expressappframework-devexpress-dot-expressapp-dot-security-dot-strategy.md
An XAF user who has a list of associated security roles.
Namespace : DevExpress.ExpressApp.Security.Strategy
Assembly : DevExpress.ExpressApp.Security.Xpo.v25.1.dll
NuGet Package : DevExpress.ExpressApp.Security.Xpo
[MapInheritance(MapInheritanceType.ParentTable)]
[RuleCriteria("SecuritySystemUser_XPO_Prevent_delete_logged_in_user", DefaultContexts.Delete, "[Oid] != CurrentUserId()", "Cannot delete the current logged-in user. Please log in using another user account and retry.")]
public class SecuritySystemUser :
SecuritySystemUserBase,
IOperationPermissionProvider,
ISecurityUserWithRoles,
ICanInitialize
<MapInheritance(MapInheritanceType.ParentTable)>
<RuleCriteria("SecuritySystemUser_XPO_Prevent_delete_logged_in_user", DefaultContexts.Delete, "[Oid] != CurrentUserId()", "Cannot delete the current logged-in user. Please log in using another user account and retry.")>
Public Class SecuritySystemUser
Inherits SecuritySystemUserBase
Implements IOperationPermissionProvider,
ISecurityUserWithRoles,
ICanInitialize
Note
It is recommended to use the Allow/Deny Permission Policy. For this purpose, migrate from SecuritySystemUser to PermissionPolicyUser. If you use Entity Framework as the ORM system, you may also need to perform a migration.
Associated roles are exposed by the SecuritySystemUser.Roles property. To get the complete list of permissions granted to the current user through their associated roles, use the IOperationPermissionProvider.GetPermissions method.
Inherit this class when you use the SecurityStrategyComplex Security Strategy and want to replace the default SecuritySystemUser user with a custom type that exposes additional properties.
using DevExpress.ExpressApp.Security;
// ...
public class Employee : SecuritySystemUser {
public Employee(Session session) : base(session) { }
private string fullName;
public string FullName {
get { return fullName; }
set { SetPropertyValue(nameof(FullName), ref fullName, value); }
}
private Department department;
public Department Department {
get { return department; }
set { SetPropertyValue(nameof(Department), ref department, value); }
}
[Association("Employee-Task")]
public XPCollection<Task> Tasks {
get { return GetCollection<Task>(nameof(Tasks)); }
}
}
Then, invoke the Application Designer, focus the SecurityStrategyComplex component and change the SecurityStrategy.UserType value in the Properties window.
Alternatively, you can specify the user type in code. In a Windows Forms application project, modify the Program.cs file in the following manner.
public static void Main(string[] arguments) {
MySolutionWinApplication winApplication = new MySolutionWinApplication();
winApplication.Security =
new SecurityStrategyComplex(typeof(Employee), typeof(SecuritySystemRole),
new AuthenticationStandard());
// ...
}
In an ASP.NET Web Forms application project, modify the Global.asax.cs file in the following manner.
protected void Session_Start(Object sender, EventArgs e) {
WebApplication.SetInstance(Session, new MySolutionAspNetApplication());
WebApplication.Instance.Security =
new SecurityStrategyComplex(typeof(Employee), typeof(SecuritySystemRole),
new AuthenticationStandard());
// ...
}
If server-side security is used, change the security settings in a QueryRequestSecurityStrategyHandler.
QueryRequestSecurityStrategyHandler securityProviderHandler = delegate() {
return new SecurityStrategyComplex(
typeof(Employee), typeof(SecuritySystemRole), new AuthenticationStandard());
See the following help topics for more examples on implementing a custom user object:
Tip
You can use the UserWithRolesExtensions.IsUserInRole extension method with SecuritySystemUser objects because SecuritySystemUser implements ISecurityUserWithRoles.
IAuthenticationActiveDirectoryUser
Object PersistentBase XPBaseObject XPCustomObject SecuritySystemUserBase SecuritySystemUser
See Also