What Changed
- In XAF WinForms applications with Middle Tier Security (for both EF Core and XPO ORM), the WebSocket protocol is now used for client-server communication instead of ASP.NET Core Web API.
- The client application now retrieves the list of security permissions for the current user only when the user logs in (previously, the client application queried the server for permissions on every request).
Reasons for Change
To improve performance on high-latency connections (for instance, when servers are distributed far away from clients), we changed the communication protocol to WebSocket and reduced the number of client-server requests.
Impact on Existing Apps
The change affects XAF WinForms applications (.NET 6+ only) that use Middle Tier Security mode. The client application will no longer query the server for permissions required to work with an object each time a request is sent. Instead, the client application requests a list of permissions for the current user once, when the user logs in, and uses the obtained permissions until the user logs out.
How to Revert to Previous Behavior
-
Disable WebSocket communication mode in the client app - use the UseWebSockets property:
File: MySolution.Win/Startup.cs
C#public class ApplicationBuilder : IDesignTimeApplicationFactory { public static WinApplication BuildApplication(string connectionString) { // ... builder.Security .UseMiddleTierMode(options => { // ... options.UseWebSockets = false; // ... }) // ... } } -
Enable stateless per-call mode in the Middle Tier Server app using the UsePerCallMode property:
File: MySolution.MiddleTier/Startup.cs
C#public class Startup { // ... public void ConfigureServices(IServiceCollection services) { // ... services.Configure<WebApiSecuredDataServerOptions>(options => { options.UsePerCallMode = true; }); // ... } }