Security Permissions Caching

  • 3 minutes to read

This topic describes how to specify the way an application with SecurityStrategyComplex caches permissions.

General Information

The Security System uses Security Adapters to process and cache security permission requests. Each Security Adapter has the corresponding Security Adapter Provider used internally to register the Adapter. The following assemblies contain platform-dependent Adapters and their Providers.

Platform

Assembly

XPO

DevExpress.ExpressApp.Security.Xpo.v20.2.dll

Entity Framework 6

DevExpress.ExpressApp.Security.EF.v20.2.dll

Entity Framework Core

DevExpress.EntityFrameworkCore.Security.v20.2.dll

These assemblies contain the RegisterXPOAdapterProviders, RegisterEFAdapterProviders, and RegisterEFCoreAdapterProviders methods that extend the SecurityStrategy class. Use these methods to enable/disable Security Adapters instead of accessing them directly.

NOTE

You do not need to call the RegisterEFCoreAdapterProviders method because the SecuredEFCoreObjectSpaceProvider calls this method automatically.

Enable the Security Adapter

The Solution Wizard adds the following platform-dependent code to enable the Security Adapter in new XAF projects.

WinForms Applications

Register***AdapterProviders is called in the application's Main method after WinApplication instance creation but before the WinApplication.Start method call.

using DevExpress.ExpressApp.Security;
// ...
public class Program {
    [STAThread]
    public static void Main(string[] arguments) {
        // ...
        MainDemoWinApplication winApplication = new MainDemoWinApplication();
        // eXpress Persistent Objects
        winApplication.GetSecurityStrategy().RegisterXPOAdapterProviders(); 
        // Entity Framework 6
        winApplication.GetSecurityStrategy().RegisterEFAdapterProviders();
        // ...
        winApplication.Start();
    }
} 

ASP.NET Applications

Register***AdapterProviders is called in the application's Session_Start method after the WebApplication.SetInstance method call but before WebApplication.Start.

using DevExpress.ExpressApp.Security;
// ...
public class Global : System.Web.HttpApplication {
    // ...
    protected void Session_Start(object sender, EventArgs e) {
        // ...
        WebApplication.SetInstance(Session, new MainDemoWebApplication());
        WebApplication webApplication = WebApplication.Instance;
        // eXpress Persistent Objects
        webApplication.GetSecurityStrategy().RegisterXPOAdapterProviders();
        // Entity Framework 6
        webApplication.GetSecurityStrategy().RegisterEFAdapterProviders();
        // ...
        webApplication.Start();
    }
}

Blazor Applications

Register***AdapterProviders is called in the Startup.ConfigureServices method, in the delegate configureOptions parameter of the AddXafSecurity method.

using DevExpress.ExpressApp.Security;
// ...
public class Startup {
    // ...
    public void ConfigureServices(IServiceCollection services) {
        // ...
        services.AddXafSecurity(options => {
            // ... 
            // eXpress Persistent Objects
            options.Events.OnSecurityStrategyCreated = securityStrategy => 
                ((SecurityStrategy)securityStrategy).RegisterXPOAdapterProviders();
            // Entity Framework Core
            options.Events.OnSecurityStrategyCreated = securityStrategy => 
                ((SecurityStrategy)securityStrategy).RegisterEFCoreAdapterProviders();
            // ...
        });
        // ...
    }
    // ...
}

Set the Permissions Reload Mode

To specify how Security Adapters reload security permissions, set the SecurityStrategyComplex's PermissionsReloadMode property to a PermissionsReloadMode enumeration value. The default mode is NoCache. In this mode, the cache is created for each Session (in XPO) and DBContext (in EF 6 and EF Core). Switch to the CacheOnFirstAccess mode to load and cache permissions when secured data is accessed for the first time and use these permissions until a user logs off. This mode allows you to reduce the number of database requests when working with secured data.