.NET Standard 2.0+
.NET Framework 4.5.2+
.NET Standard 2.0+
.NET 5.0+

AuthenticationActiveDirectory.CustomCreateUser Event

Occurs when a user is created automatically.

Namespace: DevExpress.ExpressApp.Security

Assembly: DevExpress.ExpressApp.Security.v21.2.dll

Declaration

public event EventHandler<CustomCreateUserEventArgs> CustomCreateUser

Event Data

The CustomCreateUser event's data class is CustomCreateUserEventArgs. The following properties provide information specific to this event:

Property Description
Handled Gets or sets a value that indicates whether the event handler has completely handled the event or whether the system should continue its own processing. Inherited from HandledEventArgs.
ObjectSpace Gets an Object Space used to create a user persistent object.
User Specifies an auto-created user.
UserName Gets the login name of the auto-created user.

Remarks

When the AuthenticationActiveDirectory.CreateUserAutomatically property is set to true, the Security System creates a user for the Windows account used to start the application. To customize this process, handle the CustomCreateUser event and assign a user object to the CustomCreateUserEventArgs.User parameter. Set the Handled parameter to true to cancel the default user creation.

The following example demonstrates how to handle this event and create a new user associated with a low-privileged “Default” role in the event handler:

using DevExpress.Data.Filtering;
using DevExpress.ExpressApp.Security;
using DevExpress.ExpressApp.Security.Strategy;
// ...
public partial class MainDemoWinApplication : WinApplication {
    public MainDemoWinApplication() {
        // ...
        authenticationActiveDirectory1.CustomCreateUser += authenticationActiveDirectory1_CustomCreateUser;
    }
    private void authenticationActiveDirectory1_CustomCreateUser(object sender, CustomCreateUserEventArgs e) {
        PermissionPolicyUser user = e.ObjectSpace.CreateObject<PermissionPolicyUser>();
        user.UserName = e.UserName;
        PermissionPolicyRole defaultRole = 
            e.ObjectSpace.FirstOrDefault<PermissionPolicyRole>(role => role.Name == "Default");
        if (defaultRole != null) {
            user.Roles.Add(defaultRole);
        }
        e.User = user;
        e.Handled = true;
    }
    // ...
}

To create this “Default” role, override the ModuleUpdater.UpdateDatabaseAfterUpdateSchema method in the Updater.cs (Updater.vb) file (the Solution Wizard adds similar code):

public override void UpdateDatabaseAfterUpdateSchema() {
    base.UpdateDatabaseAfterUpdateSchema();
    // ...
    PermissionPolicyRole defaultRole = ObjectSpace.FirstOrDefault<PermissionPolicyRole>(role => role.Name == "Default");
    if(defaultRole == null) {
        defaultRole = ObjectSpace.CreateObject<PermissionPolicyRole>();
        defaultRole.Name = "Default";
        defaultRole.AddObjectPermissionFromLambda<PermissionPolicyUser>(SecurityOperations.Read, u => u.Oid == (Guid)CurrentUserIdOperator.CurrentUserId(), SecurityPermissionState.Allow);
        defaultRole.AddNavigationPermission(@"Application/NavigationItems/Items/Default/Items/MyDetails", SecurityPermissionState.Allow);
        defaultRole.AddMemberPermissionFromLambda<PermissionPolicyUser>(SecurityOperations.Write, "ChangePasswordOnFirstLogon", u => u.Oid == (Guid)CurrentUserIdOperator.CurrentUserId(), SecurityPermissionState.Allow);
        defaultRole.AddMemberPermissionFromLambda<PermissionPolicyUser>(SecurityOperations.Write, "StoredPassword", u => u.Oid == (Guid)CurrentUserIdOperator.CurrentUserId(), SecurityPermissionState.Allow);
        defaultRole.AddTypePermissionsRecursively<PermissionPolicyRole>(SecurityOperations.Read, SecurityPermissionState.Deny);
        defaultRole.AddTypePermissionsRecursively<ModelDifference>(SecurityOperations.ReadWriteAccess, SecurityPermissionState.Allow);
        defaultRole.AddTypePermissionsRecursively<ModelDifferenceAspect>(SecurityOperations.ReadWriteAccess, SecurityPermissionState.Allow);
        defaultRole.AddTypePermissionsRecursively<ModelDifference>(SecurityOperations.Create, SecurityPermissionState.Allow);
        defaultRole.AddTypePermissionsRecursively<ModelDifferenceAspect>(SecurityOperations.Create, SecurityPermissionState.Allow);                
    }
    ObjectSpace.CommitChanges();
}
See Also