Skip to main content
BuyLog In
XAF: Cross-Platform .NET App UI & Web API
Search in…
Docs > Task-Based Help > Security > How to: Use the Integrated Mode of the Security System in Non-XAF Applications
A newer version of this page is available. .
All docs
V19.2
.NET Framework 4.5.2+
eXpressApp Framework
Fundamentals
Getting Started
Concepts
Design-Time Features
Deployment
Task-Based Help
Business Model Design
Application Model
Actions
Navigation
Views
List Editors
Property Editors
Templates
Filtering
Reporting
Dashboards
Office
Scheduler and Notifications
Maps Module
Security
How to: Assign the Same Permissions for All Users of an Active Directory Group
How to: Call Direct SQL Queries in Integrated Mode or through the Middle Tier Application Server
How to: Change the Client-Side Security Mode from UI Level to Integrated in XPO applications
How to: Connect to the WCF Application Server from Non-XAF Applications
How to: Get the Current User in Code
How to: Hide the 'Protected Content' Columns in a List View and Property Editors in a Detail View
How to: Implement a Custom Security Operation that Can be Permitted at the Type Level
How to: Implement a Custom Security System User Based on an Existing Business Class
How to: Implement Custom Security Objects (Users, Roles, Operation Permissions)
How to: Manually Configure Permissions for Associated Collections and Reference Properties
How to: Show a List of Users Allowed to Read an Object
How to: Use Custom Logon Parameters and Authentication
How to: Use the Integrated Mode of the Security System in Non-XAF Applications
Workflow
Localization
Testing
Miscellaneous UI Customizations
Frequently Asked Questions (FAQ)
API Reference
Download CHM

How to: Use the Integrated Mode of the Security System in Non-XAF Applications

  • 4 minutes to read

This topic demonstrates how to access data protected by the Security System (Integrated Mode) from a console application.

Note

A complete sample project is available at https://github.com/DevExpress-Examples/XAF_Security_E4908.

Refer to the following tutorials for more .NET Framework and .NET Core examples:

Prerequisites

  1. You have an XAF solution (for example, XafSolution) with the platform-agnostic module and WinForms or ASP.NET application projects.
  2. This solution uses XPO as an ORM system.
  3. The WinForms or ASP.NET application uses the Integrated Mode of the Security System and Standard authentication.
  4. There is an active user with the “User” name and an empty password.
  5. Business objects are defined in the XafSolution.Module project (for example, Employee and Department).
  6. A database (XafSolution) is generated for these business objects.

Create and Configure a Non-XAF Application

  1. Create a console application.

  2. Add the following code to the application’s configuration file (App.config) to set a connection string.

    <?xml version="1.0" encoding="utf-8" ?>
<configuration>
  <connectionStrings>
    <add name="ConnectionString" connectionString="Data Source=DBSERVER;Initial Catalog=XafSolution;Integrated Security=True"/>
  </connectionStrings>
  <!-- ... -->
</configuration>

    Replace DBSERVER with a database server name or its IP address. For example, use localhost or (local) for a local database server.

  3. Reference the following assemblies:

    • XafSolution.Module.dll
    • System.Configuration.dll
    • DevExpress.ExpressApp.v19.2.dll
    • DevExpress.ExpressApp.Security.v19.2.dll
    • DevExpress.ExpressApp.Security.Xpo.v19.2.dll
    • DevExpress.ExpressApp.Xpo.v19.2.dll
    • DevExpress.Persistent.BaseImpl.v19.2.dll

Access Secured Data

Perform the following steps in the console application’s Program.cs (Program.vb) file.

  1. Initialize the Types Info System and use the RegisterEntity(Type) method to register the business objects that should be accessible in this application. 

    using DevExpress.ExpressApp;
using DevExpress.ExpressApp.Xpo;
using DevExpress.Persistent.BaseImpl.PermissionPolicy;
using XafSolution.Module.BusinessObjects;
//...
static void Main(string[] args) {
    RegisterEntities();
    // ...
}
private static void RegisterEntities()        {
    XpoTypesInfoHelper.GetXpoTypeInfoSource();
    XafTypesInfo.Instance.RegisterEntity(typeof(Employee));
    XafTypesInfo.Instance.RegisterEntity(typeof(Department));
    XafTypesInfo.Instance.RegisterEntity(typeof(PermissionPolicyUser));
    XafTypesInfo.Instance.RegisterEntity(typeof(PermissionPolicyRole));
}

  2. Initialize the Security System.

    using DevExpress.ExpressApp.Security;
// ...
AuthenticationStandard authentication = new AuthenticationStandard();
SecurityStrategyComplex security = new SecurityStrategyComplex(typeof(PermissionPolicyUser), typeof(PermissionPolicyRole), authentication);
security.RegisterXPOAdapterProviders();

  3. Create the SecuredObjectSpaceProvider object. It allows you to logon and create SecuredObjectSpace to access secured data.

    using System.Configuration;
using DevExpress.ExpressApp.Security.ClientServer;
// ...
string connectionString = ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString;
SecuredObjectSpaceProvider objectSpaceProvider = new SecuredObjectSpaceProvider(security, connectionString, null);

  4. Perform a logon. 

    string userName = "User";
string password = string.Empty;
authentication.SetLogonParameters(new AuthenticationStandardLogonParameters(userName, password));
IObjectSpace loginObjectSpace = objectSpaceProvider.CreateObjectSpace();
security.Logon(loginObjectSpace);

  5. Create the SecuredObjectSpace object to operate with secured data.

    using System.Text;
// ...
StringBuilder stringBuilder = new StringBuilder();
stringBuilder.Append("List of the 'Employee' objects:\n");
using(IObjectSpace securedObjectSpace = objectSpaceProvider.CreateObjectSpace()) {
    foreach(Employee employee in securedObjectSpace.GetObjects<Employee>()) {
        stringBuilder.Append(string.Format("Full name: {0}\n", employee.FullName));
        if(security.IsGranted(new PermissionRequest(securedObjectSpace, typeof(Employee), SecurityOperations.Read, employee, "Department"))) {
            stringBuilder.Append(string.Format("Department: {0}\n", employee.Department.Title));
        }
        else {
            stringBuilder.Append("Department: [Protected content]\n");
        }
    } 
}

    If a user was not allowed to read a property, the Secured Object Space returns the property default value. Use the IsGranted(IPermissionRequest) method to display the “Protected content” placeholder instead of this value.

Important

Ensure that the static EnableRfc2898 and SupportLegacySha512 properties in your non-XAF application have the same values as those in the XAF application where the password was set. Otherwise, you will not be able to log in.

See Also