Skip to main content
BuyLog In
XAF: Cross-Platform .NET App UI & Web API
Search in…
Docs > Data Security and Safety > Security (Access Control & Authentication) > Security Tiers > Middle Tier Security (XPO Only) > Add the Middle Tier Server (ASP.NET Core Web API) to an existing WinForms Application (.NET 6)
A newer version of this page is available. .
All docs
V22.1
.NET Framework 4.5.2+
Cross-Platform .NET App UI (XAF)
Getting Started
Installation, Upgrade, Version History
Backend Web API Service
UI Shell and Base Infrastructure
Storage, ORM, and Business Model Design
Data Manipulation and Business Logic
User Interface and Behavior Customization
Data Filtering
Data Security and Safety
Security (Access Control & Authentication)
Security Tiers
2-Tier Security (Integrated Mode and UI Level)
Middle Tier Security (XPO Only)
Create a WinForms Application (.NET 6) with the Middle Tier Security (ASP.NET Core Web API)
Add the Middle Tier Server (ASP.NET Core Web API) to an existing WinForms Application (.NET 6)
Run the Application Server as a Windows Service (.NET Framework)
Call Direct SQL Queries in Integrated Mode, through the Middle Tier Application Server, and Middle Tier Web API
Connect to the Web API Application Server from Non-XAF Applications (.NET 6)
Connect to the WCF Application Server from Non-XAF Applications (.NET Framework)
Authentication
Predefined Users, Roles and Permissions
Security Permissions Caching
Permissions for Associated Objects
Merging of Permissions Defined in Different Roles
Permission Policy
Use the Security (Access Control & Authentication) API in Non-XAF Applications - Free Offer
Task-Based Help
Audit Trail (History of Data Changes)
Validation (Prevent Data Errors)
Conditional Appearance (Manage State of UI Elements)
Reporting (Shape, Export & Print Data)
Analytics (Extract Data Insights)
Document Management
Business Process Management
Event Planning
Localization
Debugging, Testing and Error Handling
Deployment
Support, QA & Troubleshooting
API Reference
Download CHM

Add the Middle Tier Server (ASP.NET Core Web API) to an existing WinForms Application (.NET 6)

  • 3 minutes to read

This topic contains step-by-step instructions on how to add a Web API project to a WinForms application and use it as the Middle Tier Server.

  1. Use the Solution Wizard to add a Web API project to your application. Right-click the solution in the Solution Explorer and choose Add DevExpress Item | New Project….

    Solution

  2. Select the .NET Core platform and run the XAF Solution Wizard.

    Tutorial launch Wizard

  3. Choose the ASP.NET Core Middle Tier Web API Service option and specify the project name.

    Tutorial launch Wizard

  4. Select the eXpress Persistent Objects ORM for your application.

    Select ORM

  5. Choose Standard authentication on the Choose Security page. The wizard generates JWT authentication scaffolding code.

    Enable the JWT authentication

    The wizard adds the MySolution.MiddleTierWebApi project to the solution.

  6. Install the DevExpress.ExpressApp.Security.Xpo.Extensions.Win NuGet package to the MySolution.Win project.

  7. The Security System requires the ApplicationUser and ApplicationUserLoginInfo business objects to store user information. If the MySolution.Module project does not contain these objects, add the ApplicationUser and ApplicationUserLoginInfo objects to the MySolution.Module project as described in Step 1 of the following section: Use Active Directory and OAuth2 Authentication Providers in ASP.NET Core Blazor Applications: Common Steps.

  8. If your application is created with DevExpress v21.2 and below, add the following code to the MySolution.Win\Program.cs file:

    File: MySolution.Win\Program.cs

    using System.Net;
using System.Net.Http.Headers;
using System.Net.Http;
using System.Net.Http.Json;
using DevExpress.ExpressApp.Security.ClientServer;
// ...
namespace MySolution.Win {
    static class Program {
        static void Main() {
            // ...
            Tracing.Initialize();
            MySolutionWindowsFormsApplication winApplication = new MySolutionWindowsFormsApplication();
            var httpClient = new HttpClient();
            httpClient.BaseAddress = new Uri("https://localhost:44318/");
            var webApiSecuredClient = new WebApiSecuredDataServerClient(httpClient, winApplication.TypesInfo);
            var security = new WebApiMiddleTierClientSecurity(webApiSecuredClient) { IsSupportChangePassword = true };
            winApplication.Security = security;
            winApplication.CreateCustomObjectSpaceProvider += (s, e) => {
                e.ObjectSpaceProviders.Add(new MiddleTierServerObjectSpaceProvider(webApiSecuredClient));
            };
            //...
        }
    }
}

  9. If the MySolution.Win\Program.cs file contains the following autogenerated code, comment it out:

    File: MySolution.Win\Program.cs

    namespace MySolution.Win {
    static class Program {
        [STAThread]
        static void Main() {
            //...
            //winApplication.GetSecurityStrategy().RegisterXPOAdapterProviders();
            //...
//#if DEBUG
//              if(System.Diagnostics.Debugger.IsAttached && winApplication.CheckCompatibilityType == CheckCompatibilityType.DatabaseSchema) {
//                  winApplication.DatabaseUpdateMode = DatabaseUpdateMode.UpdateDatabaseAlways;
//              }
//#endif

    If your application’s ApplicationBuilder.cs file has a code that adds an XPO ObjectSpace provider to the application builder and adds integrated security, remove this code and add the code that initializes the Middle Tier security mode:

    // Remove or comment out this code:
//builder.ObjectSpaceProviders
//    .AddSecuredXpo((application, options) => {
//        options.ConnectionString = connectionString;
//    })
//    .AddNonPersistent();
//builder.Security
//    .UseIntegratedMode(options => {
//        options.RoleType = typeof(PermissionPolicyRole);
//        options.UserType = typeof(DXApplication7.Module.BusinessObjects.ApplicationUser);
//        options.UserLoginInfoType = typeof(DXApplication7.Module.BusinessObjects.ApplicationUserLoginInfo);
//        options.UseXpoPermissionsCaching();
//    })
//    .UsePasswordAuthentication();

// Add this code:
builder.Security
.UseMiddleTierMode(options => {
    options.BaseAddress = new Uri("https://localhost:5001/");
}, securityModuleOptions => {
    securityModuleOptions.NonSecureActionsInitializing += (s, e) =>
        e.NonSecureActions.Add("Demo About Info");
})
.UsePasswordAuthentication();

    You do not need to enable the Security Adapter and set the database update mode for the Middle Tier Server.

  10. Right-click the Solution node in the Solution Explorer and choose Properties. In the Solution Property Pages dialog, expand the Common Properties node and select Startup Project. Choose the Multiple Startup Projects option and select the Start action for the Web API and MySolution.Win projects.

    Run WinForms and Web API projects

    Run the application.

See Also