This topic demonstrates the code that can be generated automatically by the Solution Wizard. Proceed, if you want to implement the demonstrated functionality in the existing XAF solution. If you are creating a new XAF solution, use the wizard instead.
The XafApplication class descendant that is added to the application project template overrides the CreateDefaultObjectSpaceProvider method. Edit WinApplication.cs (WinApplication.vb), WebApplication.cs (WebApplication.vb) and MobileApplication.cs (MobileApplication.vb) files and modify the CreateDefaultObjectSpaceProvider method code in the following manner:
The SecuredObjectSpaceProvider creates secured Object Spaces that respect security permissions and filter out protected data.
You cannot modify protected data in code when the SecuredObjectSpaceProvider is used. To modify certain business objects in code, instantiate an XPObjectSpaceProvider object and pass the connection string to the constructor. Then, call the XPObjectSpaceProvider.CreateObjectSpace method to create an IObjectSpace object. Use methods of the created Object Space to access data bypassing the security.
Although the secured data is now filtered, the database is still exposed to a client workstation. An end-user can see the connection string in the application's configuration file and can use it to directly access the database tables, bypassing the security engine implemented within your application. To further enhance the security, you can inject a Middle Tier application server between your application and the database server. Proceed to the Middle Tier Security - WCF Service topic to learn how to do this.
The following combination of features is not supported when used together.
In this configuration, your application loads information on custom persistent fields from the database and then updates the database schema. However, a thread-safe data layer does not support altering the data model after the database connection is established.