How to: Use the Integrated Mode of the Security System in Non-XAF Applications
- 2 minutes to read
This topic demonstrates the code that you can use in any non-XAF application to access data protected by the Security System.
Tip
A complete sample project is available in the DevExpress Code Examples database at https://supportcenter.devexpress.com/ticket/details/e4908/net-role-based-access-control-user-authentication-api-for-devexpress-xpo-and-microsoft.
Initialize the Types Info system and register the business objects that you will access from your code.
using DevExpress.ExpressApp; using DevExpress.Persistent.BaseImpl.PermissionPolicy; //... XpoTypesInfoHelper.GetXpoTypeInfoSource(); XafTypesInfo.Instance.RegisterEntity(typeof(Person)); XafTypesInfo.Instance.RegisterEntity(typeof(PermissionPolicyUser)); XafTypesInfo.Instance.RegisterEntity(typeof(PermissionPolicyRole));
Create a non-secure Object Space by using an XPObjectSpaceProvider object. This Object Space is required for logon.
Initialize the Security System and perform a logon. The code below demonstrates how to do this as a user named “User” who has an empty password.
AuthenticationStandard auth = new AuthenticationStandard(); auth.SetLogonParameters(new AuthenticationStandardLogonParameters("User", "")); SecurityStrategyComplex security = new SecurityStrategyComplex(typeof(PermissionPolicyUser), typeof(PermissionPolicyRole), auth); SecuritySystem.SetInstance(security); security.Logon(directObjectSpace);
Create a secure Object Space by using a SecuredObjectSpaceProvider object. This Object Space can be used for secure data access.
Now you can call the securedObjectSpace Object Space’s methods (e.g., IObjectSpace.GetObjects).
foreach (Person person in securedObjectSpace.GetObjects<Person>()) { Console.WriteLine(person.FirstName); }
Note that only objects that the “User” user is allowed access will be printed with the code above. If you need to ignore security restrictions, use the non-secure directObjectSpace Object Space.