Official Release: Security System for Entity Framework Core
We officially released Security System for EF Core 3.1 in our most recent build (v20.1.6). In addition to basic CRUD Console and WinForms examples, we added the following training videos:
For more information on XAF’s User Authentication and Group Authorization APIs for .NET Core and .NET Framework, please refer to these Frequently Asked Questions.
Official Release: Security Permissions for Actions
v20.1.6 also includes the official release of Action Permissions. These permissions offer fine-grain control over execution of both custom and XAF system Actions within an app’s UI. This maintenance update also supports Action permissions for our ASP.NET Core Blazor UI.
Video Overview | Documentation
Survey: Do You Want To Set Permission States Automatically?
When a user creates new permissions for XAF's Security System role, permission states ('read', 'write'...) are empty by default. Some may find it helpful to set these states based on the role's PermissionPolicy property automatically. For example, if PermissionPolicy='DenyAllByDefault', you may want to set the newly created permissions to 'Allow'. If PermissionPolicy='AllowAllByDefault', you may want to set its state to 'Deny'.
To achieve this, we created a custom Controller that sets states for all newly generated Type and Navigation permissions:
This controller works with ASP.NET and WinForms XAF applications as well. We would appreciate your feedback on this feature.
Documentation and Usability Enhancements
- SecuredEFCoreObjectSpaceProvider | SecuredEFCoreObjectSpace | Action Permissions
- Security - FAQ: XAF User Authentication and Group Authorization API for DevExpress XPO and Microsoft Entity Framework Core ORMs
- How to generate database updater code for security roles created via the application UI in a development environment
- Security - New validation and appearance rules for PermissionPolicyUser and PermissionPolicyRole
- Security - Protected content text changed to asterisks