Skip to main content
BuyLog In
XAF: Cross-Platform .NET App UI & Web API
Search in…
Docs > Concepts > Security System > Security Permissions Caching
A newer version of this page is available. .
All docs
V18.2
eXpressApp Framework
Fundamentals
Getting Started
Concepts
Application Solution Components
Business Model Design
Application Model
UI Construction
Controllers and Actions
Data Manipulation and Business Logic
Security System
Security System Overview
Passwords in the Security System
Client-Side Security (2-Tier Architecture)
Authentication
Predefined Users, Roles and Permissions
Middle Tier Security - WCF Service
Run the Application Server as a Windows Service
Security Permissions Caching
Permissions for Associated Objects
Merging of Permissions Defined in Different Roles
Permission Policies
Customize the Logon Window
Localization
System Module
Extra Modules
Debugging, Testing and Error Handling
Filtering
Application Life Cycle
Design-Time Features
Deployment
Task-Based Help
Frequently Asked Questions (FAQ)
API Reference
Download CHM

Security Permissions Caching

  • 2 minutes to read

Security permission caching is implemented in Security Adapters - classes used by the Security System to process and cache security permission requests. Each Security Adapter has the corresponding Security Adapter Provider class, which is used internally to register the adapter. XPO adapters and their providers are located in the DevExpress.ExpressApp.Security.Xpo.v18.2.dll assembly. The provider and adapter for the Entity Framework are available in the DevExpress.ExpressApp.Security.EF.v18.2.dll assembly. Both these assemblies (XPO and EF) contain the SecurityAdapterHelper class that exposes static methods that enable/disable Security Adapters. So, in your code, you do not need to access Security Adapters directly. This topic describes how to enable and customize caching using the SecurityAdapterHelper class.

Enable Caching in Code

When creating a new XAF project, caching is enabled by the Solution Wizard. The wizard adds the following code line to WinForms, ASP.NET and Mobile applications.

using DevExpress.ExpressApp.Security;
// ...
SecurityAdapterHelper.Enable();

This code is added to the following places depending on an application platform:

  • in the Main method of the WinForms application located in the Program.cs (Program.vb) file, before the WinApplication.Start call;
  • in the Application_Start method of the ASP.NET application located in the Global.asax.cs (Global.asax.vb) file, before the WebApplication.Start call;
  • in the Mobile application constructor located in the MobileApplication.cs (MobileApplication.vb) file.

To enable or customize Security permissions caching in an existing application, use the same code, or use another overload of the Enable method that takes an ReloadPermissionStrategy enumeration value. You can call this static method from any place of your code, which is executed before a user is logged on.

Reload Permission Strategies

Security Adapters support various modes of reloading the security permissions. The available modes are listed in the ReloadPermissionStrategy enumeration. There is an overload of the SecurityAdapterHelper.Enable method that takes the reloadPermissionStrategy parameter - use it to change the mode. By default, the NoCache mode is used. Each Session (in XPO) or DBContext (in Entity Framework) operates with the most recent permissions loaded from the database in this mode. You can use the CacheOnFirstAccess mode instead. Permissions are loaded and cached when the corresponding secured data is accessed for the first time, cached permissions are used until the user is logged off in this mode. This mode allows you to significantly reduce the number of database requests when working with secured data.