windowsforms-405145-data-access-security.md
The architecture of Windows Forms applications has shifted significantly from straightforward two-tier “client/server” models to distributed systems. This shift places new demands on how developers design, secure, and optimize their applications:
Backend and Frontend Separation
Increased Complexity in Data Persistence
Asynchronous UI Clients (Frontend)
This section contains an overview of various ways to secure access to data in DevExpress-powered WinForms applications for .NET 8+. The help topics referenced in this section include examples that securely connect the DevExpress WinForms Data Grid to backend services, including OData services, middle-tier API servers, and arbitrary API services.
Establish a secure connection between your WinForms application and an OData service, and activate authentication and authorization for the application using Web API endpoints:
Connect to a Secure OData Service Powered by EF Core
Use a Middle Tier Server that ships as part of DevExpress XAF (Cross-Platform .NET App UI) to securely communicate with a backend. By using a middle tier server, you can reduce security-related risks associated with direct database connections:
Connect to a Secure Middle Tier API Server
Shifting database connections away from the desktop app allows you to create a cleaner architecture and improve maintainability. The following help topic connects a WinForms UI client to a general-purpose data service using Entity Framework Core. This service was created using the standard ASP.NET Core WebAPI template with endpoint handlers (without using OData or external security systems):
Connect to an Arbitrary ASP.NET Core WebAPI Service Powered by EF Core