Security Permissions Caching
- 3 minutes to read
This topic describes how to specify the way an application with SecurityStrategyComplex
caches permissions.
General Information
The Security System uses Security Adapters to process and cache security permission requests. Each Security Adapter has the corresponding Security Adapter Provider used internally to register the Adapter. The following assemblies contain platform-dependent Adapters and their Providers:
Platform | Assembly |
---|---|
XPO | DevExpress.ExpressApp.Security.Xpo.v24.2.dll |
Entity Framework Core | DevExpress.EntityFrameworkCore.Security.v24.2.dll |
These assemblies contain the RegisterXPOAdapterProviders
, RegisterEFAdapterProviders
, and RegisterEFCoreAdapterProviders
methods that extend the SecurityStrategy class. Use these methods to enable/disable Security Adapters instead of accessing them directly.
Note
You do not need to call the RegisterEFCoreAdapterProviders
method because SecuredEFCoreObjectSpaceProvider<TDbContext> calls this method automatically.
Enable the Security Adapter
The Solution Wizard adds the following platform-dependent code to enable the Security Adapter in new XAF projects.
WinForms Applications
.NET
Call Register***AdapterProviders
in the application’s builder.
public class ApplicationBuilder : IDesignTimeApplicationFactory {
public static WinApplication BuildApplication(string connectionString) {
var builder = WinApplication.CreateBuilder();
// ...
builder.Security
.UseIntegratedMode(options => {
// ...
// XPO
options.Events.OnSecurityStrategyCreated += securityStrategy => {
((SecurityStrategy)securityStrategy).RegisterXPOAdapterProviders();
};
})
// ...
}
}
.NET Framework
Call Register***AdapterProviders
in the application’s Main
method after WinApplication instance creation, but before the WinApplication.Start method call.
using DevExpress.ExpressApp.Security;
// ...
public class Program {
[STAThread]
public static void Main(string[] arguments) {
// ...
MainDemoWinApplication winApplication = new MainDemoWinApplication();
// XPO
winApplication.GetSecurityStrategy().RegisterXPOAdapterProviders();
// ...
winApplication.Start();
}
}
ASP.NET Web Forms Applications
Call Register***AdapterProviders
in the application’s Session_Start
method after the WebApplication.SetInstance method call, but before WebApplication.Start.
using DevExpress.ExpressApp.Security;
// ...
public class Global : System.Web.HttpApplication {
// ...
protected void Session_Start(object sender, EventArgs e) {
// ...
WebApplication.SetInstance(Session, new MainDemoWebApplication());
WebApplication webApplication = WebApplication.Instance;
// XPO
webApplication.GetSecurityStrategy().RegisterXPOAdapterProviders();
// ...
webApplication.Start();
}
}
ASP.NET Core Blazor Applications
Call Register***AdapterProviders
in the Startup.ConfigureServices
method.
public class Startup {
public void ConfigureServices(IServiceCollection services) {
// ...
services.AddXaf(Configuration, builder => {
// ...
builder.Security
.UseIntegratedMode(options => {
// ...
// XPO
options.Events.OnSecurityStrategyCreated += securityStrategy => {
((SecurityStrategy)securityStrategy).RegisterXPOAdapterProviders();
};
})
});
}
// ...
}
Set the Permissions Reload Mode
To specify how Security Adapters reload security permissions, set the SecurityStrategyComplex
‘s PermissionsReloadMode property to a PermissionsReloadMode enumeration value. The default mode is NoCache
. In this mode, the cache is created for each Session (in XPO) and DBContext (in EF Core).
Switch to the CacheOnFirstAccess mode to eagerly load permissions from the database in a single SQL query and cache them when secured data is accessed for the first time. The application then uses the cached permissions until a user logs out.
This mode allows you to reduce the number of database requests in an application that works with secured data.
Limitations
The XAF Web API Service is stateless and does not support security permission caching. Under this setup, the SecurityStrategy.PermissionsReloadMode
property set to PermissionsReloadMode.CacheOnFirstAccess
has no effect.