Skip to main content
BuyLog In
XAF: Cross-Platform .NET App UI & Web API
Search in…
Docs > Data Security and Safety > Security (Access Control & Authentication) > Authentication
A newer version of this page is available. .
All docs
V21.2
.NET Framework 4.5.2+
Cross-Platform .NET App UI (XAF)
Getting Started
Installation, Upgrade, Version History
Application Shell and Base Infrastructure
Storage, ORM, and Business Model Design
Data Manipulation and Business Logic
User Interface and Behavior Customization
Data Filtering
Data Security and Safety
Security (Access Control & Authentication)
Passwords in the Security System
Client-Side Security (2-Tier Architecture)
Authentication
Use Active Directory and OAuth2 Authentication Providers in ASP.NET Core Blazor Applications
OAuth2 Authentication Providers in ASP.NET Web Forms Applications
Predefined Users, Roles and Permissions
Middle Tier Security (XPO Only)
Security Permissions Caching
Permissions for Associated Objects
Merging of Permissions Defined in Different Roles
Permission Policy
Customize the Logon Window
Use the Security (Access Control & Authentication) API in Non-XAF Applications - Free Offer
Task-Based Help
Audit Trail (History of Data Changes)
Backend Web API Service (CTP)
Validation (Prevent Data Errors)
Conditional Appearance (Manage State of UI Elements)
Reporting (Shape, Export & Print Data)
Analytics (Extract Data Insights)
Document Management
Business Process Management
Event Planning
Localization
Debugging, Testing and Error Handling
Deployment
Support, QA & Troubleshooting
API Reference
Download CHM

Authentication

  • 3 minutes to read

This topic describes authentication approaches you can use with the Security System.

Active Directory Authentication

To add security support, start the Application Designer and drop the SecurityStrategyComplex component from the Visual Studio Toolbox to the designer’s Security pane.

Security_UseSecurityStrategyComplex

In this topic, we will start by using the Active Directory authentication. By default, the Security System automatically creates an administrative user for your current Windows account when this authentication type is in use. An XAF application does not store passwords and identity checks are performed by Windows. User names are obtained via the WindowsIdentity object, and look like COMPUTERNAME\UserName or DOMAINNAME\UserName. To enable Active Directory authentication, drop the AuthenticationActiveDirectory component to the designer near the SecurityStrategyComplex.

If you use Entity Framework, add built-in security entities to your DbContext (a reference to the DevExpress.ExpressApp.Security.v21.2.dll assembly is required), and set the SecurityStrategy.UserType and SecurityStrategyComplex.RoleType properties to PermissionPolicyUser and PermissionPolicyRole, respectively. This step is not required for XPO.

using DevExpress.Persistent.BaseImpl.EF.PermissionPolicy;
// ...
public DbSet<PermissionPolicyRole> Roles { get; set; }
public DbSet<PermissionPolicyUser> Users { get; set; }
public DbSet<PermissionPolicyTypePermissionObject> TypePermissionObjects { get; set; }

Security_EF

Run the application to see that User and Role items are now added to the navigation, a user is created for your current Windows account and an Administrator role is associated with it. By default, an account is added automatically for each new user who runs the application (this behavior is convenient while debugging). In a production environment, you can disable autocreation by setting the AuthenticationActiveDirectory.CreateUserAutomatically option to false.

AuthenticationActiveDirectory_CreateUserAutomatically

Note

For deeper customization, you can handle the AuthenticationActiveDirectory.CustomCreateUser event. For instance, you can automatically create restricted accounts associated with a certain default role.

Active Directory and OAuth2 Authentication

You can extend your ASP.NET Core Blazor application with external authentication methods such as Windows Authentication and OAuth providers (Google, Azure, and GitHub). For more information, refer to the following help topic: How to: Use Active Directory and OAuth2 Authentication Providers in ASP.NET Core Blazor Applications.

Standard Authentication

Another out-of-the box authentication type is AuthenticationStandard. It assumes that an internal XAF authentication is used, and user credentials are kept in the application’s database. To apply this authentication type, drag the corresponding item from the toolbox.

Tutorial_SS_Lesson2_0_1

With Standard Authentication, the logon process is interactive and users are asked to provide credentials at startup. You will be required to create predefined roles and users manually in this instance.

Note

You can also implement a custom authentication process. Refer to the How to: Use Custom Logon Parameters and Authentication to see an example.

Custom Authentication

The following examples demonstrate the custom authentication implementations.