ContextQMD
Back to Devexpress

AuthenticationActiveDirectory.CustomCreateUser Event

expressappframework-devexpress-dot-expressapp-dot-security-dot-authenticationactivedirectory-53c92853.md

latest6.3 KB
Original Source

AuthenticationActiveDirectory.CustomCreateUser Event

Occurs when a user is created automatically.

Namespace : DevExpress.ExpressApp.Security

Assembly : DevExpress.ExpressApp.Security.v25.2.dll

NuGet Package : DevExpress.ExpressApp.Security

Declaration

csharp
public event EventHandler<CustomCreateUserEventArgs> CustomCreateUser
vb
Public Event CustomCreateUser As EventHandler(Of CustomCreateUserEventArgs)

Event Data

The CustomCreateUser event's data class is CustomCreateUserEventArgs. The following properties provide information specific to this event:

PropertyDescription
HandledGets or sets a value that indicates whether the event handler has completely handled the event or whether the system should continue its own processing. Inherited from HandledEventArgs.
ObjectSpaceGets an Object Space used to create a user persistent object.
UserSpecifies an auto-created user.
UserNameGets the login name of the auto-created user.

Remarks

When the AuthenticationActiveDirectory.CreateUserAutomatically property is set to true , the Security System creates a user for the Windows account used to start the application. To customize this process, handle the CustomCreateUser event and assign a user object to the CustomCreateUserEventArgs.User parameter. Set the Handled parameter to true to cancel the default user creation.

The following example demonstrates how to handle this event and create a new user associated with a low-privileged “Default” role in the event handler:

File: MySolution.Win\WinApplication.cs (MySolution.Win\WinApplication.vb)

csharp
using DevExpress.Data.Filtering;
using DevExpress.ExpressApp.Security;
using DevExpress.ExpressApp.Security.Strategy;
// ...
public partial class MySolutionWindowsFormsApplication : WinApplication {
    public MySolutionWindowsFormsApplication() {
        // ...
        authenticationActiveDirectory1.CustomCreateUser += authenticationActiveDirectory1_CustomCreateUser;
    }
    private void authenticationActiveDirectory1_CustomCreateUser(object sender, CustomCreateUserEventArgs e) {
        ApplicationUser user = e.ObjectSpace.CreateObject<ApplicationUser>();
        user.UserName = e.UserName;
        PermissionPolicyRole defaultRole = 
            e.ObjectSpace.FirstOrDefault<PermissionPolicyRole>(role => role.Name == "Default");
        if (defaultRole != null) {
            user.Roles.Add(defaultRole);
        }
        e.User = user;
        e.Handled = true;
    }
    // ...
}

To create this “Default” role, override the ModuleUpdater.UpdateDatabaseAfterUpdateSchema method in the Updater.cs file (the Template Kit adds similar code):

File: MySolution.Module\DatabaseUpdate\Updater.cs (MySolution.Module\DatabaseUpdate\Updater.vb)

csharp
public override void UpdateDatabaseAfterUpdateSchema() {
    base.UpdateDatabaseAfterUpdateSchema();
    // ...
    PermissionPolicyRole defaultRole = ObjectSpace.FirstOrDefault<PermissionPolicyRole>(role => role.Name == "Default");
    if(defaultRole == null) {
        defaultRole = ObjectSpace.CreateObject<PermissionPolicyRole>();
        defaultRole.Name = "Default";
        defaultRole.AddObjectPermissionFromLambda<ApplicationUser>(SecurityOperations.Read, u => u.Oid == (Guid)CurrentUserIdOperator.CurrentUserId(), SecurityPermissionState.Allow);
        defaultRole.AddNavigationPermission(@"Application/NavigationItems/Items/Default/Items/MyDetails", SecurityPermissionState.Allow);
        defaultRole.AddMemberPermissionFromLambda<ApplicationUser>(SecurityOperations.Write, "ChangePasswordOnFirstLogon", u => u.Oid == (Guid)CurrentUserIdOperator.CurrentUserId(), SecurityPermissionState.Allow);
        defaultRole.AddMemberPermissionFromLambda<ApplicationUser>(SecurityOperations.Write, "StoredPassword", u => u.Oid == (Guid)CurrentUserIdOperator.CurrentUserId(), SecurityPermissionState.Allow);
        defaultRole.AddTypePermissionsRecursively<PermissionPolicyRole>(SecurityOperations.Read, SecurityPermissionState.Deny);
        defaultRole.AddTypePermissionsRecursively<ModelDifference>(SecurityOperations.ReadWriteAccess, SecurityPermissionState.Allow);
        defaultRole.AddTypePermissionsRecursively<ModelDifferenceAspect>(SecurityOperations.ReadWriteAccess, SecurityPermissionState.Allow);
        defaultRole.AddTypePermissionsRecursively<ModelDifference>(SecurityOperations.Create, SecurityPermissionState.Allow);
        defaultRole.AddTypePermissionsRecursively<ModelDifferenceAspect>(SecurityOperations.Create, SecurityPermissionState.Allow);                
    }
    ObjectSpace.CommitChanges();
}

See Also

AuthenticationActiveDirectory Class

AuthenticationActiveDirectory Members

DevExpress.ExpressApp.Security Namespace