Rock-Solid Application Security
The Traditional Approach
Requires knowledge and expertise in the complex field of application security.
Implementing a robust and customizable security system requires in-depth knowledge of many different areas of software design and programming. If you try to leverage standard .NET Framework security features, you will soon discover that it is lacking. Business applications often require security on the Type, Instance and Field levels, creation of users, roles and permissions at runtime. This means a complex infrastructure, making it elusive and time consuming.
The XAF Advantage
An XAF application is secure by design. The built-in module provides standard security strategies that can be integrated with legacy security infrastructures.
XAF includes standard role-based security that supports Active Directory authentication and permissions at the Type, Instance and Field level. These permissions can be configured via an easy-to-use UI at runtime or in code. Your end-users can create roles, users and permissions without any intervention. With numerous extensibility points, you can integrate XAF with a legacy security system or create custom permissions. And finally, you do not need to be a security expert to enable system-wide security - simply drag and drop security components from the Toolbox in Visual Studio and you are ready to go.
Role-Based Security System - How it Works
Security is very important to every multi-user application, but it can be difficult to implement as it influences so many design decisions across a project. XAF has been built from the ground up with security considerations in mind. To enable security in your application, add the Security Module to your application. This module allows you to use one of the following authentication strategies:
The requirements for security are seldom the same across applications. We supply two security system strategies:
- Simple Security Strategy
There are two user types: a user and an administrator. Users have access to any operation against all objects, except for User objects. Administrators have access to all operations against all objects, including User objects.
- Complex Security Strategy
A user is assigned a role(s) that is characterized by a set of permissions.
The Security Module is agile enough to let you implement custom authentication and authorization strategies and classes used within them. And of course, the Security Module works with both WinForms and ASP.NET platforms.
Object-level and Member-level Security
XAF introduces another new security model that includes the following ready-to-use permission types.
Type Permission - Grants access to a particular object type.
Member Permission - Grants access to specific members of a type.
Object Permission - Grants access to objects satisfying a particular criteria.
There are no denying access modifiers in permissions. This simplifies security logic and makes it easier to implement custom permissions.
To try using the new security system, see the Security Demo and read the New Security System section in the documentation.