Ticket T859569
Visible to All Users

How to use XAF Security System in a non-XAF WinForms application

created 5 years ago

Hello,

I have found now, that you have implemented some security system in your libraries:

https://docs.devexpress.com/eXpressAppFramework/113366/concepts/security-system

There is mentioned several times that this system should be used in XAF. I'm not sure, if I understand, what XAF exactly means, but I would like to ask you, if it is possible to use this security system in WinForms?

Currently in our company we are using some our co-worker's extensions to the DX XPO, which adds e.g. some users management etc. There are ale some other extensions, so, I would like to switch back to some clean DX XPO. And the security system seems to me interesting from first point of view.

I need probably something like this:

* Users management.
* Permissions managements.

Both seems to be implemented in your security system. Is it really usable in WinForms? We have built several WinForms applications, so, I would like to preserve it as is with minimal changes. I expect to use some users and grant them permissions according tou current rquirments (e.g. allow/deny access to several parts of the applications, XPO objects etc.). Can I use it?

Best Regards,

Radim

Comments (1)
Dennis Garavsky (DevExpress) 5 years ago

    Hi Radim,

    I need probably something like this:

    • Users management.
    • Permissions managements.

    I wanted to clarify whether you mainly want the UI part like in screenshots from https://docs.devexpress.com/eXpressAppFramework/113366/concepts/security-system or you want non-visual security APIs only? This is important and different solutions will apply.

    Answers approved by DevExpress Support

    created 5 years ago

    Hello Radim,

    XAF is an abbreviation of eXpressApp Framework - The Ultimate Business Application Framework. Although the Security System is a part of this Framework, it can also be used as a standalone. Please see a detailed guidance and examples for major platforms, including WinForms, at User Authentication and Group Authorization API for .NET Apps Powered by the XPO ORM - App Security Made Easy. Note that it requires the Universal subscription.
    Please feel free to contact us if you have any other questions. We would be happy to help you get started.

      Show previous comments (6)

        I have found update method, which I have added to the source code:

        C#
        IObjectSpaceProvider objectSpaceProvider = new SecuredObjectSpaceProvider(security, connectionString, null); objectSpaceProvider.UpdateSchema();

        Now used users are missing. So it should be simple task… I hope. I was thinking that the example is complete…

          Sorry for all my partial comments, but I am finding each particular feature item-by-item… Now it seems as working. I have added users "User" and "Admin" manually to the DB and I can log on now to the application. I'm not sure, if the users have correct permissions, but now it's minor issue. I can play with it ;-).

          Dennis Garavsky (DevExpress) 5 years ago

            >>So, if I open the solution file of the example, it is not working. I have created my own one, but there are also some issues.

            Would you please specify the solution file you opened, the Visual Studio version and post screenshots or additional information that will allow us to comment on the issues you discovered? I can only guess that you tested the .NET Core version of the WinForms example - design time is not yet supported by Microsoft there (coming in 2020 according to their blogs).

            >>Now used users are missing. So it should be simple task… I hope. I was thinking that the example is complete…
            The example is complete and works fine in our tests. To avoid any issues and simplify testing, it is important to follow the example's readme.md file. Of course, it is possible to connect to any database supported by XPO, not only to LocalDB. For LocalDB installation, I suggest you refer to the documentation for your SQL Server. Unless I am mistaken, you can choose an option during the installation.

            Normally, client apps should not update the database (UpdateSchema) - in XAF, we even have a console app DBUpdater for that purpose. Here, for demo purposes, we used a separate app - XafSolution. As I noted in this ticket earlier, this app creates all required tables, users, roles, and permissions. This is also noted in the Prerequisites section of readme.md.

            I would greatly appreciate it if you provide the requested information about errors and also clarify why you decided not to follow the tutorial. It is possible that we did not take other testing strategies into account and may need to update the example's description.

            As for the upgrade, and if you wish, we can discuss this further in a separate private ticket or email. As you probably know, we are very flexible and there may be different options. If this is interesting for you, please specify the number of developers that would want to develop with XAF's security system in your company.

            Other Answers

            created 5 years ago

            Hello,

            I have found several useful features, it seems interesting for me. The main problem is upgrade ;-). I do not have the power to persuade my colleagues and boss to update and purchase the Universal version.

            I have found, that the main enhancements contained in our proprietary system are also contained in your code, so, it looks great from my point of view, but the update… :-(

            Thanks for your help, I will play with it in my free time still and hope we upgrade sometimes…

            Best Regards,

            Radim

              Comments (1)
              Dennis Garavsky (DevExpress) 3 years ago

                I do not have the power to persuade my colleagues and boss to update and purchase the Universal version.

                XAF's Security API is available free-of-charge in v21.2: FREE OFFER - .NET App Security API (Role-based Access Control).

                Disclaimer: The information provided on DevExpress.com and affiliated web properties (including the DevExpress Support Center) is provided "as is" without warranty of any kind. Developer Express Inc disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. Please refer to the DevExpress.com Website Terms of Use for more information in this regard.

                Confidential Information: Developer Express Inc does not wish to receive, will not act to procure, nor will it solicit, confidential or proprietary materials and information from you through the DevExpress Support Center or its web properties. Any and all materials or information divulged during chats, email communications, online discussions, Support Center tickets, or made available to Developer Express Inc in any manner will be deemed NOT to be confidential by Developer Express Inc. Please refer to the DevExpress.com Website Terms of Use for more information in this regard.