Skip to main content
BuyLog In
XAF: Cross-Platform .NET App UI & Web API
Search in…
Docs > Application Security and Data Safety > Security (Access Control & Authentication) > ORM Object Model, Policy Configuration and Storage > Roles and Permission Policy > Security Permissions Caching
All docs
V23.2
.NET 6.0+
XAF: Cross-Platform .NET App UI & Web API
Getting Started
Installation, Upgrade, Version History
Backend Web API Service
UI Shell and Base Infrastructure
Storage, ORM, and Business Model Design
Data Manipulation and Business Logic
User Interface and Behavior Customization
Data Filtering
Application Security and Data Safety
Security (Access Control & Authentication)
Security Tiers
User Logon and Authentication
ORM Object Model, Policy Configuration and Storage
Type, Object and Member Permissions
Create Predefined Users, Roles and Permissions in the Database
Change the Current User Role in Code
Roles and Permission Policy
Merging of Permissions Defined in Different Roles
Permissions for Associated Objects
Manually Configure Permissions for Associated Collections and Reference Properties
Security Permissions Caching
Assign the Same Permissions for All Users of an Active Directory Group
Implement Custom User, Role and Permission Objects
Authorization and Data Protection
Non-XAF UI Scenarios
Security Considerations
Audit Trail (History of Data Changes)
Multi-Tenancy (Data per Tenant)
Validation (Prevent Data Errors)
Conditional Appearance (Manage State of UI Elements)
Reporting (Shape, Export & Print Data)
Analytics (Extract Data Insights)
Document Management
Business Process Management
Event Planning
Localization
Accessibility Support
Debugging, Testing and Error Handling
Deployment
Support, QA & Troubleshooting
API Reference
Download CHM

Security Permissions Caching

  • 3 minutes to read

This topic describes how to specify the way an application with SecurityStrategyComplex caches permissions.

General Information

The Security System uses Security Adapters to process and cache security permission requests. Each Security Adapter has the corresponding Security Adapter Provider used internally to register the Adapter. The following assemblies contain platform-dependent Adapters and their Providers:

Platform

Assembly

XPO

DevExpress.ExpressApp.Security.Xpo.v23.2.dll

Entity Framework Core

DevExpress.EntityFrameworkCore.Security.v23.2.dll

These assemblies contain the RegisterXPOAdapterProviders, RegisterEFAdapterProviders, and RegisterEFCoreAdapterProviders methods that extend the SecurityStrategy class. Use these methods to enable/disable Security Adapters instead of accessing them directly.

Note

You do not need to call the RegisterEFCoreAdapterProviders method because SecuredEFCoreObjectSpaceProvider<TDbContext> calls this method automatically.

Enable the Security Adapter

The Solution Wizard adds the following platform-dependent code to enable the Security Adapter in new XAF projects.

WinForms Applications

.NET 6+

Call Register***AdapterProviders in the application’s builder.

public class ApplicationBuilder : IDesignTimeApplicationFactory {
    public static WinApplication BuildApplication(string connectionString) {
        var builder = WinApplication.CreateBuilder();
        // ...
        builder.Security
            .UseIntegratedMode(options => {
                // ...
                // eXpress Persistent Objects
                options.Events.OnSecurityStrategyCreated += securityStrategy => {
                    ((SecurityStrategy)securityStrategy).RegisterXPOAdapterProviders();
                };
            })
        // ...
    }
}

.NET Framework

Call Register***AdapterProviders in the application’s Main method after WinApplication instance creation, but before the WinApplication.Start method call.

using DevExpress.ExpressApp.Security;
// ...
public class Program {
    [STAThread]
    public static void Main(string[] arguments) {
        // ...
        MainDemoWinApplication winApplication = new MainDemoWinApplication();
        // eXpress Persistent Objects
        winApplication.GetSecurityStrategy().RegisterXPOAdapterProviders(); 
        // ...
        winApplication.Start();
    }
}

ASP.NET Web Forms Applications

Call Register***AdapterProviders in the application’s Session_Start method after the WebApplication.SetInstance method call, but before WebApplication.Start.

using DevExpress.ExpressApp.Security;
// ...
public class Global : System.Web.HttpApplication {
    // ...
    protected void Session_Start(object sender, EventArgs e) {
        // ...
        WebApplication.SetInstance(Session, new MainDemoWebApplication());
        WebApplication webApplication = WebApplication.Instance;
        // eXpress Persistent Objects
        webApplication.GetSecurityStrategy().RegisterXPOAdapterProviders();
        // ...
        webApplication.Start();
    }
}

ASP.NET Core Blazor Applications

Call Register***AdapterProviders in the Startup.ConfigureServices method.

public class Startup {
    public void ConfigureServices(IServiceCollection services) {
        // ...
        services.AddXaf(Configuration, builder => {
            // ...
            builder.Security
                .UseIntegratedMode(options => {
                    // ...
                    // eXpress Persistent Objects
                    options.Events.OnSecurityStrategyCreated += securityStrategy => {
                        ((SecurityStrategy)securityStrategy).RegisterXPOAdapterProviders();

                    };
                })
        });
    }

    // ...
}

Set the Permissions Reload Mode

To specify how Security Adapters reload security permissions, set the SecurityStrategyComplex‘s PermissionsReloadMode property to a PermissionsReloadMode enumeration value. The default mode is NoCache. In this mode, the cache is created for each Session (in XPO) and DBContext (in EF Core).

Switch to the CacheOnFirstAccess mode to eagerly load permissions from the database in a single SQL query and cache them when secured data is accessed for the first time. The application then uses the cached permissions until a user logs out.

This mode allows you to reduce the number of database requests in an application that works with secured data.

Limitations

The XAF Web API Service and Middle Tier Security are stateless and do not support security permission caching. Under these setups, the SecurityStrategy.PermissionsReloadMode property set to PermissionsReloadMode.CacheOnFirstAccess has no effect.