.NET Framework 4.5.2+
.NET Framework 4.5.2+
.NET Standard 2.0+
.NET Core 3.0+

AuthenticationActiveDirectory.CustomCreateUser Event

Occurs when a user is auto-created.

Namespace: DevExpress.ExpressApp.Security

Assembly: DevExpress.ExpressApp.Security.v19.2.dll

Declaration

public event EventHandler<CustomCreateUserEventArgs> CustomCreateUser
Public Event CustomCreateUser As EventHandler(Of CustomCreateUserEventArgs)

Event Data

The CustomCreateUser event handler receives an argument of the CustomCreateUserEventArgs type. The following properties provide information specific to this event.

Property Description
Handled Gets or sets a value that indicates whether the event handler has completely handled the event or whether the system should continue its own processing.
(Inherited from HandledEventArgs)
ObjectSpace Gets an Object Space used to create a user persistent object.
User Specifies an auto-created user.
UserName Gets the login name of the auto-created user.

Remarks

When the AuthenticationActiveDirectory.CreateUserAutomatically property is set to true, a user is automatically created for the Windows account used to start the application. You can customize this process by handling the CustomCreateUser event and assigning a user object to the handler's CustomCreateUserEventArgs.User parameter. Set the handler's Handled parameter to true to cancel the default user creation.

To subscribe to the CustomCreateUser event, run the Application Designer and focus the AuthenticationActiveDirectory component. Then, in the Properties window, switch to Events and double click CustomCreateUser in the property grid.

CustomCreateUser_Designer

As the result, the empty event handler will be created. For instance, you can add a code to it that creates a new user associated with a low-privileged "Default" role:

using DevExpress.Data.Filtering;
using DevExpress.ExpressApp.Security;
using DevExpress.ExpressApp.Security.Strategy;
// ...
private void authenticationActiveDirectory1_CustomCreateUser(object sender, CustomCreateUserEventArgs e) {
    PermissionPolicyUser user = e.ObjectSpace.CreateObject<PermissionPolicyUser>();
    user.UserName = e.UserName;
    PermissionPolicyRole defaultRole = 
        e.ObjectSpace.FindObject<PermissionPolicyRole>(new BinaryOperator("Name", "Default"));
    if (defaultRole != null) {
        user.Roles.Add(defaultRole);
    }
    e.User = user;
    e.Handled = true;
}

The low-privileged "Default" role can be created in the Updater.cs (Updater.vb) file by overriding the ModuleUpdater.UpdateDatabaseAfterUpdateSchema method (by default, the Solution Wizard adds a similar code):

public override void UpdateDatabaseAfterUpdateSchema() {
    base.UpdateDatabaseAfterUpdateSchema();
    // ...
    PermissionPolicyRole defaultRole = ObjectSpace.FindObject<PermissionPolicyRole>(new BinaryOperator("Name", "Default"));
    if(defaultRole == null) {
        defaultRole = ObjectSpace.CreateObject<PermissionPolicyRole>();
        defaultRole.Name = "Default";
        defaultRole.AddObjectPermission<PermissionPolicyUser>(SecurityOperations.Read, "[Oid] = CurrentUserId()", SecurityPermissionState.Allow);
        defaultRole.AddNavigationPermission(@"Application/NavigationItems/Items/Default/Items/MyDetails", SecurityPermissionState.Allow);
        defaultRole.AddMemberPermission<PermissionPolicyUser>(SecurityOperations.Write, "ChangePasswordOnFirstLogon", "[Oid] = CurrentUserId()", SecurityPermissionState.Allow);
        defaultRole.AddMemberPermission<PermissionPolicyUser>(SecurityOperations.Write, "StoredPassword", "[Oid] = CurrentUserId()", SecurityPermissionState.Allow);
        defaultRole.AddTypePermissionsRecursively<PermissionPolicyRole>(SecurityOperations.Read, SecurityPermissionState.Deny);
        defaultRole.AddTypePermissionsRecursively<ModelDifference>(SecurityOperations.ReadWriteAccess, SecurityPermissionState.Allow);
        defaultRole.AddTypePermissionsRecursively<ModelDifferenceAspect>(SecurityOperations.ReadWriteAccess, SecurityPermissionState.Allow);
        defaultRole.AddTypePermissionsRecursively<ModelDifference>(SecurityOperations.Create, SecurityPermissionState.Allow);
        defaultRole.AddTypePermissionsRecursively<ModelDifferenceAspect>(SecurityOperations.Create, SecurityPermissionState.Allow);                
    }
    ObjectSpace.CommitChanges();
}
See Also