Skip to main content
All docs
V24.2

Access Object Space, Security System, and Caption Helper in the ASP.NET Core Environment

  • 6 minutes to read

This topic describes how to access an Object Space, the Security System, the Caption Helper, and XAF Modules from an ASP.NET Core service or middleware, Web API controllers, custom Razor pages, and components.

Useful APIs

Object to access

Injecting service

Methods and properties

Object Space

IObjectSpaceFactory
INonSecuredObjectSpaceFactory

IObjectSpaceFactory.CreateObjectSpace
INonSecuredObjectSpaceFactory.CreateNonSecuredObjectSpace

Security System

ISecurityProvider
ISecurityStrategyBase

ISecurityProvider.GetSecurity
ISecurityStrategyBase.IsAuthenticated
ISecurityStrategyBase.User

Caption Helper

ICaptionHelperProvider

ICaptionHelperProvider.GetCaptionHelper

Prerequisites

If you created your application in v21.2 or earlier, you need to use the Application Builder’s ObjectSpaceProviders property to register Object Space Providers instead of the XafApplication.CreateDefaultObjectSpaceProvider method or XafApplication.CreateCustomObjectSpaceProvider event. Refer to the following help topic for more information on how to do this: Integrate Application Builders into Existing Applications.

We strongly recommend this because the use of the XafApplication.CreateDefaultObjectSpaceProvider method and XafApplication.CreateCustomObjectSpaceProvider event conflicts with IObjectSpaceFactory and IObjectSpaceProviderFactory service usage.

The use of IObjectSpaceFactory instead of XafApplication‘s members also improves the performance of your application because the application instance is not created in this case.

Examples

Object Space

To create an Object Space in an ASP.NET Core application, inject the IObjectSpaceFactory service. Note that this service ensures if a user is logged on. If not, it throws an authorization exception. To avoid this exception, you can use the following techniques:

  • Use the INonSecuredObjectSpaceFactory service instead of IObjectSpaceFactory.
  • Use another way to ensure if a user is logged on (for example, use AuthorizationPolicyBuilder.RequireXafAuthentication with AuthorizeAttribute).

From a Razor Component

File: MySolution.Blazor.Server\Pages\MyComponent.razor.

@page "/MyComponent"
@inject DevExpress.ExpressApp.IObjectSpaceFactory objectSpaceFactory

<h3>MyComponent</h3>

@code {
    protected override async Task OnAfterRenderAsync(bool firstRender) {
        if (!firstRender) {
            return;
        }
        try {
            using(IObjectSpace objectSpace = objectSpaceFactory.CreateObjectSpace<Contact>()) {
                // ...
            }
        }
        catch(Exception ex) {
            // User authentication has failed.
            // ...
        }
    }
}

From Middleware

File: MySolution.Blazor.Server\CustomMiddleware.cs.

using DevExpress.ExpressApp;
using DevExpress.ExpressApp.Core;
using Microsoft.AspNetCore.Http;
using System.Threading.Tasks;

namespace MySolution.Blazor.Server {
    public class CustomMiddleware {
        private readonly RequestDelegate next;
        public CustomMiddleware(RequestDelegate next) {
            this.next = next;
        }
        public async Task InvokeAsync(HttpContext context, IObjectSpaceFactory objectSpaceFactory) {
            try {
                using(IObjectSpace objectSpace = objectSpaceFactory.CreateObjectSpace<Contact>()) {
                    // ...
                }
            }
            catch(Exception ex) {
                // User authentication is failed.
                // ...
            }
            await next(context);
        }
    }
}

From an ASP.NET Core Controller

File: MySolution.Blazor.Server.Controllers\CustomController.cs.

using DevExpress.Data.Filtering;
using DevExpress.ExpressApp;
using DevExpress.ExpressApp.Core;
using Microsoft.AspNetCore.Mvc;

namespace MySolution.Blazor.Server.Controllers {
    public class CustomController : ControllerBase {
        internal IObjectSpaceFactory objectSpaceFactory;
        public CustomController(IObjectSpaceFactory objectSpaceFactory) {
            this.objectSpaceFactory = objectSpaceFactory;
        }
        [HttpGet]
        public object GetUserObject(string userName) {
            using (IObjectSpace objectSpace = objectSpaceFactory.CreateObjectSpace<ApplicationUser>()) {
                ApplicationUser user = objectSpace.FindObject<ApplicationUser>(
                    CriteriaOperator.FromLambda<ApplicationUser>(u => u.UserName == userName));
                // ...
            }
        }
    }
}

Security System

To access the Security System in an ASP.NET Core application, inject the ISecurityProvider service. Note that this service ensures if a user is logged on. If not, it throws an authorization exception. To avoid this exception, you can use the following techniques:

  • Use the ISecurityStrategyBase service instead of ISecurityProvider if you do not need to operate with an authenticated user object. This service does not ensure if a user is logged on or not, so the current user object might not be available here.
  • Use another way to ensure if a user is logged on (for example, use AuthorizationPolicyBuilder.RequireXafAuthentication with AuthorizeAttribute.

These workarounds do not guarantee that you will not receive authentication exceptions, even if you specify the correct user credentials.

From Middleware

File: MySolution.Blazor.Server\CustomMiddleware.cs.

using DevExpress.ExpressApp.Security;
using DevExpress.Persistent.BaseImpl.PermissionPolicy;
using Microsoft.AspNetCore.Http;
using System.Threading.Tasks;

namespace MySolution.Blazor.Server {    
    public class CustomMiddleware {
        private readonly RequestDelegate next;
        public CustomMiddleware(RequestDelegate next) {
            this.next = next;
        }
        public async Task InvokeAsync(HttpContext context, ISecurityProvider securityProvider) {
            try {
                ISecurityStrategyBase securityStrategy = securityProvider.GetSecurity();
                // If authentication has failed, GetSecurity throws an exception.
                ApplicationUser user = (ApplicationUser)securityStrategy.User;
                // ...
            }
            catch(Exception ex) {
                // User authentication has failed.
                // ...
            }
            await next(context);
        }
    }
}

From a Razor Component

File: MySolution.Blazor.Server\Pages\MyComponent.razor.

@page "/MyComponent"
@using DevExpress.ExpressApp
@using DevExpress.ExpressApp.Security
@inject DevExpress.ExpressApp.Security.ISecurityStrategyBase securityStrategy
@inject DevExpress.ExpressApp.Security.ISecurityProvider securityProvider

<h3>MyComponent</h3>

@code {
    protected override async Task OnAfterRenderAsync(bool firstRender) {
        if (!firstRender) {
            return;
        }
        try {
            securityStrategy = securityProvider.GetSecurity();
            // If authentication has failed, GetSecurity throws an exception.
            ApplicationUser user = (ApplicationUser)securityStrategy.User;
        }
        catch (Exception ex) {
            // User authentication has failed.
            // ...
        }
    }
}

From an ASP.NET Core Controller

File: MySolution.Blazor.Server.Controllers\CustomController.cs.

using Microsoft.AspNetCore.Mvc;
using DevExpress.ExpressApp.Security;

namespace MySolution.Blazor.Server.Controllers {
    public class CustomController : ControllerBase {
        internal ISecurityProvider securityProvider;
        public CustomController(ISecurityProvider securityProvider) {
            this.securityProvider = securityProvider;
        }
        [HttpGet]
        public object GetUserObject() {
            ISecurityStrategyBase securityStrategy = securityProvider.GetSecurity();
            // If authentication has failed, GetSecurity throws an exception.
            ApplicationUser user = (ApplicationUser)securityStrategy.User;
            // ...
        }
    }
}

Caption Helper

The Caption Helper class allows you to get localized captions for XAF Controllers and Razor Components that are shown in XAF Views. XAF initializes the Application Model of this class on requests to standard XAF pages. To get captions with other requests (middleware, Web API method, and so on), use the ICaptionHelperProvider service.

This service uses a shared Application Model and does not return user-specific localized strings from a user Model Differences Storage. If your application does not store different captions for different users in the Application Model, use the ICaptionHelperProvider service as a unified way to get localized captions.

From a Razor Component

File: MySolution.Blazor.Server\Pages\MyComponent.razor.

@page "/MyComponent"
@using DevExpress.ExpressApp.Utils
@inject DevExpress.ExpressApp.Services.Localization.ICaptionHelperProvider captionHelperProvider

<h3>MyComponent</h3>

@code {
    protected override async Task OnAfterRenderAsync(bool firstRender) {
        if (!firstRender) {
            return;
        }
        ICaptionHelper helper = captionHelperProvider.GetCaptionHelper();
        string newActionName = helper.GetActionCaption("New");
        // ...
    }
}

From Middleware

File: MySolution.Blazor.Server\CustomMiddleware.cs.

using DevExpress.ExpressApp.AspNetCore.Services.Localization;
using DevExpress.ExpressApp.Utils;

namespace MySolution.Blazor.Server.Pages {
    public class CustomMiddleware {
        private readonly RequestDelegate next;
        public CustomMiddleware(RequestDelegate next) {
            this.next = next;
        }
        public async Task InvokeAsync(HttpContext context, ICaptionHelperProvider captionHelperProvider) {
            ICaptionHelper helper = captionHelperProvider.GetCaptionHelper();
            string newActionName = helper.GetActionCaption("New");
            // ...
            await next(context);
        }
    }
}

From an ASP.NET Core Controller

File: MySolution.Blazor.Server.Controllers\CustomLocalizationController.cs.

using DevExpress.ExpressApp.AspNetCore.Services.Localization;
using DevExpress.ExpressApp.Utils;
using Microsoft.AspNetCore.Mvc;

namespace MySolution.Blazor.Server.Controllers {
    public class CustomLocalizationController : ControllerBase {
        internal ICaptionHelperProvider captionHelperProvider;
        public CustomLocalizationController(ICaptionHelperProvider captionHelperProvider) {
            this.captionHelperProvider = captionHelperProvider;
        }
        [HttpGet]
        public string GetActionCaption(string actionName) {
            ICaptionHelper helper = captionHelperProvider.GetCaptionHelper();
            return helper.GetActionCaption(actionName);
        }
    }
}

The CaptionHelper.GetService method returns an ICaptionHelper instance to use on other platforms such as Win and Web.

using DevExpress.ExpressApp;
using DevExpress.ExpressApp.Utils;

ICaptionHelper helper = CaptionHelper.GetService(Application.ServiceProvider)
string newActionName = helper.GetActionCaption("New");
// ...
See Also