Authorization Logic — Query Builder

• Mar 06, 2025
• 3 minutes to read

The DevExpress ASP.NET WebForms Query Builder allows users to browse available data connections and tables. The Query Builder is integrated into both the DevExpress Report Designer and Dashboard Designer and can be used as a standalone control. To address CWE-285-related security risks, restrict access to data displayed within the Query Builder as follows:

1. Implement a custom connection string provider to restrict access to connection strings:

2. Implement a custom database schema provider to restrict access to data tables, views, and stored procedures:

3. Register your custom providers for the DevExpress Dashboard Designer, Report Designer, or standalone Query Builder in the Global.asax.cs or Global.asax.vb file: