XAF Security System & Roles

The standard security system in XAF does not support anonymous content out of the box. Everyone is a registered user and requires registration straight out of the gate. We have been working on products lately that require a more user friendly approach to web logins.

One of the ways we came up with was creating using a multi-tier security system concept. This has multiple user objects allowing for a single base user to define standard access, and users on top of it to dictate how the specific application is working.

To use this concept, we replaced the security system with a few lines of code:

Security Class:

Public Class AnonymousSecuritySystem
    Inherits DevExpress.ExpressApp.Security.AuthenticationActiveDirectory

    Protected Overrides Function GetUserName() As String
        Return "Anonymous"
    End Function
End Class

After replacing the security system, we created a controller which allows a user to login based on another tier object.

Public Class LoginController
    Inherits DevExpress.ExpressApp.ViewController

    Public Sub New()
        MyBase.New()

        'This call is required by the Component Designer.
        InitializeComponent()
        RegisterActions(components)
    End Sub

    Private Sub Login_Execute(ByVal sender As System.Object, ByVal _ 
             e As Actions.SimpleActionExecuteEventArgs) Handles Login.Execute
        Dim oWebUser As WebUser = ObjectSpace.FindObject(Of WebUser) _ 
             (CriteriaOperator.Parse("UserName = 'a'"))
        If oWebUser IsNot Nothing Then
            CType(SecuritySystem.Instance, SecurityComplex).Logon(oWebUser.BaseUser)
        End If
    End Sub
End Class

This is extended out to each application, so we can have separate win and web users, as well as keeping the option open to share the same roles between the applications.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>