AfterConstruction method as follows:
public class TestClass : BaseObject {
ApplicationUser? owner;
public ApplicationUser? Owner {
get => owner;
set => SetPropertyValue(nameof(Owner), ref owner, value);
}
public override void AfterConstruction() {
base.AfterConstruction();
Owner = Session.GetObjectByKey<ApplicationUser>(
Session.ServiceProvider.GetRequiredService<ISecurityStrategyBase>().UserId);
}
// ...
}
Check Security Permissions in Code
The following help topic describes how to check if a user has a specific role or has permission to perform a specific operation: Determine if the Current User Has Specific Permissions.
Configure Permissions Based on the Object Owner
To grant access to objects that are owned by the current user and prohibit access to other objects, implement the Owner
property as demonstrated above, and configure the security permissions as follows:
- Add a Type Permission for the object type you wish to filter and set its
ReadState
property toDeny
or leave it empty if the role’s Permission Policy isDenyAllByDefault
. - Add an Object Permission to this Type Permission, and set its
ReadState
property toAllow
and theCriteria
property toOwner.Oid = CurrentUserId()
.
userRole.AddObjectPermission<Note>(SecurityOperations.Read, "Owner.Oid = CurrentUserId()", SecurityPermissionState.Allow);
// or
userRole.AddObjectPermissionFromLambda<Note>(SecurityOperations.Read, n => n.Owner.Oid == (Guid)CurrentUserIdOperator.CurrentUserId(), SecurityPermissionState.Allow);