AuthenticationActiveDirectory.CustomCreateUser Event
Occurs when a user is created automatically.
Namespace: DevExpress.ExpressApp.Security
Assembly: DevExpress.ExpressApp.Security.v24.1.dll
NuGet Package: DevExpress.ExpressApp.Security
Declaration
Event Data
The CustomCreateUser event's data class is CustomCreateUserEventArgs. The following properties provide information specific to this event:
Property | Description |
---|---|
Handled | Gets or sets a value that indicates whether the event handler has completely handled the event or whether the system should continue its own processing. Inherited from HandledEventArgs. |
ObjectSpace | Gets an Object Space used to create a user persistent object. |
User | Specifies an auto-created user. |
UserName | Gets the login name of the auto-created user. |
Remarks
When the AuthenticationActiveDirectory.CreateUserAutomatically property is set to true, the Security System creates a user for the Windows account used to start the application. To customize this process, handle the CustomCreateUser event and assign a user object to the CustomCreateUserEventArgs.User parameter. Set the Handled parameter to true to cancel the default user creation.
The following example demonstrates how to handle this event and create a new user associated with a low-privileged “Default” role in the event handler:
File: MySolution.Win\WinApplication.cs (MySolution.Win\WinApplication.vb)
using DevExpress.Data.Filtering;
using DevExpress.ExpressApp.Security;
using DevExpress.ExpressApp.Security.Strategy;
// ...
public partial class MySolutionWindowsFormsApplication : WinApplication {
public MySolutionWindowsFormsApplication() {
// ...
authenticationActiveDirectory1.CustomCreateUser += authenticationActiveDirectory1_CustomCreateUser;
}
private void authenticationActiveDirectory1_CustomCreateUser(object sender, CustomCreateUserEventArgs e) {
ApplicationUser user = e.ObjectSpace.CreateObject<ApplicationUser>();
user.UserName = e.UserName;
PermissionPolicyRole defaultRole =
e.ObjectSpace.FirstOrDefault<PermissionPolicyRole>(role => role.Name == "Default");
if (defaultRole != null) {
user.Roles.Add(defaultRole);
}
e.User = user;
e.Handled = true;
}
// ...
}
To create this “Default” role, override the ModuleUpdater.UpdateDatabaseAfterUpdateSchema method in the Updater.cs (Updater.vb) file (the Solution Wizard adds similar code):
File: MySolution.Module\DatabaseUpdate\Updater.cs (MySolution.Module\DatabaseUpdate\Updater.vb)
public override void UpdateDatabaseAfterUpdateSchema() {
base.UpdateDatabaseAfterUpdateSchema();
// ...
PermissionPolicyRole defaultRole = ObjectSpace.FirstOrDefault<PermissionPolicyRole>(role => role.Name == "Default");
if(defaultRole == null) {
defaultRole = ObjectSpace.CreateObject<PermissionPolicyRole>();
defaultRole.Name = "Default";
defaultRole.AddObjectPermissionFromLambda<ApplicationUser>(SecurityOperations.Read, u => u.Oid == (Guid)CurrentUserIdOperator.CurrentUserId(), SecurityPermissionState.Allow);
defaultRole.AddNavigationPermission(@"Application/NavigationItems/Items/Default/Items/MyDetails", SecurityPermissionState.Allow);
defaultRole.AddMemberPermissionFromLambda<ApplicationUser>(SecurityOperations.Write, "ChangePasswordOnFirstLogon", u => u.Oid == (Guid)CurrentUserIdOperator.CurrentUserId(), SecurityPermissionState.Allow);
defaultRole.AddMemberPermissionFromLambda<ApplicationUser>(SecurityOperations.Write, "StoredPassword", u => u.Oid == (Guid)CurrentUserIdOperator.CurrentUserId(), SecurityPermissionState.Allow);
defaultRole.AddTypePermissionsRecursively<PermissionPolicyRole>(SecurityOperations.Read, SecurityPermissionState.Deny);
defaultRole.AddTypePermissionsRecursively<ModelDifference>(SecurityOperations.ReadWriteAccess, SecurityPermissionState.Allow);
defaultRole.AddTypePermissionsRecursively<ModelDifferenceAspect>(SecurityOperations.ReadWriteAccess, SecurityPermissionState.Allow);
defaultRole.AddTypePermissionsRecursively<ModelDifference>(SecurityOperations.Create, SecurityPermissionState.Allow);
defaultRole.AddTypePermissionsRecursively<ModelDifferenceAspect>(SecurityOperations.Create, SecurityPermissionState.Allow);
}
ObjectSpace.CommitChanges();
}