Skip to main content
.NET 8.0+

Security Permissions Caching

  • 3 minutes to read

This topic describes how to specify the way an application with SecurityStrategyComplex caches permissions.

General Information

The Security System uses Security Adapters to process and cache security permission requests. Each Security Adapter has the corresponding Security Adapter Provider used internally to register the Adapter. The following assemblies contain platform-dependent Adapters and their Providers:

Platform

Assembly

XPO

DevExpress.ExpressApp.Security.Xpo.v24.2.dll

Entity Framework Core

DevExpress.EntityFrameworkCore.Security.v24.2.dll

These assemblies contain the RegisterXPOAdapterProviders, RegisterEFAdapterProviders, and RegisterEFCoreAdapterProviders methods that extend the SecurityStrategy class. Use these methods to enable/disable Security Adapters instead of accessing them directly.

Note

You do not need to call the RegisterEFCoreAdapterProviders method because SecuredEFCoreObjectSpaceProvider<TDbContext> calls this method automatically.

Enable the Security Adapter

The Solution Wizard adds the following platform-dependent code to enable the Security Adapter in new XAF projects.

WinForms Applications

.NET

Call Register***AdapterProviders in the application’s builder.

public class ApplicationBuilder : IDesignTimeApplicationFactory {
    public static WinApplication BuildApplication(string connectionString) {
        var builder = WinApplication.CreateBuilder();
        // ...
        builder.Security
            .UseIntegratedMode(options => {
                // ...
                // XPO
                options.Events.OnSecurityStrategyCreated += securityStrategy => {
                    ((SecurityStrategy)securityStrategy).RegisterXPOAdapterProviders();
                };
            })
        // ...
    }
}

.NET Framework

Call Register***AdapterProviders in the application’s Main method after WinApplication instance creation, but before the WinApplication.Start method call.

using DevExpress.ExpressApp.Security;
// ...
public class Program {
    [STAThread]
    public static void Main(string[] arguments) {
        // ...
        MainDemoWinApplication winApplication = new MainDemoWinApplication();
        // XPO
        winApplication.GetSecurityStrategy().RegisterXPOAdapterProviders(); 
        // ...
        winApplication.Start();
    }
} 

ASP.NET Web Forms Applications

Call Register***AdapterProviders in the application’s Session_Start method after the WebApplication.SetInstance method call, but before WebApplication.Start.

using DevExpress.ExpressApp.Security;
// ...
public class Global : System.Web.HttpApplication {
    // ...
    protected void Session_Start(object sender, EventArgs e) {
        // ...
        WebApplication.SetInstance(Session, new MainDemoWebApplication());
        WebApplication webApplication = WebApplication.Instance;
        // XPO
        webApplication.GetSecurityStrategy().RegisterXPOAdapterProviders();
        // ...
        webApplication.Start();
    }
}

ASP.NET Core Blazor Applications

Call Register***AdapterProviders in the Startup.ConfigureServices method.

public class Startup {
    public void ConfigureServices(IServiceCollection services) {
        // ...
        services.AddXaf(Configuration, builder => {
            // ...
            builder.Security
                .UseIntegratedMode(options => {
                    // ...
                    // XPO
                    options.Events.OnSecurityStrategyCreated += securityStrategy => {
                        ((SecurityStrategy)securityStrategy).RegisterXPOAdapterProviders();

                    };
                })
        });
    }

    // ...
}

Set the Permissions Reload Mode

To specify how Security Adapters reload security permissions, set the SecurityStrategyComplex‘s PermissionsReloadMode property to a PermissionsReloadMode enumeration value. The default mode is NoCache. In this mode, the cache is created for each Session (in XPO) and DBContext (in EF Core).

Switch to the CacheOnFirstAccess mode to eagerly load permissions from the database in a single SQL query and cache them when secured data is accessed for the first time. The application then uses the cached permissions until a user logs out.

This mode allows you to reduce the number of database requests in an application that works with secured data.

Limitations

The XAF Web API Service is stateless and does not support security permission caching. Under this setup, the SecurityStrategy.PermissionsReloadMode property set to PermissionsReloadMode.CacheOnFirstAccess has no effect.