Skip to main content
BuyLog In
XAF: Cross-Platform .NET App UI & Web API
Search in…
Docs > Application Security and Data Safety > Security (Access Control & Authentication) > Security Tiers > Middle Tier Security with XPO > Execute Direct SQL Queries in Integrated Mode and with XPO Middle Tier Security
All docs
V25.2
    • XAF: Cross-Platform .NET App UI & Web API
    Migration to .NET from .NET Framework in v25.2+
    Getting Started
    Installation, Upgrade, Version History
    Backend Web API Service
    UI Shell and Base Infrastructure
    Storage, ORM, and Business Model Design
    Data Manipulation and Business Logic
    User Interface and Behavior Customization
    Data Filtering
    Application Security and Data Safety
    Security (Access Control & Authentication)
    Security Tiers
    2-Tier Security (Integrated Mode and UI Level)
    Middle Tier Security with EF Core
    Middle Tier Security with XPO
    Create an Application with the XPO Middle Tier Security
    Add the XPO Middle Tier Server to an Existing WinForms Application
    Run the XPO Application Server as a Windows Service
    Execute Direct SQL Queries in Integrated Mode and with XPO Middle Tier Security
    User Logon and Authentication
    ORM Object Model, Policy Configuration and Storage
    Authorization and Data Protection
    Non-XAF UI Scenarios
    Security Considerations
    Audit Trail (History of Data Changes)
    Multi-Tenancy (Data per Tenant)
    Validation (Prevent Data Errors)
    Conditional Appearance (Manage State of UI Elements)
    Reporting (Shape, Export & Print Data)
    Analytics (Extract Data Insights)
    Document Management
    Business Process Management
    Event Planning
    Localization
    Accessibility Support
    Debugging, Testing and Error Handling
    Deployment
    Support, QA & Troubleshooting
    API Reference
    Download CHM

    Execute Direct SQL Queries in Integrated Mode and with XPO Middle Tier Security

    • 2 minutes to read

    You cannot execute Direct SQL Queries and Stored Procedures in Integrated Mode of the Security System, or when the Middle Tier Application Server is used. The “Transferring requests via ICommandChannel is prohibited within the security engine“ exception occurs when you execute the corresponding methods of the Session.

    Note

    Do not use this approach to handle a database update when the application version changes. Instead, use the protected methods of the ModuleUpdater class.

    Enable Direct SQL Queries

    In Integrated Mode

    To enable direct queries and stored procedure execution in these configurations, set the SecuredXPObjectSpaceProviderOptions.AllowICommandChannelDoWithSecurityContext property to true in application startup code that registers the XPO Object Space Provider:

    File: MySolution.Blazor.Server/Startup.cs., MySolution.Win/Startup.cs, MySolution.WebAPI/Startup.cs

    public void ConfigureServices(IServiceCollection services) {-+
    services.AddXaf(Configuration, builder => {
        // ...
        builder.ObjectSpaceProviders
            .AddSecuredXpo((serviceProvider, options) => {
                string connectionString = null;
                if(Configuration.GetConnectionString("ConnectionString") != null) {
                    connectionString = Configuration.GetConnectionString("ConnectionString");
                }
                ArgumentNullException.ThrowIfNull(connectionString);
                options.ConnectionString = connectionString;
                options.ThreadSafe = true;
                options.UseSharedDataStoreProvider = true;
                options.AllowICommandChannelDoWithSecurityContext = true;
            })
        // ...
    });
    // ...
}

    In the Middle-Tier Server

    To enable direct queries and stored procedure execution, set the AllowICommandChannelDoWithSecurityContext property to true in the Startup.cs file in the Middle Tier Security project as follows:

    File: MySolution.MiddleTier/Startup.cs.

    public void ConfigureServices(IServiceCollection services) {
    // ...
    services.AddXafMiddleTier(Configuration, builder => {
        builder.ConfigureDataServer(options => {
            options.UseConnectionString(Configuration.GetConnectionString("ConnectionString"));
            options.UseDataStorePool(true);
            options.AllowICommandChannelDoWithSecurityContext(true);
        });
        // ...
    });
}

    Run Direct SQL Queries

    After you enable the direct SQL queries, you can access the Object Space, cast it to the XPObjectSpace type, get the Session object using the XPObjectSpace.Session property, and call Session.ExecuteQuery, Session.ExecuteSproc, or other suitable methods.