AuthenticationActiveDirectory.CustomCreateUser Event

Occurs when a user is auto-created.

Namespace: DevExpress.ExpressApp.Security

Assembly: DevExpress.ExpressApp.Security.v18.1.dll

Syntax

public event EventHandler<CustomCreateUserEventArgs> CustomCreateUser

The event handler receives an argument of the CustomCreateUserEventArgs type. The CustomCreateUserEventArgs properties provide information specific to this event.

When the AuthenticationActiveDirectory.CreateUserAutomatically property is set to true, a user is automatically created for the Windows account used to start the application. You can customize this process by handling the CustomCreateUser event and assigning a user object to the handler's CustomCreateUserEventArgs.User parameter. Set the handler's Handled parameter to true to cancel the default user creation.

To subscribe to the CustomCreateUser event, run the Application Designer and focus the AuthenticationActiveDirectory component. Then, in the Properties window, switch to Events and double click CustomCreateUser in the property grid.

CustomCreateUser_Designer

As the result, the empty event handler will be created. For instance, you can add a code to it that creates a new user associated with a low-privileged "Default" role:

using DevExpress.Data.Filtering;
using DevExpress.ExpressApp.Security;
using DevExpress.ExpressApp.Security.Strategy;
// ...
private void authenticationActiveDirectory1_CustomCreateUser(object sender, CustomCreateUserEventArgs e) {
    PermissionPolicyUser user = e.ObjectSpace.CreateObject<PermissionPolicyUser>();
    user.UserName = e.UserName;
    PermissionPolicyRole defaultRole = 
        e.ObjectSpace.FindObject<PermissionPolicyRole>(new BinaryOperator("Name", "Default"));
    if (defaultRole != null) {
        user.Roles.Add(defaultRole);
    }
    e.User = user;
    e.Handled = true;
}

The low-privileged "Default" role can be created in the Updater.cs (Updater.vb) file by overriding the ModuleUpdater.UpdateDatabaseAfterUpdateSchema method (by default, the Solution Wizard adds a similar code):

public override void UpdateDatabaseAfterUpdateSchema() {
    base.UpdateDatabaseAfterUpdateSchema();
    // ...
    PermissionPolicyRole defaultRole = ObjectSpace.FindObject<PermissionPolicyRole>(new BinaryOperator("Name", "Default"));
    if(defaultRole == null) {
        defaultRole = ObjectSpace.CreateObject<PermissionPolicyRole>();
        defaultRole.Name = "Default";
        defaultRole.AddObjectPermission<PermissionPolicyUser>(SecurityOperations.Read, "[Oid] = CurrentUserId()", SecurityPermissionState.Allow);
        defaultRole.AddNavigationPermission(@"Application/NavigationItems/Items/Default/Items/MyDetails", SecurityPermissionState.Allow);
        defaultRole.AddMemberPermission<PermissionPolicyUser>(SecurityOperations.Write, "ChangePasswordOnFirstLogon", "[Oid] = CurrentUserId()", SecurityPermissionState.Allow);
        defaultRole.AddMemberPermission<PermissionPolicyUser>(SecurityOperations.Write, "StoredPassword", "[Oid] = CurrentUserId()", SecurityPermissionState.Allow);
        defaultRole.AddTypePermissionsRecursively<PermissionPolicyRole>(SecurityOperations.Read, SecurityPermissionState.Deny);
        defaultRole.AddTypePermissionsRecursively<ModelDifference>(SecurityOperations.ReadWriteAccess, SecurityPermissionState.Allow);
        defaultRole.AddTypePermissionsRecursively<ModelDifferenceAspect>(SecurityOperations.ReadWriteAccess, SecurityPermissionState.Allow);
        defaultRole.AddTypePermissionsRecursively<ModelDifference>(SecurityOperations.Create, SecurityPermissionState.Allow);
        defaultRole.AddTypePermissionsRecursively<ModelDifferenceAspect>(SecurityOperations.Create, SecurityPermissionState.Allow);                
    }
    ObjectSpace.CommitChanges();
}