Skip to main content
All docs
V24.2
.NET 8.0+
  • The page you are viewing does not exist in the .NET Framework 4.6.2+ platform documentation. This link will take you to the parent topic of the current section.

AuthenticationStandardEvents.OnAuthenticate Property

Specifies custom authentication logic.

Namespace: DevExpress.ExpressApp.Security

Assembly: DevExpress.ExpressApp.Security.v24.2.dll

NuGet Package: DevExpress.ExpressApp.Security

Declaration

public Action<FindUserContext> OnAuthenticate { get; set; }

Property Value

Type Description
Action<DevExpress.ExpressApp.Security.FindUserContext>

A delegate method that implements custom authentication logic.

Remarks

Handle the OnAuthenticate event to implement custom password-based authentication logic (for example, to implement authentication based on custom logon parameters).

Important

The logic implemented in this event’s handler completely overrides the standard authentication logic. Since this event is used to implement entirely custom logic, XAF does not validate the result returned by the handler method in any way, so you need to manually carry out all required checks in the handler.

If you only need to override logic used to find the user object and want the authentication system to carry out all checks that are standard for password-based authentication, use the OnFindUser event instead.

Example

To implement custom authentication, do the following:

  1. Find a user object based on the specified logon parameters.

  2. Check the found user object against the logon parameters specified during a logon attempt (for example, verify the password).

  3. If the authentication succeeds, assign the user object to context.User; otherwise, throw an AuthenticationException. After the context.User property is set, XAF authentication returns the specified user without any additional checks or other actions.

The following code snippet illustrates these steps:

File: MySolution.Blazor.Server\Startup.cs, MySolution.Win\Startup.cs, MySolution.WebApi\Startup.cs

services.AddXaf(Configuration, builder => {
    // ...
    builder.Security
        .AddPasswordAuthentication(options => {
            options.IsSupportChangePassword = true;
            options.Events.OnAuthenticate += context => {
                ApplicationUser applicationUser = 
                    context.ObjectSpace.FirstOrDefault<ApplicationUser>(e => e.UserName == context.LogonParameters.UserName);
                if (applicationUser == null)
                    throw new AuthenticationException(
                        context.LogonParameters.UserName, 
                        SecurityExceptionLocalizer.GetExceptionMessage(SecurityExceptionId.RetypeTheInformation)
                    );
                if (!((IAuthenticationStandardUser)applicationUser).ComparePassword(context.LogonParameters.Password))
                    throw new AuthenticationException(
                        context.LogonParameters.UserName, 
                        SecurityExceptionLocalizer.GetExceptionMessage(SecurityExceptionId.RetypeTheInformation)
                    );
                context.User = applicationUser;
            };
        });
        // ...
});
See Also