SecuritySystemUser Class

An XAF user who has a list of associated security roles.

Namespace: DevExpress.ExpressApp.Security.Strategy

Assembly: DevExpress.ExpressApp.Security.Xpo.v20.2.dll

NuGet Package: DevExpress.ExpressApp.Security.Xpo

Declaration

C#
VB.NET

[MapInheritance(MapInheritanceType.ParentTable)]
[RuleCriteria("SecuritySystemUser_XPO_Prevent_delete_logged_in_user", DefaultContexts.Delete, "[Oid] != CurrentUserId()", "Cannot delete the current logged-in user. Please log in using another user account and retry.")]
public class SecuritySystemUser :
    SecuritySystemUserBase,
    IOperationPermissionProvider,
    ISecurityUserWithRoles,
    ICanInitialize

<MapInheritance(MapInheritanceType.ParentTable)>
<RuleCriteria("SecuritySystemUser_XPO_Prevent_delete_logged_in_user", DefaultContexts.Delete, "[Oid] != CurrentUserId()", "Cannot delete the current logged-in user. Please log in using another user account and retry.")>
Public Class SecuritySystemUser
    Inherits SecuritySystemUserBase
    Implements IOperationPermissionProvider,
               ISecurityUserWithRoles,
               ICanInitialize

Remarks

Note

It is recommended to use the Allow/Deny Permission Policy. For this purpose, migrate from SecuritySystemUser to PermissionPolicyUser. If you use Entity Framework as the ORM system, you may also need to perform a migration.

Associated roles are exposed via the SecuritySystemUser.Roles property. To get the complete list of permissions granted to the current user via their associated roles, use the IOperationPermissionProvider.GetPermissions method.

Inherit this class when you use the SecurityStrategyComplex Security Strategy and want to replace the default SecuritySystemUser user with a custom type that exposes additional properties.

C#
VB.NET

using DevExpress.ExpressApp.Security;
// ...
public class Employee : SecuritySystemUser {
    public Employee(Session session) : base(session) { }
    private string fullName;
    public string FullName {
        get { return fullName; }
        set { SetPropertyValue(nameof(FullName), ref fullName, value); }
    }
    private Department department;
    public Department Department {
        get { return department; }
        set { SetPropertyValue(nameof(Department), ref department, value); }
    }
    [Association("Employee-Task")]
    public XPCollection<Task> Tasks {
        get { return GetCollection<Task>(nameof(Tasks)); }
    }
}

Imports DevExpress.ExpressApp.Security
' ...
Public Class Employee
    Inherits SecuritySystemUser
    Public Sub New(ByVal session As Session)
        MyBase.New(session)
    End Sub
    Private _fullName As String
    Public Property FullName() As String
        Get
            Return _fullName
        End Get
        Set(ByVal value As String)
            SetPropertyValue(NameOf(FullName), _fullName, value)
        End Set
    End Property
    Private _department As Department
    Public Property Department() As Department
        Get
            Return _department
        End Get
        Set(ByVal value As Department)
            SetPropertyValue(NameOf(Department), _department, value)
        End Set
    End Property
    <Association("Employee-Task")> _
    Public ReadOnly Property Tasks() As XPCollection(Of Task)
        Get
            Return GetCollection(Of Task)(NameOf(Tasks))
        End Get
    End Property
End Class

Then, invoke the Application Designer, focus the SecurityStrategyComplex component and change the SecurityStrategy.UserType value in the Properties window.

Security_SetCustomUserType

Alternativaly, you can specify the user type in code. In a Windows Forms application project, modify the Program.cs (Program.vb) file in the following manner.

C#
VB.NET

public static void Main(string[] arguments) {
    MySolutionWinApplication winApplication = new MySolutionWinApplication();
    winApplication.Security = 
        new SecurityStrategyComplex(typeof(Employee), typeof(SecuritySystemRole), 
            new AuthenticationStandard());
    // ...
}

Public Shared Sub Main(ByVal arguments() As String)
    Dim winApplication As New MySolutionWinApplication()
    winApplication.Security = _
    New SecurityStrategyComplex(GetType(Employee), GetType(SecuritySystemRole), _
    New AuthenticationStandard())
    ' ...
End Sub

In an ASP.NET application project, modify the Global.asax.cs (Global.asax.vb) file in the following manner.

C#
VB.NET

protected void Session_Start(Object sender, EventArgs e) {
    WebApplication.SetInstance(Session, new MySolutionAspNetApplication());
    WebApplication.Instance.Security = 
       new SecurityStrategyComplex(typeof(Employee), typeof(SecuritySystemRole), 
            new AuthenticationStandard());
    // ...
}

Protected Sub Session_Start(ByVal sender As Object, ByVal e As EventArgs)
    WebApplication.SetInstance(Session, New MySolutionAspNetApplication())
    WebApplication.Instance.Security = _
    New SecurityStrategyComplex(GetType(Employee), GetType(SecuritySystemRole), _
    New AuthenticationStandard())
    ' ...
End Sub

If server-side security is used, change the security settings in a QueryRequestSecurityStrategyHandler handler.

C#
VB.NET

QueryRequestSecurityStrategyHandler securityProviderHandler = delegate() {
    return new SecurityStrategyComplex(
        typeof(Employee), typeof(SecuritySystemRole), new AuthenticationStandard());

Dim securityProviderHandler As QueryRequestSecurityStrategyHandler = _
Function() New SecurityStrategyComplex(GetType(Employee), _
GtType(SecuritySystemRole), New AuthenticationStandard())

More examples on implementing a custom user object are provided in the How to: Implement Custom Security Objects (Users, Roles, Operation Permissions) and How to: Use Custom Logon Parameters and Authentication topics.

Tip

You can use the UserWithRolesExtensions.IsUserInRole extension method with SecuritySystemUser objects because SecuritySystemUser implements ISecurityUserWithRoles.