Get Started with Secured CRUD Operations
in Your Favourite .NET Apps

WinForms
A Windows Forms CRUD app with ribbon menu, GridControl and detail & list forms organized in Tabbed MDI.Download Demo
DevExtreme + ASP.NET Web API OData
A client HTML/JavaScript CRUD app with the DevExtreme Data Grid that connects to an OData v4 service based with ASP.NET Core Web API.Download Demo
ASP.NET Web Forms
A server-side WebForms CRUD app with ASPxGridView in inline-editing mode.Download Demo
Console
A simple console app that connects to a database and outputs data records based on user rights.Download Demo
WPF
To help us prioritize our future development, please tell us about the platforms and use-case scenarios you are most interested in using the Support Center or this Survey.Take a Survey
Xamarin
To help us prioritize our future development, please tell us about the platforms and use-case scenarios you are most interested in using the Support Center or this Survey.Take a Survey
Blazor
To help us prioritize our future development, please tell us about the platforms and use-case scenarios you are most interested in using the Support Center or this Survey.Take a Survey
ASP.NET Core MVC
To help us prioritize our future development, please tell us about the platforms and use-case scenarios you are most interested in using the Support Center or this Survey.Take a Survey
ASP.NET MVC 5
To help us prioritize our future development, please tell us about the platforms and use-case scenarios you are most interested in using the Support Center or this Survey.Take a Survey

Target Audience & Scenarios

Primary usages of XAF's security system in non-XAF .NET apps
powered by XPO are the following:

XAF developers who create non-XAF .NET apps and want to reuse existing data models and Security System settings (users, roles and permissions) stored in an XAF application database. Based on experience, XAF customers often create custom Web and mobile UI clients with ASP.NET MVC, DevExtreme; backend servers with ASP.NET Web API/OData or Console, Windows Service, WCF apps for various administrative tasks (data modifications, report generation, scheduled workflows).
Non-XAF developers who create standard line-of-business (LOB) apps with login, logout forms and security related functionality for any .NET UI technologies like WinForms, WPF, ASP.NET (WebForms, MVC 5, MVC Core, Razor Pages) and .NET server technologies like ASP.NET Web API/OData, WCF, etc. Yet more use-cases with Blazor & Xamarin.Forms (Android, iOS, UWP) UI technologies may come when XAF v19.2 supports .NET Standard 2.0.

Pain Points

Some of the reasons we think you should consider XAF's security system in
your next .NET application:

Access right customization (runtime). While certain technologies like ASP.NET simplify authentication and basic authorization with built-in design time APIs, it is difficult to build a flexible and customizable security system (allowing users to customize the system once the app is deployed).
LOB app developers want to save time and do not want to implement complex security memberships and authentication/authorization algorithms from scratch. For instance, filtering protected data against the current user's access rights or checking if the current user is allowed to delete records.
Getting security right: safe, fast, up-to-date, flexible, and database agnostic. Ready-to-use middleware libraries like ASP.NET Core Identity or Identity Server can be difficult to configure or offer unnecessary functionality.

Role-Based Access Control

with Multi-Database Permission Storage

1. Access control permissions linked to roles and users that can be stored in more than a dozen popular data stores powered by the XPO ORM (including popular RDBMS like SQL Server, Oracle, PostgreSQL, MySql, Firebird, XML and "in-memory" stores).

  • Type permissions grant Read, Write, Create, and Delete access to all objects that belong to a particular type.
  • Object Permissions work in conjunction with Type Permissions and grant access to object instances that fit a specified criterion.
  • Member Permissions grant access to specific members unconditionally or based on a criterion.

2. Powerful and easy-to-use APIs to configure users, roles and permissions in code or visually in XAF apps.

3. Support for extensions or replacement with fully custom user, role, and permission objects to meet the needs of your business domain or address various integration scenarios.

Role-Based Access Control with Multi-Database Permission Storage - XAF, DevExpress

Authentication

1. Built-in authentication types: Forms (user name/password), Active Directory (Windows user) and Mixed (several authentication providers).

2. A modern and secure algorithm for password generation and validation.

3. Support for extension or replacement with custom authentication strategies and logon parameters. For instance, our popular example shows how to use OAuth2 with Google, Facebook or Microsoft authentication providers.

Authentication - XAF Security System, DevExpress

Authorization

1. Just two code lines to read secure records filtered against a logged user (role and permission based). When you set up SecuredObjectSpaceProvider, you can create an unlimited number of secure data contexts - your data query and modification APIs will remain unchanged. A bit more code is required to connect a non-XAF client to the Middle-Tier application server.

2. Fine-grain access control for base and inherited objects, one to many and many to many object relationships, individual columns with or without criteria (example: can read the Full Name field, but cannot see and modify Salary) and specific object instances only.

3. Straightforward APIs to check CRUD or custom access rights for UI element customizations. With this, you can hide or mask protected grid columns, editors in detail forms, and disable menu toolbar commands like New, Delete, Edit, etc.

4. Security permission caching for the best possible performance. Two built-in Permission Policies determine the security system's behavior when explicitly specified permissions for a specific type, object, or member do not exist.

5. Proven in production environments. DevExpress Support, comprehensive documentation, examples and a diagnostic tool are at your service to troubleshoot complex security permission configurations.

Authorization - XAF Security System, DevExpress
Get Started Today
Download Your Free
30-Day Trial
Purchase a License
Subscriptions start at
$2,199.99
Get Pre-Purchase Help
Call us at +1 (818) 844-3383
or email info@devexpress.com