Access Object Space, Security System, Caption Helper, and XAF Modules in the ASP.NET Core Environment
- 6 minutes to read
This topic describes how to access an Object Space, the Security System, the Caption Helper, and XAF Modules from an ASP.NET Core service or middleware, Web API controllers, custom Razor pages, and components.
Useful APIs
Object to access | Injecting service | Methods and properties |
|---|---|---|
IObjectSpaceFactory.CreateObjectSpace | ||
ISecurityProvider.GetSecurity | ||
Prerequisites
If you created your application in v21.2 or earlier, you need to use the Application Builder’s ObjectSpaceProviders property to register Object Space Providers instead of the XafApplication.CreateDefaultObjectSpaceProvider method or XafApplication.CreateCustomObjectSpaceProvider event. Refer to the following help topic for more information on how to do this: Integrate Application Builders into Existing Applications.
We strongly recommend this because the use of the XafApplication.CreateDefaultObjectSpaceProvider method and XafApplication.CreateCustomObjectSpaceProvider event conflicts with IObjectSpaceFactory and IObjectSpaceProviderFactory service usage.
The use of IObjectSpaceFactory instead of XafApplication‘s members also improves the performance of your application because the application instance is not created in this case.
Examples
Object Space
To create an Object Space in an ASP.NET Core application, inject the IObjectSpaceFactory service. Note that this service ensures if a user is logged on. If not, it throws an authorization exception. To avoid this exception, you can use the following techniques:
- Use the
INonSecuredObjectSpaceFactoryservice instead ofIObjectSpaceFactory. - Use another way to ensure if a user is logged on (for example, use
AuthorizationPolicyBuilder.RequireXafAuthenticationwithAuthorizeAttribute).
From a Razor Component
File: MySolution.Blazor.Server\Pages\MyComponent.razor.
@page "/MyComponent"
@inject DevExpress.ExpressApp.Core.IObjectSpaceFactory objectSpaceFactory
<h3>MyComponent</h3>
@code {
protected override async Task OnAfterRenderAsync(bool firstRender) {
if (!firstRender) {
return;
}
try {
using(IObjectSpace objectSpace = objectSpaceFactory.CreateObjectSpace<Contact>()) {
// ...
}
}
catch(Exception ex) {
// User authentication has failed.
// ...
}
}
}
From Middleware
File: MySolution.Blazor.Server\CustomMiddleware.cs.
using DevExpress.ExpressApp;
using DevExpress.ExpressApp.Core;
using Microsoft.AspNetCore.Http;
using System.Threading.Tasks;
namespace MySolution.Blazor.Server {
public class CustomMiddleware {
private readonly RequestDelegate next;
public CustomMiddleware(RequestDelegate next) {
this.next = next;
}
public async Task InvokeAsync(HttpContext context, IObjectSpaceFactory objectSpaceFactory) {
try {
using(IObjectSpace objectSpace = objectSpaceFactory.CreateObjectSpace<Contact>()) {
// ...
}
}
catch(Exception ex) {
// User authentication is failed.
// ...
}
await next(context);
}
}
}
From an ASP.NET Core Controller
File: MySolution.Blazor.Server.Controllers\CustomController.cs.
using DevExpress.Data.Filtering;
using DevExpress.ExpressApp;
using DevExpress.ExpressApp.Core;
using Microsoft.AspNetCore.Mvc;
namespace MySolution.Blazor.Server.Controllers {
public class CustomController : ControllerBase {
internal IObjectSpaceFactory objectSpaceFactory;
public CustomController(IObjectSpaceFactory objectSpaceFactory) {
this.objectSpaceFactory = objectSpaceFactory;
}
[HttpGet]
public object GetUserObject(string userName) {
using (IObjectSpace objectSpace = objectSpaceFactory.CreateObjectSpace<ApplicationUser>()) {
ApplicationUser user = objectSpace.FindObject<ApplicationUser>(
CriteriaOperator.FromLambda<ApplicationUser>(u => u.UserName == userName));
// ...
}
}
}
}
Security System
To access the Security System in an ASP.NET Core application, inject the ISecurityProvider service. Note that this service ensures if a user is logged on. If not, it throws an authorization exception. To avoid this exception, you can use the following techniques:
- Use the
ISecurityStrategyBaseservice instead ofISecurityProviderif you do not need to operate with an authenticated user object. This service does not ensure if a user is logged on or not, so the current user object might not be available here. - Use another way to ensure if a user is logged on (for example, use
AuthorizationPolicyBuilder.RequireXafAuthenticationwithAuthorizeAttribute.
These workarounds do not guarantee that you will not receive authentication exceptions, even if you specify the correct user credentials.
From Middleware
File: MySolution.Blazor.Server\CustomMiddleware.cs.
using DevExpress.ExpressApp.Security;
using DevExpress.Persistent.BaseImpl.PermissionPolicy;
using Microsoft.AspNetCore.Http;
using System.Threading.Tasks;
namespace MySolution.Blazor.Server {
public class CustomMiddleware {
private readonly RequestDelegate next;
public CustomMiddleware(RequestDelegate next) {
this.next = next;
}
public async Task InvokeAsync(HttpContext context, ISecurityProvider securityProvider) {
try {
ISecurityStrategyBase securityStrategy = securityProvider.GetSecurity();
// If authentication has failed, GetSecurity throws an exception.
ApplicationUser user = (ApplicationUser)securityStrategy.User;
// ...
}
catch(Exception ex) {
// User authentication has failed.
// ...
}
await next(context);
}
}
}
From a Razor Component
File: MySolution.Blazor.Server\Pages\MyComponent.razor.
@page "/MyComponent"
@using DevExpress.ExpressApp
@using DevExpress.ExpressApp.Security
@inject DevExpress.ExpressApp.Security.ISecurityStrategyBase securityStrategy
@inject DevExpress.ExpressApp.Security.ISecurityProvider securityProvider
<h3>MyComponent</h3>
@code {
protected override async Task OnAfterRenderAsync(bool firstRender) {
if (!firstRender) {
return;
}
try {
securityStrategy = securityProvider.GetSecurity();
// If authentication has failed, GetSecurity throws an exception.
ApplicationUser user = (ApplicationUser)securityStrategy.User;
}
catch (Exception ex) {
// User authentication has failed.
// ...
}
}
}
From an ASP.NET Core Controller
File: MySolution.Blazor.Server.Controllers\CustomController.cs.
using Microsoft.AspNetCore.Mvc;
using DevExpress.ExpressApp.Security;
namespace MySolution.Blazor.Server.Controllers {
public class CustomController : ControllerBase {
internal ISecurityProvider securityProvider;
public CustomController(ISecurityProvider securityProvider) {
this.securityProvider = securityProvider;
}
[HttpGet]
public object GetUserObject() {
ISecurityStrategyBase securityStrategy = securityProvider.GetSecurity();
// If authentication has failed, GetSecurity throws an exception.
ApplicationUser user = (ApplicationUser)securityStrategy.User;
// ...
}
}
}
Caption Helper
The Caption Helper class allows you to get localized captions for XAF Controllers and Razor Components that are shown in XAF Views. XAF initializes the Application Model of this class on requests to standard XAF pages. To get captions with other requests (middleware, Web API method, and so on), use the ICaptionHelperProvider service.
This service uses a shared Application Model and does not return user-specific localized strings from a user Model Differences Storage. If your application does not store different captions for different users in the Application Model, use the ICaptionHelperProvider service as a unified way to get localized captions.
From a Razor Component
File: MySolution.Blazor.Server\Pages\MyComponent.razor.
@page "/MyComponent"
@using DevExpress.ExpressApp.Utils
@inject DevExpress.ExpressApp.Services.Localization.ICaptionHelperProvider captionHelperProvider
<h3>MyComponent</h3>
@code {
protected override async Task OnAfterRenderAsync(bool firstRender) {
if (!firstRender) {
return;
}
ICaptionHelper helper = captionHelperProvider.GetCaptionHelper();
string newActionName = helper.GetActionCaption("New");
// ...
}
}
From Middleware
File: MySolution.Blazor.Server\CustomMiddleware.cs.
using DevExpress.ExpressApp.AspNetCore.Services.Localization;
using DevExpress.ExpressApp.Utils;
namespace MySolution.Blazor.Server.Pages {
public class CustomMiddleware {
private readonly RequestDelegate next;
public CustomMiddleware(RequestDelegate next) {
this.next = next;
}
public async Task InvokeAsync(HttpContext context, ICaptionHelperProvider captionHelperProvider) {
ICaptionHelper helper = captionHelperProvider.GetCaptionHelper();
string newActionName = helper.GetActionCaption("New");
// ...
await next(context);
}
}
}
From an ASP.NET Core Controller
File: MySolution.Blazor.Server.Controllers\CustomLocalizationController.cs.
using DevExpress.ExpressApp.AspNetCore.Services.Localization;
using DevExpress.ExpressApp.Utils;
using Microsoft.AspNetCore.Mvc;
namespace MySolution.Blazor.Server.Controllers {
public class CustomLocalizationController : ControllerBase {
internal ICaptionHelperProvider captionHelperProvider;
public CustomLocalizationController(ICaptionHelperProvider captionHelperProvider) {
this.captionHelperProvider = captionHelperProvider;
}
[HttpGet]
public string GetActionCaption(string actionName) {
ICaptionHelper helper = captionHelperProvider.GetCaptionHelper();
return helper.GetActionCaption(actionName);
}
}
}
The CaptionHelper.GetService method returns an ICaptionHelper instance to use on other platforms such as Win and Web.
using DevExpress.ExpressApp;
using DevExpress.ExpressApp.Utils;
ICaptionHelper helper = CaptionHelper.GetService(Application.ServiceProvider)
string newActionName = helper.GetActionCaption("New");
// ...
XAF Modules
Refer to the following help article to find the example: Validate Password Complexity.