Skip to main content
BuyLog In
XAF: Cross-Platform .NET App UI & Web API
Search in…
Docs > Application Security and Data Safety > Security (Access Control & Authentication) > Non-XAF UI Scenarios > Connect to an EF Core Middle Tier Security Application from Non-XAF Applications
All docs
V24.1
.NET 6.0+
XAF: Cross-Platform .NET App UI & Web API
Getting Started
Installation, Upgrade, Version History
Backend Web API Service
UI Shell and Base Infrastructure
Storage, ORM, and Business Model Design
Data Manipulation and Business Logic
User Interface and Behavior Customization
Data Filtering
Application Security and Data Safety
Security (Access Control & Authentication)
Security Tiers
User Logon and Authentication
ORM Object Model, Policy Configuration and Storage
Authorization and Data Protection
Non-XAF UI Scenarios
Connect to an EF Core Middle Tier Security Application from Non-XAF Applications
Connect to an XPO Middle Tier Server from Non-XAF Applications (.NET)
Connect to an XPO WCF Application Server from Non-XAF Applications (.NET Framework)
Security Considerations
Audit Trail (History of Data Changes)
Multi-Tenancy (Data per Tenant)
Validation (Prevent Data Errors)
Conditional Appearance (Manage State of UI Elements)
Reporting (Shape, Export & Print Data)
Analytics (Extract Data Insights)
Document Management
Business Process Management
Event Planning
Localization
Accessibility Support
Debugging, Testing and Error Handling
Deployment
Support, QA & Troubleshooting
API Reference
Download CHM

Connect to an EF Core Middle Tier Security Application from Non-XAF Applications

  • 2 minutes to read

Follow the steps below to configure a non-XAF .NET application so it can connect to a database through the EF Core-based Middle Tier Security application.

Note

The technique described in this topic was not tested with .NET MAUI and Blazor WebAssembly clients. With these platforms, we recommend that you use our Web API Service on the backend as demonstrated in the following examples on GitHub:

  1. Install the following NuGet package: DevExpress.ExpressApp.EFCore.

  2. Create an HttpClient instance with the following settings:

    // The Middle Tier server URL in the code below is the default setting for debug mode and may be different in your application. 
// You can check this setting in the Middle Tier project's Properties/launchSettings.json file. 
var httpClient = new HttpClient();
httpClient.BaseAddress = new Uri("https://localhost:44319/");
httpClient.DefaultRequestHeaders.Add("Accept", "application/json");

  3. Configure the client’s authentication scheme.

    var webSocketFactory = new ClientWebSocketFactory(httpClient, false);
var securedClient = new WebSocketSecuredDataServerClient(httpClient, webSocketFactory, XafTypesInfo.Instance);
securedClient.CustomAuthenticate += (sender, arguments) => {
    arguments.Handled = true;
    HttpResponseMessage msg = arguments.HttpClient.PostAsJsonAsync(
        "api/Authentication/Authenticate", 
        (AuthenticationStandardLogonParameters)arguments.LogonParameters).GetAwaiter().GetResult();
    string token = (string)msg.Content.ReadFromJsonAsync(typeof(string)).GetAwaiter().GetResult();
    if (msg.StatusCode == HttpStatusCode.Unauthorized) {
        throw new UserFriendlyException(token);
    }
    msg.EnsureSuccessStatusCode();
    arguments.HttpClient.DefaultRequestHeaders.Authorization
        = new AuthenticationHeaderValue("bearer", token);
};

  4. Authenticate the client on the Middle Tier Security server:

    securedClient.Authenticate(new AuthenticationStandardLogonParameters("John", ""));

  5. After authentication has succeeded, you can send permission request queries to the server, which allows you to gain access permissions for operations that are allowed for the current user.

    var readRequest = new SerializablePermissionRequest(typeof(Employee), null, null, SecurityOperations.Read);
bool isReadGranted = ((IMiddleTierServerSecurity)securedClient).IsGranted(readRequest);

var writeRequest = new SerializablePermissionRequest(typeof(Employee), null, null, SecurityOperations.Write);
bool isWriteGranted = ((IMiddleTierServerSecurity)securedClient).IsGranted(writeRequest);

  6. To access data through an EF Core DbContext, configure DbContextOptions to use the Middle Tier Security as a database provider:

    var optionsBuilder = new DbContextOptionsBuilder<EFCoreDbContext>();
optionsBuilder.UseMiddleTier(securedClient);
optionsBuilder.UseChangeTrackingProxies();
optionsBuilder.UseLazyLoadingProxies();
var dbContextOptions = optionsBuilder.Options;

    After this, you can create a DbContext instance and execute data queries:

    var dbContext = new EFCoreDbContext(dbContextOptions);
var users = dbContext.Employees.ToList();
See Also