Enterprise-Ready User Authentication & Group Authorization

While certain platforms (like ASP.NET) simplify authentication and basic authorization with built-in design time APIs, it’s difficult to construct a flexible/customizable app security system (with the ability to customize the system once the app is deployed). Our User Authentication & Group Authorization API for .NET allows you to incorporate a highly flexible/customizable security system in your next .NET app.

LOB app developers want to save time and do not want to implement complex security memberships and authentication/authorization algorithms from scratch (such as apps that can filter protected data against a user's access rights or check whether the current user is allowed to delete records). Our User Authentication & Group Authorization API for .NET allows you to incorporate advanced security-related capabilities with minimal effort.

Getting security right (safe, fast, up-to-date, flexible, and database agnostic) is complicated. Pre-built middleware libraries like ASP.NET Core Identity or Identity Server can be difficult to configure or offer unnecessary functionality. Our User Authentication & Group Authorization API for .NET allows you to integrate a proven, database agnostic security sub-system in the shortest possible time.

User Authentication and Group Authorization - XAF | DevExpress

Target Audience & Common Usage Scenarios

XAF developers who need to create non-XAF .NET apps.

If you want to reuse data models and security settings/configurations (users, roles and permissions) stored within an existing XAF application database, look no further than XAF’s User Authentication & Group Authorization API for .NET.

Based on feedback, we know that many XAF developers create custom web and mobile UI clients to service various internal administrative tasks (data modifications, report generation, scheduled workflows). XAF’s Security System is perfect for such usage scenarios.

Non-XAF developers who create standard line-of-business (LOB) apps.

If your .NET app includes login/logout forms and requires security related functionality, XAF’s User Authentication & Group Authorization API is an easy-to-use alternative to custom app-security logic.

From WinForms, WPF and ASP.NET, to .NET server technologies like ASP.NET Web API/OData, WCF – XAF’s Security System is the perfect choice for the enterprise. And yes, XAF’s User Authentication & Group Authorization API for .NET will soon support Blazor & Xamarin.Forms (Android, iOS, UWP) UI technologies.

Demo Apps

Minimal Dependencies. Your Existing ORM Knowledge. Secured Apps in 3 Steps.


Step 1

Reference a few XAF core assemblies from DevExpress NuGet or .NET Installers.

Step 2

Setup the authentication type, create users and roles using examples for target .NET platforms.

Step 3

Execute secured CRUD operations using your ORM database context or its XAF wrapper.

WinForms
A WinForms CRUD app with Ribbon, Data Grid. The app includes list and detail forms within a Tabbed-MDI shell. Download Demo
DevExtreme + ASP.NET Web API OData
A client-side HTML/JavaScript CRUD app that uses the DevExtreme Data Grid and connects to an OData v4 web service (using the ASP.NET Core Web API). Download Demo
ASP.NET Web Forms
A server-side Web Forms CRUD app that uses our high-performance ASP.NET Data Grid. The demo supports inline data editing. Download Demo
Console
A simple console app that connects to a database and outputs data records based on user rights. Download Demo
WPF
Coming soon. Please help us prioritize future development. Take a Survey
Xamarin
Coming soon. Please help us prioritize future development. Take a Survey
Blazor
A server-side ASP.NET Core Blazor CRUD app that uses our high-performance Data Grid component. The demo supports inline data editing. Download Demo
ASP.NET Core MVC
A server-side ASP.NET MVC Core CRUD app that uses our high-performance DevExtreme-based Data Grid. The demo supports inline data editing. Download Demo
ASP.NET MVC 5
Coming soon. Please help us prioritize future development. Take a Survey

David Desiderà

More than one year ago I explained to my collaborators that - in my opinion - it was possible to integrate XAF's security layer with UI interface into an existing WinForms enterprise application that was 10 years old. We successfully implemented it! It took 40 man-days of job in total instead of at least 400 if I had decided to start from scratch. You guys saved my life!

Need additional use-cases? Review our advanced user-role management UX for both WinForms and ASP.NET Apps.

Role-Based Access Control
with Multi-Database Permission Storage

1. Access control permissions (linked to roles and users) that can be stored in more than a dozen popular data stores (including popular database servers like SQL Server, Oracle, PostgreSQL, MySql, Firebird, XML and "in-memory" stores).

  • Type permissions grant Read, Write, Create, and Delete access to all objects.
  • Object Permissions work in conjunction with Type Permissions and grant access to object instances that fit a specified criterion.
  • Member Permissions grant access to specific members unconditionally or based on a criterion.

2. Powerful and easy-to-use APIs to configure users, roles and permissions in code or visually within XAF apps.

3. Support for extensions or replacement with custom user, role, and permission objects.

Role-Based Access Control with Multi-Database Permission Storage - XAF, DevExpress

Authentication

1. Built-in authentication types: Forms (user name/password), Active Directory (Windows user) and Mixed (several authentication providers).

2. A modern and secure algorithm for password generation and validation.

3. Support for extension or replacement with custom authentication strategies and logon parameters. For instance, our popular example shows how to use OAuth2 with Google, Facebook or Microsoft authentication providers.

Authentication - XAF Security System, DevExpress

Authorization

1. Two code lines to filter records against a logged user. With a secured object space provider, your ORM data query and modification API will remain unchanged.

2. Fine-grain access control for object relationships, individual objects or columns with or without criteria (example: can read the Full Name field, but cannot modify Salary).

3. Straightforward APIs to check CRUD or custom access rights for UI customizations (example: mask protected editors or disable menu commands).

4. Proven in production environments. Security permission caching for the best possible performance.

5. Easy troubleshooting with comprehensive documentation, diagnostic tools and DevExpress Support.

Authorization - XAF Security System, DevExpress
Get Started Today
Download Your Free
30-Day Trial
Purchase a License
Subscriptions start at
$2,199.99
FAQ
Frequently asked questions related to
.NET App Security API