BuyLog In
Bug Report T946616
Visible to All Users

Security - ASP.NET XAF application throws ObjectDisposedException when the IsGranted method is called

created 4 years ago (modified 4 years ago)

Security - The ASP.NET XAF application throws ObjectDisposedException when the IsGranted method is called
Call stack:
in DevExpress.Xpo.Session.Connect()
in DevExpress.Xpo.Session.get_ObjectLayer()
in DevExpress.ExpressApp.Security.Xpo.Adapters.SessionHelper.GetRealSession(Session session)
in DevExpress.ExpressApp.Security.Xpo.Adapters.SessionHelper.GetRealSession(Session session)
in DevExpress.ExpressApp.Security.Xpo.Adapters.XPOSecurityAdapterProviderBase.GetUnitOfWork(IObjectSpace objectSpace)
in DevExpress.ExpressApp.Security.AdapterFacade.GetUnitOfWork(IObjectSpace objectSpace)
in DevExpress.ExpressApp.Security.SelectDataSecurityCache.TryGetValue(IObjectSpace objectSpace, ISelectDataSecurity& selectDataSecurity)
in DevExpress.ExpressApp.Security.SecurityStrategy.NeedToUpdateSelectDataSecurity(IObjectSpace objectSpace)
in DevExpress.ExpressApp.Security.SecurityStrategy.CreateSelectDataSecurity(IObjectSpace objectSpace)
in DevExpress.ExpressApp.Security.SecurityStrategy.IsGranted(IPermissionRequest permissionRequest)
in DevExpress.ExpressApp.SecuritySystem.IsGranted(IPermissionRequest permissionRequest)
in DevExpress.ExpressApp.DataManipulationRight.HasPermissionTo(Type objectType, String memberName, Object targetObject, IObjectSpace objectSpace, String operation)
in DevExpress.ExpressApp.DataManipulationRight.CanDelete(Type type, Object targetObject, CollectionSourceBase collectionSourceBase, IObjectSpace objectSpace)
in DevExpress.ExpressApp.SystemModule.DeleteObjectsViewController.UpdateActionState()
in DevExpress.ExpressApp.SystemModule.DeleteObjectsViewController.DoUpdateActionState()
in DevExpress.ExpressApp.SystemModule.DeleteObjectsViewController.ObjectSpace_ModifiedChanged(Object sender, EventArgs e)
in System.EventHandler.Invoke(Object sender, EventArgs e)
in DevExpress.ExpressApp.BaseObjectSpace.OnModifiedChanged()
in DevExpress.ExpressApp.Xpo.XPObjectSpace.SetModified(Object obj, ObjectChangedEventArgs args)
in DevExpress.ExpressApp.BaseObjectSpace.SetModified(Object obj)
in DevExpress.ExpressApp.Web.SystemModule.WebModificationsController.SetObjectSpaceModified()
in DevExpress.ExpressApp.Web.SystemModule.WebModificationsController.Save(SimpleActionExecuteEventArgs args)
in DevExpress.ExpressApp.SystemModule.ModificationsController.saveAction_OnExecute(Object sender, SimpleActionExecuteEventArgs e)
in DevExpress.ExpressApp.Actions.SimpleAction.RaiseExecute(ActionBaseEventArgs eventArgs)
in DevExpress.ExpressApp.Actions.ActionBase.ExecuteCore(Delegate handler, ActionBaseEventArgs eventArgs)
InnerException is null

As a workaround, you can use either of these solutions:
1.Disable the Security Permissions Caching.
To do this, remove the "security.RegisterXPOAdapterProviders();" code from your Global.asax.cs file. This code is placed in the Application_Start method by default.
2.Add the descendant of the SecurityStrategyComplex class and override the ReloadPermissionsCore method:

C#
using DevExpress.ExpressApp.Security;

namespace YourApplicationName.Web {
    public class CustomSecurityStrategyComplex : SecurityStrategyComplex {
        protected override void ReloadPermissionsCore() {
            if(User != null && LogonObjectSpace != null) {
                    LogonObjectSpace.ReloadObject(User); 
            }
        }
    }
}

Rebuild your solution. In the Application Designer, add the CustomSecurityStrategyComplex item from the Toolbox.

Sign in to comment on this post

Answers approved by DevExpress Support

created 4 years ago

We have addressed the issue described in this ticket and will include a fix in our next maintenance update. To apply this solution before official release, request a hotfix by clicking the appropriate version link.

Note: Hotfixes may be unavailable for betas/updates set for release within a week.

    Sign in to comment on this post

    Disclaimer: The information provided on DevExpress.com and affiliated web properties (including the DevExpress Support Center) is provided "as is" without warranty of any kind. Developer Express Inc disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. Please refer to the DevExpress.com Website Terms of Use for more information in this regard.

    Confidential Information: Developer Express Inc does not wish to receive, will not act to procure, nor will it solicit, confidential or proprietary materials and information from you through the DevExpress Support Center or its web properties. Any and all materials or information divulged during chats, email communications, online discussions, Support Center tickets, or made available to Developer Express Inc in any manner will be deemed NOT to be confidential by Developer Express Inc. Please refer to the DevExpress.com Website Terms of Use for more information in this regard.