The standard security system in XAF does not support anonymous content out of the box. Everyone is a registered user and requires registration straight out of the gate. We have been working on products lately that require a more user friendly approach to web logins.
One of the ways we came up with was creating using a multi-tier security system concept. This has multiple user objects allowing for a single base user to define standard access, and users on top of it to dictate how the specific application is working.
To use this concept, we replaced the security system with a few lines of code:
Public Class AnonymousSecuritySystem Inherits DevExpress.ExpressApp.Security.AuthenticationActiveDirectory Protected Overrides Function GetUserName() As String Return "Anonymous" End Function End Class
After replacing the security system, we created a controller which allows a user to login based on another tier object.
Public Class LoginController Inherits DevExpress.ExpressApp.ViewController Public Sub New() MyBase.New() 'This call is required by the Component Designer. InitializeComponent() RegisterActions(components) End Sub Private Sub Login_Execute(ByVal sender As System.Object, ByVal _ e As Actions.SimpleActionExecuteEventArgs) Handles Login.Execute Dim oWebUser As WebUser = ObjectSpace.FindObject(Of WebUser) _ (CriteriaOperator.Parse("UserName = 'a'")) If oWebUser IsNot Nothing Then CType(SecuritySystem.Instance, SecurityComplex).Logon(oWebUser.BaseUser) End If End Sub End Class
This is extended out to each application, so we can have separate win and web users, as well as keeping the option open to share the same roles between the applications.