In XPO blog post in November 2021, I grumbled about how difficult it was to develop a robust and flexible app security system from scratch with any .NET ORM, including Entity Framework (by security, I’m referring to user authentication and role-based data authorization with flexible permission management). Based on feedback, it seems that many of you agree with my position.
But let's be honest: for most (myself included), creating a robust security system is a serious and costly undertaking. This is especially true if your enterprise requires field-tested Role-Based Access Control (RBAC) and advanced authentication based on JWT + OAuth2 for Azure AD. Yes, too many acronyms and SDK to master, too many `principals`, `access tokens`, and `claims` to remember (brrr…my apologies to ASP.NET Core Identity creators and experts, but I personally hate this complexity. If people reading this are the same down-to-earth .NET developers like I am, please add "+1" in the comments section below).
CRUD, Authorization, Localization, and Much More for Entity Framework Core-based API Services in v22.1
v22.1 marks the official release of our Web API Service. The Solution Wizard scaffolds an OData v4 Web API Service (.NET 6+) with integrated authorization & CRUD operations powered by EF Core and our XPO ORM library. You can use OAuth2, JWT or custom strategies for authentication alongside tools like Postman or Swagger (OpenAPI) for API testing. The built-in security system also filters out secured server data based on permissions granted to users. To use the free Solution Wizard in Visual Studio 2022, which creates Web API Service, run the Universal Component Installer from the Download Manager.
The basic functions of our Web API Service (including the Solution Wizard) are available for FREE as part of our .NET App Security & Web API Service free offer. To register your free copy today, please visit: https://www.devexpress.com/security-api-free.
The following learning resources will answer popular questions about our API:
Additional services/benefits of our Web API Service are available to active DevExpress Universal Subscribers and include:
- Technical support and full source code
- XAF's administrative UI to manage users and roles at runtime using WinForms, WebForms, and Blazor apps
- Localization functions (endpoints to obtain localized captions for classes, members, and custom UI elements). The Web API Service project includes a XAFML file with a designer (Model Editor) to help you localize and store strings under the BOModel and Localization nodes - you do not need to worry about the localization structure yourself.
- Advanced/enterprise functions such as audit trail, endpoints to download reports, file attachments, check validation, etc.
NOTE: The Solution Wizard template for Web API .NET 6-based projects is available in
Visual Studio 2022+ after you run the Universal Component Installer from the Download Manager. Future Plans
Your Feedback Matters
Our long-term customer, Mario Blatarić (Logon Ltd.), shared his recent experience with the Web API Service:
I have new, rather big, project and I decided to give Web API services a serious go (for a mobile app with GIS functionality). It turned to be serious time saver with ability to reuse entire data model and security. Before, I would have to write new project, replicate and constantly maintain data structure, deal with security and so on. Web API Services are just natural fit for XAF Blazor, I really like it.
Please take a moment to reply to the following questions – your feedback will help us shape/define future development strategies.
Thanks,
Dennis Garavsky
Principal Product Manager
dennis@devexpress.com
Free DevExpress Products - Get Your Copy Today
The following free DevExpress product offers remain available. Should you have any questions about the free offers below, please submit a ticket via the
DevExpress Support Center at your convenience. We'll be happy to follow-up.