Skip to main content
All docs
V24.2
.NET 8.0+
  • The page you are viewing does not exist in the .NET Framework 4.6.2+ platform documentation. This link will take you to the parent topic of the current section.

DevExpress v24.2 Update — Your Feedback Matters

Our What's New in v24.2 webpage includes product-specific surveys. Your response to our survey questions will help us measure product satisfaction for features released in this major update and help us refine our plans for our next major release.

Take the survey Not interested

SecuredPropertySetter.SetPropertyValueWithSecurityBypass<T>(Object, String, T) Method

Sets a persistent object’s property value bypassing security checks.

Namespace: DevExpress.ExpressApp.EFCore

Assembly: DevExpress.ExpressApp.EFCore.v24.2.dll

NuGet Package: DevExpress.ExpressApp.EFCore

#Declaration

public static void SetPropertyValueWithSecurityBypass<T>(
    object obj,
    string propertyName,
    T value
)

#Parameters

Name Type Description
obj Object

An object whos property to set.

propertyName String

The name of the property to set.

value T

The value to assign to the property.

#Type Parameters

Name Description
T

The type of the value assigned to the property.

#Remarks

The SetPropertyValueWithSecurityBypass static method allows you to modify the value of a business object’s property even if write access to this property is denied for the current user by the XAF Security System. If your business object class extends BaseObject and you need to modify this object’s own property, you can use the BaseObject.SetPropertyValueWithSecurityBypass protected method instead.

In applications with middle-tier security, you can call this method only from a business object’s IXafEntityObject.OnSaving method, otherwise an exception is thrown.

Note

In applications with middle-tier security, an object’s OnSaving method is only called on the middle-tier server side. From this method, you can call SetPropertyValueWithSecurityBypass to set values of business object properties even if the client application has no access rights for these properties. Thus, you can use this method to securely initialize properties with sensitive data (it is also important that you define access rules to additionally restrict access to these properties for application users).

The following code snippet demonstrates how to use this method to initialize CreatedBy, UpdatedBy, and UpdatedOn properties of a business class.

using DevExpress.ExpressApp;
using DevExpress.ExpressApp.EFCore;
using DevExpress.Persistent.Base;
using System.ComponentModel;
using System.ComponentModel.DataAnnotations;
// ...
public class TestClass : IXafEntityObject, IObjectSpaceLink { 
    // ...
    [ModelDefault(nameof(IModelCommonMemberViewItem.AllowEdit), "False")]
    public virtual ApplicationUser CreatedBy { get; set; }
    [ModelDefault(nameof(IModelCommonMemberViewItem.AllowEdit), "False")]
    public virtual ApplicationUser UpdatedBy { get; set; }
    [ModelDefault(nameof(IModelCommonMemberViewItem.AllowEdit), "False")]
    [ModelDefault(nameof(IModelCommonMemberViewItem.DisplayFormat), "G")]
    public virtual DateTime? UpdatedOn { get; set; }

    ApplicationUser GetCurrentUser() {
        return ObjectSpace.GetObjectByKey<ApplicationUser>(
            ObjectSpace.ServiceProvider.GetRequiredService<ISecurityStrategyBase>().UserId);
    }

    void OnSaving() {
        base.OnSaving();
        if (ObjectSpace.IsNewObject(this)) {
            SecuredPropertySetter.SetPropertyValueWithSecurityBypass(nameof(CreatedBy), GetCurrentUser());
        }
        else {
            SecuredPropertySetter.SetPropertyValueWithSecurityBypass(nameof(UpdatedBy), GetCurrentUser());
            SecuredPropertySetter.SetPropertyValueWithSecurityBypass(nameof(UpdatedOn), DateTime.Now);
        }
    }
} 
See Also