XAF - Role-based Access Control & User Authentication API in .NET Core Apps: Blazor Server, Web API/OData v4 and More (powered by XPO)

XAF Team Blog
05 February 2020

UPDATED: .NET App Security API (Role-based Access Control) is available free-of-charge (versions 21.2.x and 22.1.x).

Our recent enhancements to user authentication and group authorization demos include the following:  

  • .NET Core 3.0+ versions of WinForms, ASP.NET Core MVC, Web API/OData v4 + DevExtreme apps.
  • New non-XAF Blazor Server demo and tutorial based on DevExpress Blazor components and XAF's security system APIs.
  • New extension methods CanXXX for the SecurityStrategy class (where XXX is Read, Write, Create, Delete, Navigate) that replace complicated IsGranted calls with many parameters.

        new PermissionRequest(ObjectSpace, typeof(DemoTask), 
           SecurityOperations.Write, selectedObject, nameof(DemoTask.Status)
    security.CanWrite(selectedObject, nameof(DemoTask.Status));
    We simplified XAF and non-XAF demo code and help topics accordingly. XAF WinForms and WebForms developers will benefit from these usability enhancements as well. For more examples, see our MainDemo v19.2.6 ("c:\Users\Public\Documents\DevExpress Demos 19.2\Components\eXpressApp Framework\MainDemo\CS\MainDemo.Module\Controllers\TaskActionsController.cs").
  • New extension methods CanXXXByUser and CanXXXByRole for the SecurityStrategy class. These extension methods help query access rights for required user and role objects even if you are not logged in under them within a secured application. Use cases include custom UI or diagnostic tools designed to display effective permissions for certain users (T413260, T826065, T552175). More documentation and code examples are coming soon.

Please Help Us Decide on Xamarin, Blazor WebAssembly, WPF and ASP.NET MVC 5 Demo Apps

Based on user surveys and blog comments, interest for highlighted platforms was not very high. Also, many users wanted to see WinForms and ASP.NET Core examples with OAuth2 - using Microsoft Office 365, Azure Active Directory or Google authentication providers (we currently display a simple Forms authentication with a login and password).

Please leave comments about the most desired platforms and use-case scenarios with our authentication and group authorization APIs. Even if you are not using XAF yet, we would love to hear from you about problematic or costly tasks associated with other security libraries such as Identity Server or ASP.NET Core. Thank you for your continued support!

Recent Feedback

I wanted to share a testimonial from David Desiderà, Solution Architect at SpecTec, who successfully integrated XAF's security system APIs with a legacy WinForms app:

David Desidera, Solution Architect at SpecTect More than one year ago I explained to my collaborators that - in my opinion - it was possible to integrate XAF's security layer with UI interface into an existing WinForms enterprise application that was 10 years old. We successfully implemented it! It took 40 man-days of job in total instead of at least 400 if I had decided to start from scratch. You guys saved my life!!

If you are using XAF's security system APIs or simply evaluating it at present time, please share your experience below.

Free DevExpress Products - Get Your Copy Today

The following free DevExpress product offers remain available. Should you have any questions about the free offers below, please submit a ticket via the DevExpress Support Center at your convenience. We'll be happy to follow-up.
No Comments

Please login or register to post comments.