Current filter:
                                You should refresh the page.

                                1 Solution

                                Creation Date Importance Sort by

                                Update

                                =================

                                We created examples that describe how XAF’s security system can be used in non-XAF .NET apps powered by XPO.
                                Please check our ASP.NET Core Web API/OData v4 + DevExtreme app that illustrates how to protect your data with the XAF Security System in the following client/server web app:

                                • Server: an OData v4 service built with ASP.NET Core Web API.
                                • Client: an HTML/JavaScript app with the DevExtreme Data Grid.
                                 
                                In addition, please review our updated Console and the new WinForms CRUD demo and tutorial

                                =================

                                Hello,

                                Although we do not provide much documentation on the internal APIs needed for this task, you can get started with the following article: How to use SecuritySystem.Instance in multi user applicatition. I have just updated it with more information. I hope this helps.

                                We would also greatly appreciate it if you describe your exact use-case scenario and other important requirements. With that, we can consider documenting this or building new capabilities directly into the product. Thanks for your cooperation.

                                Show all comments
                                • Svatopluk Ulicny 03.06.2019

                                  The scenario I'm currently dealing with can be described like this. I need to implement basic authentication (also the OAuth later) in my OData API based on your XPO_how-to-implement-odata4-service-with-xpo example. I'm currently trying to find the best approach how to login specific user into your SecuritySystem in this multi-user, multi-threading Web API 2 project.
                                  This OData API is going to be used as a “heavy duty” endpoint, that is why authentication must be optimized as possible.

                                • Dennis (DevExpress) 03.07.2019

                                  Thank you for describing your scenario, Svatopluk. We will take it into account. BTW, you may also find the How to use the new ASP.NET Core Data Service for SPA UI to query data from external clients article helpful.

                                  Finally, we would also greatly appreciate it if you post your final solution and other findings here.

                                • Svatopluk Ulicny 03.07.2019

                                  Sure. I'll keep you posted.
                                  Thanks.

                                • Svatopluk Ulicny 04.05.2019

                                  Finally, I prepared my proof-of-concept example. I have extended your XAF_how-to-implement-odata4-service-with-xpo example by security system features. Everything works as expected.
                                  The only issue appears to be scenario, when http request contains the $select parameter explicitly mentioning property not allowed by security system for current user. In such a case an SQL exception is raised.
                                  System.Data.SqlClient.SqlException (0x80131904): At least one of the result expressions in a CASE specification must be an expression other than the NULL constant.

                                  Steps to reproduce:
                                  - Run my example service
                                  - Send request http://localhost:[port]/Customers?$select=CustomerID,CompanyName as user "userA" with password "userA".

                                  Any idea how to provide client with a more convenient response once such a request is sent?
                                  I would also appreciate your opinion and comments on my example API regarding the main concept and overall design.

                                  Thanks a lot.

                                • Dennis (DevExpress) 04.05.2019

                                  Hello Svatopluk,

                                  I briefly checked your project and could not find outstanding issues. Our 2019 roadmap includes the creation of more examples to make XAF functions like data security, validation, audit, etc. available to custom non-XAF UI clients easier. We can comment more on the best practices when such examples are published. In the meantime, you can also borrow best practices from the DevExpress.ExpressApp.Spa source code (c:\Program Files (x86)\DevExpress 19.1\Components\Sources\DevExpress.ExpressApp\DevExpress.ExpressApp.Spa\ by default).

                                  I replicated the error you received and this is something our XPO developers need to research further: ODatav4 - SqlException may occur when using $select against a property protected by the XAF security system.

                                  BTW, do you have any reasons to use the old security system classes instead of PermissionPolicyXXX?
                                  --------------------------------------------------
                                  System.Data.SqlClient.SqlException: 'At least one of the result expressions in a CASE specification must be an expression other than the NULL constant.'

                                    DevExpress.Xpo.v18.2.dll!DevExpress.Xpo.SimpleObjectLayer.SelectDataInternal(DevExpress.Xpo.IDataLayer dataLayer = {DevExpress.Xpo.ThreadSafeDataLayer}, DevExpress.Xpo.ObjectsQuery query = {DevExpress.Xpo.ObjectsQuery}, DevExpress.Data.Filtering.CriteriaOperatorCollection properties = Count = 5, DevExpress.Data.Filtering.CriteriaOperatorCollection groupProperties = null, DevExpress.Data.Filtering.CriteriaOperator groupCriteria = null) Unknown
                                    DevExpress.Xpo.v18.2.dll!DevExpress.Xpo.SimpleObjectLayer.SelectData(DevExpress.Xpo.Session session = {DevExpress.Xpo.UnitOfWork}, DevExpress.Xpo.ObjectsQuery query = {DevExpress.Xpo.ObjectsQuery}, DevExpress.Data.Filtering.CriteriaOperatorCollection properties = Count = 5, DevExpress.Data.Filtering.CriteriaOperatorCollection groupProperties = null, DevExpress.Data.Filtering.CriteriaOperator groupCriteria = null) Unknown
                                    DevExpress.Xpo.v18.2.dll!DevExpress.Xpo.Session.SelectDataInternal(DevExpress.Xpo.Metadata.XPClassInfo classInfo = {DevExpress.Xpo.Metadata.ReflectionClassInfo}, DevExpress.Data.Filtering.CriteriaOperatorCollection properties = Count = 5, DevExpress.Data.Filtering.CriteriaOperator criteria = null, DevExpress.Data.Filtering.CriteriaOperatorCollection groupProperties = null, DevExpress.Data.Filtering.CriteriaOperator groupCriteria = null, bool selectDeleted = false, int skipSelectedRecords = 0, int topSelectedRecords = 0, DevExpress.Xpo.SortingCollection sorting = {DevExpress.Xpo.SortingCollection}) Unknown
                                    DevExpress.Xpo.v18.2.dll!DevExpress.Xpo.Session.SelectData.AnonymousMethod__0() Unknown
                                    DevExpress.Data.v18.2.dll!DevExpress.Xpo.Logger.LogManager.Log<System.Collections.Generic.List<object[]>>(string category = "Session", DevExpress.Xpo.Logger.LogManager.LogHandler<System.Collections.Generic.List<object[]>> handler = {Method = {System.Reflection.RuntimeMethodInfo}}, DevExpress.Xpo.Logger.LogManager.MessageHandler<DevExpress.Xpo.Logger.LogMessage> createMessageHandler = {Method = {System.Reflection.RuntimeMethodInfo}}) Unknown
                                    DevExpress.Xpo.v18.2.dll!DevExpress.Xpo.Session.SelectData(DevExpress.Xpo.Metadata.XPClassInfo classInfo = {DevExpress.Xpo.Metadata.ReflectionClassInfo}, DevExpress.Data.Filtering.CriteriaOperatorCollection properties = Count = 5, DevExpress.Data.Filtering.CriteriaOperator criteria = null, DevExpress.Data.Filtering.CriteriaOperatorCollection groupProperties = null, DevExpress.Data.Filtering.CriteriaOperator groupCriteria = null, bool selectDeleted = false, int skipSelectedRecords = 0, int topSelectedRecords = 0, DevExpress.Xpo.SortingCollection sorting = {DevExpress.Xpo.SortingCollection}) Unknown
                                    DevExpress.Xpo.v18.2.dll!DevExpress.Xpo.SessionObjectLayer.SelectData(DevExpress.Xpo.Session session = {DevExpress.Xpo.UnitOfWork}, DevExpress.Xpo.ObjectsQuery query = {DevExpress.Xpo.ObjectsQuery}, DevExpress.Data.Filtering.CriteriaOperatorCollection properties = Count = 5, DevExpress.Data.Filtering.CriteriaOperatorCollection groupProperties = null, DevExpress.Data.Filtering.CriteriaOperator groupCriteria = null) Unknown
                                    DevExpress.Xpo.v18.2.dll!DevExpress.Xpo.Session.SelectDataInternal(DevExpress.Xpo.Metadata.XPClassInfo classInfo = {DevExpress.Xpo.Metadata.ReflectionClassInfo}, DevExpress.Data.Filtering.CriteriaOperatorCollection properties = Count = 5, DevExpress.Data.Filtering.CriteriaOperator criteria = null, DevExpress.Data.Filtering.CriteriaOperatorCollection groupProperties = null, DevExpress.Data.Filtering.CriteriaOperator groupCriteria = null, bool selectDeleted = false, int skipSelectedRecords = 0, int topSelectedRecords = 0, DevExpress.Xpo.SortingCollection sorting = {DevExpress.Xpo.SortingCollection}) Unknown
                                    DevExpress.Xpo.v18.2.dll!DevExpress.Xpo.Session.SelectData.AnonymousMethod__0() Unknown
                                    DevExpress.Data.v18.2.dll!DevExpress.Xpo.Logger.LogManager.Log<System.Collections.Generic.List<object[]>>(string category = "Session", DevExpress.Xpo.Logger.LogManager.LogHandler<System.Collections.Generic.List<object[]>> handler = {Method = {System.Reflection.RuntimeMethodInfo}}, DevExpress.Xpo.Logger.LogManager.MessageHandler<DevExpress.Xpo.Logger.LogMessage> createMessageHandler = {Method = {System.Reflection.RuntimeMethodInfo}}) Unknown
                                    DevExpress.Xpo.v18.2.dll!DevExpress.Xpo.Session.SelectData(DevExpress.Xpo.Metadata.XPClassInfo classInfo = {DevExpress.Xpo.Metadata.ReflectionClassInfo}, DevExpress.Data.Filtering.CriteriaOperatorCollection properties = Count = 5, DevExpress.Data.Filtering.CriteriaOperator criteria = null, DevExpress.Data.Filtering.CriteriaOperatorCollection groupProperties = null, DevExpress.Data.Filtering.CriteriaOperator groupCriteria = null, bool selectDeleted = false, int skipSelectedRecords = 0, int topSelectedRecords = 0, DevExpress.Xpo.SortingCollection sorting = {DevExpress.Xpo.SortingCollection}) Unknown
                                    DevExpress.Xpo.v18.2.dll!DevExpress.Xpo.XPQueryBase.SessionSelectData(DevExpress.Xpo.Metadata.XPClassInfo classInfo = {DevExpress.Xpo.Metadata.ReflectionClassInfo}, DevExpress.Data.Filtering.CriteriaOperatorCollection properties = Count = 5, DevExpress.Data.Filtering.CriteriaOperator criteria = null, DevExpress.Data.Filtering.CriteriaOperatorCollection groupProperties = null, DevExpress.Data.Filtering.CriteriaOperator groupCriteria = null, bool selectDeleted = false, int skipSelectedRecords = 0, int topSelectedRecords = 0, DevExpress.Xpo.SortingCollection sorting = {DevExpress.Xpo.SortingCollection}) Unknown
                                    DevExpress.Xpo.v18.2.dll!DevExpress.Xpo.XPQueryBase.GetData(System.Type type = {Name = "SelectSome`1" FullName = "Microsoft.AspNet.OData.Query.Expressions.SelectExpandBinder+SelectSome`1[[WebApplication1.Models.Customer, ODataService, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]]"}) Unknown
                                    DevExpress.Xpo.v18.2.dll!DevExpress.Xpo.XPQueryBase.Enumerate(System.Type type = {Name = "SelectSome`1" FullName = "Microsoft.AspNet.OData.Query.Expressions.SelectExpandBinder+SelectSome`1[[WebApplication1.Models.Customer, ODataService, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]]"}) Unknown
                                    DevExpress.Xpo.v18.2.dll!DevExpress.Xpo.XPQuery<Microsoft.AspNet.OData.Query.Expressions.SelectExpandBinder.SelectSome<WebApplication1.Models.Customer>>.GetEnumerator() Unknown
                                    DevExpress.Xpo.v18.2.dll!DevExpress.Xpo.XPQuery<Microsoft.AspNet.OData.Query.Expressions.SelectExpandBinder.SelectSome<WebApplication1.Models.Customer>>.System.Collections.Generic.IEnumerable<Microsoft.AspNet.OData.Query.Expressions.SelectExpandBinder.SelectSome<WebApplication1.Models.Customer>>.GetEnumerator() Unknown
                                    DevExpress.Xpo.v18.2.dll!DevExpress.Xpo.Helpers.EnumerableWrapper<Microsoft.AspNet.OData.Query.Expressions.SelectExpandBinder.SelectSome<WebApplication1.Models.Customer>>.System.Collections.Generic.IEnumerable<Microsoft.AspNet.OData.Query.Expressions.SelectExpandBinder.SelectSome<WebApplication1.Models.Customer>>.GetEnumerator() Unknown
                                    System.Core.dll!System.Linq.EnumerableQuery<object>.GetEnumerator() Unknown
                                    System.Core.dll!System.Linq.EnumerableQuery<object>.System.Collections.IEnumerable.GetEnumerator() Unknown
                                  > ODataService.dll!ODataService.Helpers.XpoLinqQuery<Microsoft.AspNet.OData.Query.Expressions.SelectExpandBinder.SelectSome<WebApplication1.Models.Customer>>.System.Collections.IEnumerable.GetEnumerator() Line 61 C#
                                    Microsoft.AspNet.OData.dll!Microsoft.AspNet.OData.Formatter.Serialization.ODataResourceSetSerializer.WriteResourceSet(System.Collections.IEnumerable enumerable = {ODataService.Helpers.XpoLinqQuery<Microsoft.AspNet.OData.Query.Expressions.SelectExpandBinder.SelectSome<WebApplication1.Models.Customer>>}, Microsoft.OData.Edm.IEdmTypeReference resourceSetType = {Microsoft.OData.Edm.EdmCollectionTypeReference}, Microsoft.OData.ODataWriter writer = {Microsoft.OData.JsonLight.ODataJsonLightWriter}, Microsoft.AspNet.OData.Formatter.Serialization.ODataSerializerContext writeContext = {Microsoft.AspNet.OData.Formatter.Serialization.ODataSerializerContext}) Unknown
                                    Microsoft.AspNet.OData.dll!Microsoft.AspNet.OData.Formatter.Serialization.ODataResourceSetSerializer.WriteObjectInline(object graph = {ODataService.Helpers.XpoLinqQuery<Microsoft.AspNet.OData.Query.Expressions.SelectExpandBinder.SelectSome<WebApplication1.Models.Customer>>}, Microsoft.OData.Edm.IEdmTypeReference expectedType = {Microsoft.OData.Edm.EdmCollectionTypeReference}, Microsoft.OData.ODataWriter writer = {Microsoft.OData.JsonLight.ODataJsonLightWriter}, Microsoft.AspNet.OData.Formatter.Serialization.ODataSerializerContext writeContext = {Microsoft.AspNet.OData.Formatter.Serialization.ODataSerializerContext}) Unknown
                                    Microsoft.AspNet.OData.dll!Microsoft.AspNet.OData.Formatter.Serialization.ODataResourceSetSerializer.WriteObject(object graph = {ODataService.Helpers.XpoLinqQuery<Microsoft.AspNet.OData.Query.Expressions.SelectExpandBinder.SelectSome<WebApplication1.Models.Customer>>}, System.Type type = {Name = "IQueryable`1" FullName = "System.Linq.IQueryable`1[[WebApplication1.Models.Customer, ODataService, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]]"}, Microsoft.OData.ODataMessageWriter messageWriter = {Microsoft.OData.ODataMessageWriter}, Microsoft.AspNet.OData.Formatter.Serialization.ODataSerializerContext writeContext = {Microsoft.AspNet.OData.Formatter.Serialization.ODataSerializerContext}) Unknown
                                    Microsoft.AspNet.OData.dll!Microsoft.AspNet.OData.Formatter.ODataOutputFormatterHelper.WriteToStream(System.Type type = {Name = "IQueryable`1" FullName = "System.Linq.IQueryable`1[[WebApplication1.Models.Customer, ODataService, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]]"}, object value = {ODataService.Helpers.XpoLinqQuery<Microsoft.AspNet.OData.Query.Expressions.SelectExpandBinder.SelectSome<WebApplication1.Models.Customer>>}, Microsoft.OData.Edm.IEdmModel model = {Microsoft.OData.Edm.EdmModel}, Microsoft.OData.ODataVersion version = V4, System.Uri baseAddress = {System.Uri}, System.Net.Http.Headers.MediaTypeHeaderValue contentType = {System.Net.Http.Headers.MediaTypeHeaderValue}, Microsoft.AspNet.OData.Interfaces.IWebApiUrlHelper internaUrlHelper = {Microsoft.AspNet.OData.Adapters.WebApiUrlHelper}, Microsoft.AspNet.OData.Interfaces.IWebApiRequestMessage internalRequest = {Microsoft.AspNet.OData.Adapters.WebApiRequestMessage}, Microsoft.AspNet.OData.Interfaces.IWebApiHeaders internalRequestHeaders = {Microsoft.AspNet.OData.Adapters.WebApiRequestHeaders}, System.Func<System.IServiceProvider, Microsoft.AspNet.OData.Formatter.ODataMessageWrapper> getODataMessageWrapper = {Method = {System.Reflection.RuntimeMethodInfo}}, System.Func<Microsoft.OData.Edm.IEdmTypeReference, Microsoft.AspNet.OData.Formatter.Serialization.ODataSerializer> getEdmTypeSerializer = {Method = {System.Reflection.RuntimeMethodInfo}}, System.Func<System.Type, Microsoft.AspNet.OData.Formatter.Serialization.ODataSerializer> getODataPayloadSerializer = {Method = {System.Reflection.RuntimeMethodInfo}}, System.Func<Microsoft.AspNet.OData.Formatter.Serialization.ODataSerializerContext> getODataSerializerContext = {Method = {System.Reflection.RuntimeMethodInfo}}) Unknown
                                    Microsoft.AspNet.OData.dll!Microsoft.AspNet.OData.Formatter.ODataMediaTypeFormatter.WriteToStreamAsync(System.Type type = {Name = "IQueryable`1" FullName = "System.Linq.IQueryable`1[[WebApplication1.Models.Customer, ODataService, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]]"}, object value = {ODataService.Helpers.XpoLinqQuery<Microsoft.AspNet.OData.Query.Expressions.SelectExpandBinder.SelectSome<WebApplication1.Models.Customer>>}, System.IO.Stream writeStream = {System.Web.HttpResponseStream}, System.Net.Http.HttpContent content = {System.Net.Http.ObjectContent<System.Linq.IQueryable<WebApplication1.Models.Customer>>}, System.Net.TransportContext transportContext = null, System.Threading.CancellationToken cancellationToken = IsCancellationRequested = false) Unknown
                                    System.Net.Http.Formatting.dll!System.Net.Http.Formatting.MediaTypeFormatter.WriteToStreamAsync(System.Type type = {Name = "IQueryable`1" FullName = "System.Linq.IQueryable`1[[WebApplication1.Models.Customer, ODataService, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]]"}, object value = {ODataService.Helpers.XpoLinqQuery<Microsoft.AspNet.OData.Query.Expressions.SelectExpandBinder.SelectSome<WebApplication1.Models.Customer>>}, System.IO.Stream writeStream = {System.Web.HttpResponseStream}, System.Net.Http.HttpContent content = {System.Net.Http.ObjectContent<System.Linq.IQueryable<WebApplication1.Models.Customer>>}, System.Net.TransportContext transportContext = null) Unknown
                                    System.Net.Http.Formatting.dll!System.Net.Http.ObjectContent.SerializeToStreamAsync(System.IO.Stream stream = {System.Web.HttpResponseStream}, System.Net.TransportContext context = null) Unknown
                                    System.Net.Http.dll!System.Net.Http.HttpContent.CopyToAsync(System.IO.Stream stream = {System.Web.HttpResponseStream}, System.Net.TransportContext context = null) Unknown
                                    System.Net.Http.dll!System.Net.Http.HttpContent.CopyToAsync(System.IO.Stream stream = {System.Web.HttpResponseStream}) Unknown
                                    System.Web.Http.WebHost.dll!System.Web.Http.WebHost.HttpControllerHandler.WriteBufferedResponseContentAsync(System.Web.HttpContextBase httpContextBase = {System.Web.HttpContextWrapper}, System.Net.Http.HttpRequestMessage request = {System.Net.Http.HttpRequestMessage}, System.Net.Http.HttpResponseMessage response = {System.Net.Http.HttpResponseMessage}, System.Web.Http.ExceptionHandling.IExceptionLogger exceptionLogger = {System.Web.Http.ExceptionHandling.CompositeExceptionLogger}, System.Web.Http.ExceptionHandling.IExceptionHandler exceptionHandler = {System.Web.Http.ExceptionHandling.LastChanceExceptionHandler}, System.Threading.CancellationToken cancellationToken = IsCancellationRequested = false) Unknown
                                    mscorlib.dll!System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start<System.Web.Http.WebHost.HttpControllerHandler.<WriteBufferedResponseContentAsync>d__22>(ref System.Web.Http.WebHost.HttpControllerHandler.<WriteBufferedResponseContentAsync>d__22 stateMachine = {System.Web.Http.WebHost.HttpControllerHandler.<WriteBufferedResponseContentAsync>d__22}) Unknown
                                    System.Web.Http.WebHost.dll!System.Web.Http.WebHost.HttpControllerHandler.WriteBufferedResponseContentAsync(System.Web.HttpContextBase httpContextBase = {System.Web.HttpContextWrapper}, System.Net.Http.HttpRequestMessage request = {System.Net.Http.HttpRequestMessage}, System.Net.Http.HttpResponseMessage response = {System.Net.Http.HttpResponseMessage}, System.Web.Http.ExceptionHandling.IExceptionLogger exceptionLogger = {System.Web.Http.ExceptionHandling.CompositeExceptionLogger}, System.Web.Http.ExceptionHandling.IExceptionHandler exceptionHandler = {System.Web.Http.ExceptionHandling.LastChanceExceptionHandler}, System.Threading.CancellationToken cancellationToken = IsCancellationRequested = false) Unknown
                                    System.Web.Http.WebHost.dll!System.Web.Http.WebHost.HttpControllerHandler.WriteResponseContentAsync(System.Web.HttpContextBase httpContextBase = {System.Web.HttpContextWrapper}, System.Net.Http.HttpRequestMessage request = {System.Net.Http.HttpRequestMessage}, System.Net.Http.HttpResponseMessage response = {System.Net.Http.HttpResponseMessage}, System.Web.Http.ExceptionHandling.IExceptionLogger exceptionLogger = {System.Web.Http.ExceptionHandling.CompositeExceptionLogger}, System.Web.Http.ExceptionHandling.IExceptionHandler exceptionHandler = {System.Web.Http.ExceptionHandling.LastChanceExceptionHandler}, System.Threading.CancellationToken cancellationToken = IsCancellationRequested = false) Unknown
                                    System.Web.Http.WebHost.dll!System.Web.Http.WebHost.HttpControllerHandler.CopyResponseAsync(System.Web.HttpContextBase httpContextBase = {System.Web.HttpContextWrapper}, System.Net.Http.HttpRequestMessage request = {System.Net.Http.HttpRequestMessage}, System.Net.Http.HttpResponseMessage response = {System.Net.Http.HttpResponseMessage}, System.Web.Http.ExceptionHandling.IExceptionLogger exceptionLogger = {System.Web.Http.ExceptionHandling.CompositeExceptionLogger}, System.Web.Http.ExceptionHandling.IExceptionHandler exceptionHandler = {System.Web.Http.ExceptionHandling.LastChanceExceptionHandler}, System.Threading.CancellationToken cancellationToken = IsCancellationRequested = false) Unknown
                                    mscorlib.dll!System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start<System.Web.Http.WebHost.HttpControllerHandler.<CopyResponseAsync>d__15>(ref System.Web.Http.WebHost.HttpControllerHandler.<CopyResponseAsync>d__15 stateMachine = {System.Web.Http.WebHost.HttpControllerHandler.<CopyResponseAsync>d__15}) Unknown
                                    System.Web.Http.WebHost.dll!System.Web.Http.WebHost.HttpControllerHandler.CopyResponseAsync(System.Web.HttpContextBase httpContextBase = {System.Web.HttpContextWrapper}, System.Net.Http.HttpRequestMessage request = {System.Net.Http.HttpRequestMessage}, System.Net.Http.HttpResponseMessage response = {System.Net.Http.HttpResponseMessage}, System.Web.Http.ExceptionHandling.IExceptionLogger exceptionLogger = {System.Web.Http.ExceptionHandling.CompositeExceptionLogger}, System.Web.Http.ExceptionHandling.IExceptionHandler exceptionHandler = {System.Web.Http.ExceptionHandling.LastChanceExceptionHandler}, System.Threading.CancellationToken cancellationToken = IsCancellationRequested = false) Unknown
                                    System.Web.Http.WebHost.dll!System.Web.Http.WebHost.HttpControllerHandler.ProcessRequestAsyncCore(System.Web.HttpContextBase contextBase = {System.Web.HttpContextWrapper}) Unknown

                                • Svatopluk Ulicny 04.08.2019

                                  Thank you for your reply. I was reading through the DevExpress.ExpressApp.Spa sources but found nothing I can use. Could you point out please what specific part of DevExpress.ExpressApp.Spa project is relevant to my scenario. BTW, I'm not using the .NET Core.
                                  Thanks a lot.

                                • Dennis (DevExpress) 04.09.2019

                                  For instance, I meant our value manager implementation at "c:\Program Files (x86)\DevExpress 19.1\Components\Sources\DevExpress.ExpressApp\DevExpress.ExpressApp.Spa\AspNetCore\HttpContextValueManager.cs". I agree that there are not many other parts you can use from this project.

                                • Andrey K (DevExpress Support) 08.28.2019

                                  Hello,
                                   
                                  We created examples that describe how XAF’s security system can be used in non-XAF .NET apps powered by XPO.
                                  Please check our ASP.NET Core Web API/OData v4 + DevExtreme app that illustrates how to protect your data with the XAF Security System in the following client/server web app:

                                  • Server: an OData v4 service built with ASP.NET Core Web API.
                                  • Client: an HTML/JavaScript app with the DevExtreme Data Grid.
                                   
                                  In addition, please review our updated Console and the new WinForms CRUD demo and tutorial
                                   
                                  Thanks,
                                  Andrey