ContextQMD
Back to Devexpress

Use the Security System

expressappframework-404204-getting-started-in-depth-tutorial-blazor-enable-additional-modules-use-the-security-system.md

latest3.9 KB
Original Source

Use the Security System

  • Sep 22, 2025
  • 7 minutes to read

This article explains how to implement the Security System in your application. The system applies the SecurityStrategyComplex security strategy. According to this strategy, application users have roles with different permission sets. For more information about permissions, see the following topic: Security (Access Control & Authentication).

The instructions below describe how to do the following:

  • Enable the AuthenticationStandard authentication type.
  • Create an administrator user and a common user in code.
  • Create a user and a role at runtime.

The administrator has a full-access permission set. The user has a limited permission set. The administrator can create User objects and Role objects, specify Permissions for them, and then assign Roles to Users at runtime.

With AuthenticationStandard authentication type, the Security System uses the internal XAF authentication mechanism and stores user credentials in the application’s database. Users need to input their name and password in the login form before application startup.

Note

Before you proceed, take a moment to review this lesson:

Implement Standard Authentication in Code

  1. In the MySolution.Module\BusinessObjects folder, create the ApplicationUser class. Replace the generated class declaration with the following code:

  2. In the same manner, create the ApplicationUserLoginInfo class.

  3. Go to the MySolution.Module\MySolutionDbContext file and add the following properties to DbSet:

  4. Enable Standard Authentication in the platform-specific Startup files:

  5. Expand the MySolution.Module project in the Solution Explorer and go to the DatabaseUpdate folder. Open the Updater.cs file and create the Administrator user in the ModuleUpdater.UpdateDatabaseAfterUpdateSchema method.

  6. In the same manner, create a common user.

  7. Create a common user role and specify its permissions. This user only has access to the current user object.

  8. Optionally, you can configure your application to store user differences (individual user settings) in the database. Make the following changes in the MySolution.Blazor.Server\BlazorModule.cs (ASP.NET Core Blazor) and MySolution.Win\WinModule.cs (Windows Forms) files:

  9. Run the application. Log in under Admin. Leave the password field empty (you did not specify the password when you created this user). When you click the Log In button, the user’s credentials are authenticated and the application runs.

  10. Select the My Details item in the navigation control and see the Detail View.

Create a Role in the UI

Administrators and other users with Role creation permission can create roles at runtime.

  1. Select the Role item in the navigation control and click the New button. In the invoked Detail View, set the name and permissions for the new role.

Create a User in the UI

Administrators and other users with User creation permission can create users at runtime.

  1. Select the Application User item in the navigation control and click the New button. In the invoked Detail View, specify the User Name and assign one or more roles.