Skip to main content
All docs
V24.2
.NET 8.0+
  • The page you are viewing does not exist in the .NET Framework 4.6.2+ platform documentation. This link will take you to the parent topic of the current section.

DevExpress v24.2 Update — Your Feedback Matters

Our What's New in v24.2 webpage includes product-specific surveys. Your response to our survey questions will help us measure product satisfaction for features released in this major update and help us refine our plans for our next major release.

Take the survey Not interested

AuthenticationStandardEvents.OnAuthenticate Property

Specifies custom authentication logic.

Namespace: DevExpress.ExpressApp.Security

Assembly: DevExpress.ExpressApp.Security.v24.2.dll

NuGet Package: DevExpress.ExpressApp.Security

#Declaration

public Action<FindUserContext> OnAuthenticate { get; set; }

#Property Value

Type Description
Action<DevExpress.ExpressApp.Security.FindUserContext>

A delegate method that implements custom authentication logic.

#Remarks

Handle the OnAuthenticate event to implement custom password-based authentication logic (for example, to implement authentication based on custom logon parameters).

Important

The logic implemented in this event’s handler completely overrides the standard authentication logic. Since this event is used to implement entirely custom logic, XAF does not validate the result returned by the handler method in any way, so you need to manually carry out all required checks in the handler.

If you only need to override logic used to find the user object and want the authentication system to carry out all checks that are standard for password-based authentication, use the OnFindUser event instead.

#Example

To implement custom authentication, do the following:

  1. Find a user object based on the specified logon parameters.

  2. Check the found user object against the logon parameters specified during a logon attempt (for example, verify the password).

  3. If the authentication succeeds, assign the user object to context.User; otherwise, throw an AuthenticationException. After the context.User property is set, XAF authentication returns the specified user without any additional checks or other actions.

The following code snippet illustrates these steps:

File: MySolution.Blazor.Server\Startup.cs, MySolution.Win\Startup.cs, MySolution.WebApi\Startup.cs

services.AddXaf(Configuration, builder => {
    // ...
    builder.Security
        .AddPasswordAuthentication(options => {
            options.IsSupportChangePassword = true;
            options.Events.OnAuthenticate += context => {
                ApplicationUser applicationUser = 
                    context.ObjectSpace.FirstOrDefault<ApplicationUser>(e => e.UserName == context.LogonParameters.UserName);
                if (applicationUser == null)
                    throw new AuthenticationException(
                        context.LogonParameters.UserName, 
                        SecurityExceptionLocalizer.GetExceptionMessage(SecurityExceptionId.RetypeTheInformation)
                    );
                if (!((IAuthenticationStandardUser)applicationUser).ComparePassword(context.LogonParameters.Password))
                    throw new AuthenticationException(
                        context.LogonParameters.UserName, 
                        SecurityExceptionLocalizer.GetExceptionMessage(SecurityExceptionId.RetypeTheInformation)
                    );
                context.User = applicationUser;
            };
        });
        // ...
});
See Also