Skip to main content
A newer version of this page is available. .

How to: Use the Integrated Mode of the Security System in Non-XAF Applications

  • 2 minutes to read

This topic demonstrates the code that you can use in any non-XAF application to access data protected by the Security System.

  1. Initialize the Types Info system and register the business objects that you will access from your code.

    using DevExpress.ExpressApp;
    using DevExpress.Persistent.BaseImpl.PermissionPolicy;
  2. Create a non-secure Object Space by using an XPObjectSpaceProvider object. This Object Space is required for logon.

    string connectionString =
        "Integrated Security=SSPI;Pooling=false;Data Source=(local);Initial Catalog=MySolution";
    XPObjectSpaceProvider directProvider = new XPObjectSpaceProvider(connectionString, null);
    IObjectSpace directObjectSpace = directProvider.CreateObjectSpace();
  3. Initialize the Security System and perform a logon. The code below demonstrates how to do this as a user named “User” who has an empty password.

    AuthenticationStandard auth = new AuthenticationStandard();
    auth.SetLogonParameters(new AuthenticationStandardLogonParameters("User", ""));
    SecurityStrategyComplex security = new SecurityStrategyComplex(typeof(PermissionPolicyUser), typeof(PermissionPolicyRole), auth);
  4. Create a secure Object Space by using a SecuredObjectSpaceProvider object. This Object Space can be used for secure data access.

    SecuredObjectSpaceProvider osProvider = new SecuredObjectSpaceProvider(security, connectionString, null);
    IObjectSpace securedObjectSpace = osProvider.CreateObjectSpace();
  5. Now you can call the securedObjectSpace Object Space’s methods (e.g., IObjectSpace.GetObjects).

    foreach (Person person in securedObjectSpace.GetObjects<Person>()) {

    Note that only objects that the “User” user is allowed access will be printed with the code above. If you need to ignore security restrictions, use the non-secure directObjectSpace Object Space.

See Also