SecuredXPObjectSpace Class

An Object Space for XPO-based applications that use the Security System.

Namespace: DevExpress.ExpressApp.Security

Assembly: DevExpress.ExpressApp.Security.Xpo.v23.2.dll

NuGet Package: DevExpress.ExpressApp.Security.Xpo

Declaration

C#
VB.NET

public class SecuredXPObjectSpace :
    XPObjectSpace

Public Class SecuredXPObjectSpace
    Inherits XPObjectSpace

Remarks

XAF creates Object Spaces of the SecuredXPObjectSpace type in the following cases:

A SecuredObjectSpaceProvider is initialized in your application’s XafApplication.CreateDefaultObjectSpaceProvider method or CreateCustomObjectSpaceProvider event.
An application calls the SecuredObjectSpaceProviderBuilderExtensions.AddSecuredXpo method at startup when the Application Builder is used.

If you implement a custom SecuredObjectSpaceProvider with the CreateObjectSpace() method overridden, make sure this method returns an object of the SecuredXPObjectSpace type instead of XPObjectSpace.

In non-XAF applications, use SecuredObjectSpaceProvider to create SecuredXPObjectSpace as the following code snippet demonstrates:

using DevExpress.ExpressApp.Security;
using DevExpress.Persistent.BaseImpl.EF.PermissionPolicy;
using System.Diagnostics;
// ...
class Program {
    static void Main() {
        // ...
        // Initialization. Create a Secured Data Store and Set Authentication Options
        AuthenticationStandard authentication = new AuthenticationStandard();
        SecurityStrategyComplex security = new SecurityStrategyComplex(typeof(ApplicationUser), typeof(PermissionPolicyRole), authentication, typesInfo);
        security.RegisterXPOAdapterProviders();
        SecuredObjectSpaceProvider objectSpaceProvider = new SecuredObjectSpaceProvider(security, dataStoreProvider, typesInfo, null);

        // Authentication. Log in as a 'User' with an Empty Password
        authentication.SetLogonParameters(new AuthenticationStandardLogonParameters(userName: "User", password: string.Empty));
        IObjectSpace loginObjectSpace = objectSpaceProvider.CreateObjectSpace();
        security.Logon(loginObjectSpace);

        // Authorization. Access and Manipulate Data/UI Based on User/Role Rights
        using(IObjectSpace securedObjectSpace = objectSpaceProvider.CreateObjectSpace()) {
            // User cannot read protected entities like PermissionPolicyRole.
        }
    }
}

You can find the full example in the following GitHub repository: How to use the Integrated mode of the Security System in non-XAF applications (XPO).

For more information on Object Space and Object Space Provider types, refer to the following topics: