Ticket S38496
Visible to All Users

Security - Support domain components in the new security system (Client-Side UI and Integrated modes)

created 13 years ago
Show previous comments (46)
Dennis Garavsky (DevExpress) 12 years ago

    @Daniel: I apologize for the confusion as it was fully my fault about mixing up the client-side Integrated mode with the middle-tier scenario, which even though does use the same core internally (SecuredDataServer), has some specificities that we hope to work out as part of implementing the DC - Provide support for Domain Components in the RemoteSecuredDataServer/WcfSecuredDataServer classes suggestion. Please stay tuned.

      I wonder why the ommision is defined in a suggestion rather than a bug considering the original request of implementing
      the new security system for DC.
      Is there any way we can develop support for middle tier ourselves?
      thx
      Arjan

      Dennis Garavsky (DevExpress) 12 years ago

        @Arjan: I have just updated the DC - Provide support for Domain Components in the RemoteSecuredDataServer/WcfSecuredDataServer classes suggestion with a temporarily solution.

        Answers approved by DevExpress Support

        created 12 years ago (modified 12 years ago)

        Starting from version 12.2, we will provide a DC-based demo that works with the new security system (Client-Side Security UI and Integrated modes are currently supported. The middle-tier scenario will be supported in the future). For your convenience, both XPO and DC-based versions will be available as part of our SecurityDemo solution.

          Comments (1)
          Dennis Garavsky (DevExpress) 12 years ago

            I wanted to explicitly repeat the description of the DC operation specifics in a middle-tier scenario with regard to the shared parts we discussed earlier in this thread. The matter is that security permissions do not affect objects corresponding to shared parts and they are always loaded (e.g., a developer can always access them in code) by default. However, this does not affect end-users of your application in any way since the application itself behaves normally and displays "Protected Content" where required. There is no such specifics in the UI-level mode.

            Other Answers

            created 12 years ago (modified 12 years ago)

            If you are using domain components + complex security strategy + middle tier application server, then you can get things running by writing a patched version of the ServerSecurityClient class like this:

            C#
            /// <summary> /// Patch requests to ServerSecurityClient. /// </summary> public class PatchedServerSecurityClient : ServerSecurityClient, IRequestSecurityStrategy { #region Constructors public PatchedServerSecurityClient(IServerSecurity serverSecurity, IClientInfoFactory clientInfoFactory) : base(serverSecurity, clientInfoFactory) { } public PatchedServerSecurityClient(IServerSecurity serverSecurity) : this(serverSecurity, new ClientInfoFactory()) { } #endregion /// <summary> /// Patch. /// </summary> /// <param name="assemblyQualifiedName">The assembly-qualified name of the type to get the permissions for.</param> /// <param name="membersName">The members to calculate the read-only status for.</param> /// <param name="targetObjectsHandle">The handles of the objects to deal with.</param> /// <returns>The permission matrix</returns> Dictionary<string, bool> IRequestSecurity.CanReadMembers(string assemblyQualifiedName, List<string> membersName, List<string> targetObjectsHandle) { // Apply a patch for generated classes if (assemblyQualifiedName.StartsWith("DevExpress.ExpressApp.DC.GeneratedClasses")) { // Get the first object handle. It is of the following form: // DOMAINCOMPONENT_FULLTYPENAME ( HANDLE ) ... // ---> we extract the domain component full type name here. string dcTypeName = targetObjectsHandle.First(); dcTypeName = dcTypeName.Substring(0, dcTypeName.IndexOf('(')); // Now we search the registered domain component type with that full name. var dcAssemblyQualifiedTypeName = (from type in XafTypesInfo.PersistentEntityStore.RegisteredEntities where type.FullName == dcTypeName select type.AssemblyQualifiedName).FirstOrDefault(); if (dcAssemblyQualifiedTypeName != null) // If we were successfull, patch the assemblyQualifiedName parameter. assemblyQualifiedName = dcAssemblyQualifiedTypeName; else // Otherwise allow anything. return membersName.ToDictionary((s) => s, (s) => true); } // Run base logic return base.CanReadMembers(assemblyQualifiedName, membersName, targetObjectsHandle); } /// <summary> /// Patch. /// </summary> /// <param name="permissionRequest">The request to elaborate.</param> bool IRequestSecurity.IsGranted(IPermissionRequest permissionRequest) { var request = permissionRequest as ClientPermissionRequest; // Decode the request: Is it a ClientPermissionRequest for a generated class? if (request != null && request.ObjectType.FullName.StartsWith("DevExpress.ExpressApp.DC.GeneratedClasses")) { // Get the domain component type of the generated class. var dcType = XafTypesInfo.CastTypeToTypeInfo(request.ObjectType); permissionRequest = new ClientPermissionRequest( dcType.Type, request.MemberName, request.TargetObjectHandle, request.Operation); } return base.IsGranted(permissionRequest); } }

            Then, go to your WinForms client and instead of

            C#
            var securityClient = new ServerSecurityClient(clientDataServer, new ClientInfoFactory());

            use:

            C#
            var securityClient = new PatchedServerSecurityClient(clientDataServer, new ClientInfoFactory());

            The patch basically translates the generated class types (or generated class type names) into domain component types (or domain component type names).

              Comments (1)
              SR SR
              Steven Rasmussen 12 years ago

                Thanks for sharing!!!

                created 13 years ago (modified 12 years ago)

                I have been working cheerfully for several month with the work-around posted at: Q363027.
                I hope it helps.

                  Comments (1)

                    I'm afraid this won't work with 12.1

                    Disclaimer: The information provided on DevExpress.com and affiliated web properties (including the DevExpress Support Center) is provided "as is" without warranty of any kind. Developer Express Inc disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. Please refer to the DevExpress.com Website Terms of Use for more information in this regard.

                    Confidential Information: Developer Express Inc does not wish to receive, will not act to procure, nor will it solicit, confidential or proprietary materials and information from you through the DevExpress Support Center or its web properties. Any and all materials or information divulged during chats, email communications, online discussions, Support Center tickets, or made available to Developer Express Inc in any manner will be deemed NOT to be confidential by Developer Express Inc. Please refer to the DevExpress.com Website Terms of Use for more information in this regard.