Skip to main content
All docs
V24.1

Add the XPO Middle Tier Server to an Existing WinForms Application (.NET)

  • 3 minutes to read

This topic contains step-by-step instructions on how to add a Middle Tier Security project to a WinForms application and use it as the Middle Tier Server.

  1. Use the Solution Wizard to add a Middle Tier project to your application. Right-click the solution in the Solution Explorer and choose Add DevExpress Item | New Project….

    Solution

  2. Select the .NET Core platform and run the XAF Solution Wizard.

    Tutorial launch Wizard

  3. Choose the ASP.NET Core Middle Tier Web API Service option and specify the project name.

    Solution Wizard Add Middle Tier

  4. Select the eXpress Persistent Objects ORM for your application.

    Select ORM

  5. Choose Standard authentication on the Choose Security page. The wizard generates JWT authentication scaffolding code.

    Enable the JWT authentication

    The wizard adds the MySolution.MiddleTier project to the solution.

  6. Install the DevExpress.ExpressApp.Security.Xpo.Extensions.Win NuGet package to the MySolution.Win project.

  7. The Security System requires ApplicationUser and ApplicationUserLoginInfo business objects to store user information. If the MySolution.Module project does not contain these objects, add ApplicationUser and ApplicationUserLoginInfo objects to the MySolution.Module project as described in the following topic: Use the Security System.

  8. If your application is created with DevExpress v21.2 and below, add the following code to the MySolution.Win\Program.cs file:

    File: MySolution.Win\Program.cs

    using System.Net;
    using System.Net.Http.Headers;
    using System.Net.Http;
    using System.Net.Http.Json;
    using DevExpress.ExpressApp.Security.ClientServer;
    // ...
    namespace MySolution.Win {
        static class Program {
            static void Main() {
                // ...
                Tracing.Initialize();
                MySolutionWindowsFormsApplication winApplication = new MySolutionWindowsFormsApplication();
                var httpClient = new HttpClient();
                httpClient.BaseAddress = new Uri("https://localhost:44318/");
                var webApiSecuredClient = new WebApiSecuredDataServerClient(httpClient, winApplication.TypesInfo);
                // The `WebApiMiddleTierClientSecurity` constructor gained an additional parameter of the `IServiceProvider` type in v.22.2.5.
                // Refer to the following breaking change ticket for more information:
                // https://www.devexpress.com/scid=t1156798
                var security = new WebApiMiddleTierClientSecurity(webApiSecuredClient, null) { IsSupportChangePassword = true };
                winApplication.Security = security;
                winApplication.CreateCustomObjectSpaceProvider += (s, e) => {
                    e.ObjectSpaceProviders.Add(new MiddleTierServerObjectSpaceProvider(webApiSecuredClient));
                };
                //...
            }
        }
    }
    
  9. If the MySolution.Win\Program.cs file contains the following autogenerated code, comment it out:

    File: MySolution.Win\Program.cs

    namespace MySolution.Win {
        static class Program {
            [STAThread]
            static void Main() {
                //...
                //winApplication.GetSecurityStrategy().RegisterXPOAdapterProviders();
                //...
    //#if DEBUG
    //              if(System.Diagnostics.Debugger.IsAttached && winApplication.CheckCompatibilityType == CheckCompatibilityType.DatabaseSchema) {
    //                  winApplication.DatabaseUpdateMode = DatabaseUpdateMode.UpdateDatabaseAlways;
    //              }
    //#endif
    

    If your application’s Startup.cs file has code that adds an XPO ObjectSpace provider to the application builder and adds integrated security, remove this code and add the code that initializes the Middle Tier security mode:

    // Remove or comment out this code:
    //builder.ObjectSpaceProviders
    //    .AddSecuredXpo((application, options) => {
    //        options.ConnectionString = connectionString;
    //    })
    //    .AddNonPersistent();
    //builder.Security
    //    .UseIntegratedMode(options => {
    //        options.RoleType = typeof(PermissionPolicyRole);
    //        options.UserType = typeof(YourSolutionName.Module.BusinessObjects.ApplicationUser);
    //        options.UserLoginInfoType = typeof(YourSolutionName.Module.BusinessObjects.ApplicationUserLoginInfo);
    //        options.UseXpoPermissionsCaching();
    //    })
    //    .UsePasswordAuthentication();
    
    // Add this code:
    builder.Security
    .UseMiddleTierMode(options => {
        options.BaseAddress = new Uri("https://localhost:5001/");
    }, securityModuleOptions => {
        securityModuleOptions.NonSecureActionsInitializing += (s, e) =>
            e.NonSecureActions.Add("Demo About Info");
    })
    .UsePasswordAuthentication();
    

    You do not need to enable the Security Adapter and set the database update mode for the Middle Tier Server.

  10. Right-click the Solution node in the Solution Explorer and choose Properties. In the Solution Property Pages dialog, expand the Common Properties node and select Startup Project. Choose the Multiple Startup Projects option and select the Start action for the MySolution.MiddleTier and MySolution.Win projects.

    Run WinForms and Middle Tier Security projects

    Run the application.

See Also