In this lesson, you will learn how to use a Security System in the application. When you use this system, the SecurityStrategyComplex security strategy is applied to your application. According to this strategy, Users have Roles, which in turn are characterized by a permission set. This topic will guide you through creating an administrator and a common user in code. The administrator will have a full-access permission set, and the user will have a limited permission set. You will see how the administrator can create Users and Roles, specify Permissions for them, and then assign Roles to Users at runtime. You will also use the AuthenticationStandar authentication type to log on to the application.

在本课中,您将学习如何在应用程序中使用安全系统。使用此系统时,安全策略复合安全策略将应用于您的应用程序。根据此策略,用户具有角色,而角色又以权限集为特征。本主题将指导您创建管理员和代码中的普通用户。管理员将具有完全访问权限集,并且用户将具有有限的权限集。您将看到管理员如何创建用户和角色,为其指定权限,然后在运行时将角色分配给用户。您还将使用身份验证 Standar 身份验证类型登录到应用程序。

Note 注意
Before proceeding, take a moment to review the following topics.
在继续之前,请花点时间回顾以下主题。
  • Create a Solution using the Wizard
  • Supply Initial Data (XPO/EF) lesson.
  • 使用向导创建解决方案
  • 提供初始数据 (XPO/EF) 课程。

Active Directory Authentication

活动目录身份验证

If you have followed the Create a Solution using the Wizard lesson, you have already enabled the Security System with the AuthenticationActiveDirectory authentication.

如果您遵循了使用向导课程创建解决方案,则表示您已使用身份验证活动目录身份验证启用了安全系统。

Invoke the Application Designer for the WinForms application and take a look at the Security section.

调用 WinForms 应用程序的应用程序设计器,并查看"安全"部分。

As you can see in the image above, a Complex Security Strategy and Active Directory authentication are used, and the CreateUserAutomatically property is set to true. This means that a user object (PermissionPolicyUser) is created automatically when you first run the application. This object's UserName property is set to your Active Directory account. You've got all permissions as the automatically created user type is an administrator. To see this user's details at runtime, navigate to the User and MyDetails items in the navigation control.

如上图所示,将使用复杂安全策略和活动目录身份验证,并将"创建用户自动"属性设置为 true。这意味着在首次运行应用程序时将自动创建用户对象(权限策略用户)。此对象的 UserName 属性设置为活动目录帐户。您已获得所有权限,因为自动创建的用户类型是管理员。要在运行时查看此用户的详细信息,请导航到导航控件中的"用户"和"MyDetails"项。

Now, follow the Tutorial to learn how to change authentication type in your application.

现在,请按照教程了解如何更改应用程序中的身份验证类型。

Standard Authentication

标准身份验证

  • Invoke the Application Designer for the WinForms application. To use a standard authentication strategy, drag the AuthenticationStandard component from the DX.19.2: XAF Security Toolbox tab to the Designer's Security section.

  • 调用 WinForms 应用程序的应用程序设计器。要使用标准身份验证策略,请将身份验证标准组件从 DX.19.2:XAF 安全工具箱选项卡拖动到设计器的安全部分。

  • Invoke the Application Designer for the ASP.NET application. Drag the AuthenticationStandard component from the DX.19.2: XAF Security Toolbox tab to the Designer's Security section.
  • 调用ASP.NET应用程序的应用程序设计器。将身份验证标准组件从 DX.19.2:XAF 安全工具箱选项卡拖动到设计器的安全部分。

Create Predefined Users and Roles in Code

在代码中创建预定义的用户和角色

  • Before running an application with Standard Authentication enabled, create several predefined Users and Roles business objects, and assign the Roles to Users. This will allow you to logon and create more Users at runtime.

  • 在运行启用了标准身份验证的应用程序之前,请创建多个预定义的用户和角色业务对象,并将角色分配给用户。这将允许您在运行时登录并创建更多用户。

The objects that should exist in the database while running the application are created in the ModuleUpdater.UpdateDatabaseAfterUpdateSchema method in the MySolution.Module | DatabaseUpdate | Updater.cs/Updater.vb file (see the Supply Initial Data (EF/XPO) topic).

运行应用程序时数据库中应存在的对象在 MySolution.模块中的"模块更新器.更新数据库后更新架构"方法中创建。数据库更新 |Updater.cs/Updater.vb文件(请参阅电源初始数据 (EF/XPO) 主题)。

  • First, create Roles. The following code demonstrates how to create an "Administrators" Role.
  • 首先,创建角色。以下代码演示如何创建"管理员"角色。
using DevExpress.ExpressApp.Security;
// ...
public override void UpdateDatabaseAfterUpdateSchema() {
base.UpdateDatabaseAfterUpdateSchema();
// ...
PermissionPolicyRole adminRole = ObjectSpace.FindObject<PermissionPolicyRole>(
new BinaryOperator("Name", SecurityStrategy.AdministratorRoleName));
if (adminRole == null) {
adminRole = ObjectSpace.CreateObject<PermissionPolicyRole>();
adminRole.Name = SecurityStrategy.AdministratorRoleName;
adminRole.IsAdministrative = true;
}
// ...
}
Note 注意
In the code above, the PermissionPolicyRole class from the DevExpress.Persistent.BaseImpl.PermissionPolicy namespace is used for XPO, and the PermissionPolicyRole class from the DevExpress.Persistent.BaseImpl.EF.PermissionPolicy namespace is used for Entity Framework. Ensure that the correct using (Imports in VB) directive is added.
在上面的代码中,来自 DevExpress.持久.BaseImpl.权限策略命名空间的权限策略角色类用于 XPO,而来自 DevExpress 的"权限策略"类。实体框架。确保添加了正确的使用(VB 中的导入)指令。

Here, the "Administrators" Role has full access to objects of all types, because its IPermissionPolicyRole.IsAdministrative property is set to true.

此处,"管理员"角色具有对所有类型的对象的完全访问权限,因为它的 I 权限策略Role.is管理属性设置为 true。

Now create a "Users" Role - a very basic Role that will have access to the current user object only. You can later extend this Role's permission set in the UI using extension methods of the PermissionSettingHelper class. See the following code.

此处,"管理员"角色具有对所有类型的对象的完全访问权限,因为它的 I 权限策略Role.is管理属性设置为 true。

public override void UpdateDatabaseAfterUpdateSchema() {
// ...
PermissionPolicyRole userRole = ObjectSpace.FindObject<PermissionPolicyRole>(new BinaryOperator("Name", "Users"));
if(userRole == null) {
userRole = ObjectSpace.CreateObject<PermissionPolicyRole>();
userRole.Name = "Users";
userRole.PermissionPolicy = SecurityPermissionPolicy.AllowAllByDefault;
userRole.AddTypePermission<PermissionPolicyRole>(SecurityOperations.FullAccess,
SecurityPermissionState.Deny);
userRole.AddTypePermission<PermissionPolicyUser>(SecurityOperations.FullAccess,
SecurityPermissionState.Deny);
userRole.AddObjectPermission<PermissionPolicyUser>(SecurityOperations.ReadOnlyAccess,
"[Oid] = CurrentUserId()", SecurityPermissionState.Allow);
userRole.AddMemberPermission<PermissionPolicyUser>(SecurityOperations.Write,
"ChangePasswordOnFirstLogon", null, SecurityPermissionState.Allow);
userRole.AddMemberPermission<PermissionPolicyUser>(SecurityOperations.Write,
"StoredPassword", null, SecurityPermissionState.Allow);
userRole.AddTypePermission<PermissionPolicyRole>(SecurityOperations.Read, SecurityPermissionState.Allow);
userRole.AddTypePermission<PermissionPolicyTypePermissionObject>("Write;Delete;Navigate;Create", SecurityPermissionState.Deny);
userRole.AddTypePermission<PermissionPolicyMemberPermissionsObject>("Write;Delete;Navigate;Create",
SecurityPermissionState.Deny);
userRole.AddTypePermission<PermissionPolicyObjectPermissionsObject>("Write;Delete;Navigate;Create",
SecurityPermissionState.Deny);
}
//...
}

The following code demonstrates how to create Users.

以下代码演示如何创建用户。

    C#
VB.NET using DevExpress.ExpressApp.Security;
// ...
public class Updater : ModuleUpdater {
public Updater(IObjectSpace objectSpace, Version currentDBVersion)
: base(objectSpace, currentDBVersion) { }
public override void UpdateDatabaseAfterUpdateSchema() {
// ...
// If a user named 'Sam' does not exist in the database, create this user.
PermissionPolicyUser user1 = ObjectSpace.FindObject<PermissionPolicyUser>(
new BinaryOperator("UserName", "Sam"));
if(user1 == null) {
user1 = ObjectSpace.CreateObject<PermissionPolicyUser>();
user1.UserName = "Sam";
// Set a password if the standard authentication type is used.
user1.SetPassword("");
}
// If a user named 'John' does not exist in the database, create this user.
PermissionPolicyUser user2 = ObjectSpace.FindObject<PermissionPolicyUser>(
new BinaryOperator("UserName", "John"));
if(user2 == null) {
user2 = ObjectSpace.CreateObject<PermissionPolicyUser>();
user2.UserName = "John";
// Set a password if the standard authentication type is used.
user2.SetPassword("");
}
}
}

Finally, you will assign Roles to Users.

最后,您将角色分配给用户。

public class Updater : ModuleUpdater {
// ...
public override void UpdateDatabaseAfterUpdateSchema() {
// ...
user1.Roles.Add(adminRole);
user2.Roles.Add(userRole);
}
}
Note注意
More examples are provided in the Client-Side Security (2-Tier Architecture) topic.
更多示例在客户端安全(2 层体系结构)主题中提供。
  • Run the WinForms or ASP.NET application. The following logon window will be displayed in a WinForms application.

  • 运行 WinForms 或ASP.NET应用程序。WinForms 应用程序中将显示以下登录窗口。

  • The following window will be displayed in the ASP.NET application.
  • 以下窗口将显示在ASP.NET应用程序中。

  • After the Log In button is clicked, the user's credentials are authenticated and the application will run.
  • 单击"登录"按钮后,将对用户的凭据进行身份验证,应用程序将运行。

Create a Role in a UI

在 UI 中创建角色

Administrators, and other users with Role creation permission can create Roles as follows.

具有角色创建权限的管理员和其他用户可以创建角色,如下所示。

Select the Role item in the navigation control and click the New Action. In the invoked Detail View, set the name and permissions for the new Role.

在导航控件中选择"角色"项,然后单击"新建操作"。在调用的详细信息视图中,设置新角色的名称和权限。

With the Permission Policy property, you can assign "deny all", "read only all" or "allow all" default permission policies for each role. For each operation, you can explicitly specify the Allow or Deny modifier or leave it blank. If the modifier is not specified, the permission is determined by the role's permission policy.

使用"权限策略"属性,您可以为每个角色分配"拒绝所有"、"只读所有"或"允许所有"默认权限策略。对于每个操作,可以显式指定"允许"或"拒绝"修改器,或将其留空。如果未指定修饰符,则权限由角色的权限策略确定。

Create a User in a UI

在 UI 中创建用户

Users who have permission to create Users can do the following.

有权创建用户的用户可以执行以下操作。

Select the User item in the navigation control and click the New button. In the invoked Detail View, specify the User Name and assign one or more Roles.

在导航控件中选择"用户"项目,然后单击"新建"按钮。在调用的详细信息视图中,指定用户名并分配一个或多个角色。

Note 注意
Set the Is Active property to false if you need to temporarily prohibit the user from using the application.
如果需要暂时禁止用户使用应用程序,请将"是活动"属性设置为 false。

To assign a password to a newly created user, click the Reset Password button. The assigned password should be passed to the user. A User will be able to change it when logging on for the first time.

要为新创建的用户分配密码,请单击"重置密码"按钮。分配的密码应传递给用户。用户将能够在首次登录时更改它。

Note 注意
This button is the ResetPassword Action, which is available to users who are allowed to modify User objects. This button is not available when the Active Directory authentication is used.
此按钮是"重置密码操作",允许修改用户对象的用户可以使用。使用活动目录身份验证时,此按钮不可用。

My Details

我的详细信息

The My Details navigation item is available for users who have read access to the current User object. This navigation item opens the current user details.

"我的详细信息"导航项可供具有当前用户对象的读取访问权限的用户使用。此导航项将打开当前用户详细信息。

In an ASP.NET application, it can also be opened by clicking the My Details link at the top-right corner of the page.

在ASP.NET应用程序中,还可以通过单击页面右上角的"我的详细信息"链接来打开它。

Change Password

更改密码

When the standard authentication type is used, the Change My Password button is available once the My Details Detail View is displayed. This button opens a dialog where a user can change the password.

使用标准身份验证类型时,显示"我的详细信息"视图后,"更改我的密码"按钮将可用。此按钮将打开一个对话框,用户可以在其中更改密码。

Note 注意
This button is the ChangePasswordByUser Action that is not available if the Active Directory authentication is used. To change a password in this instance, end users can use the operating system's standard tools (e.g., press CTRL+ALT+DEL and select Change a password).
此按钮是使用活动目录身份验证时不可用的"更改密码按用户"操作。要在这种情况下更改密码,最终用户可以使用操作系统的标准工具(例如,按 CTRL_ALT_DEL 并选择"更改密码")。

Using the Security System 使用安全系统的更多相关文章

  1. Access the Security System in Code 在代码中访问安全系统

    This lesson will guide you through using the static SecuritySystem class to check whether or not a u ...

  2. Codeforces 794F. Leha and security system 线段树

    F. Leha and security system   Bankopolis, the city you already know, finally got a new bank opened! ...

  3. 解决报错"Your security system have blocked an application with expired or not yet valid certificate from running"

    方法如下: Go to Control Panel Java in the Security tab click the "Edit Site List-" button clic ...

  4. 【STM32H7教程】第16章 STM32H7必备的HAL库API(重要)

    完整教程下载地址:http://www.armbbs.cn/forum.php?mod=viewthread&tid=86980 第16章       STM32H7必备的HAL库API(重要 ...

  5. Spring Security(五):2.2 History

    Spring Security began in late 2003 as "The Acegi Security System for Spring". A question w ...

  6. Spring Security(二):一、Preface(前言)

    Spring Security is a powerful and highly customizable authentication and access-control framework. I ...

  7. Spring Security 5.0.x 参考手册 【翻译自官方GIT-2018.06.12】

    源码请移步至:https://github.com/aquariuspj/spring-security/tree/translator/docs/manual/src/docs/asciidoc 版 ...

  8. Chapter 5: Design and implement security

    Configure authentication Authenticating users IIS authentication Anonymous ASP.net impersonation Bas ...

  9. Java Se:Java Security

    Java API中有很多都使用了SecurityManager,这到底是什么玩意?最近看公司的产品的源码,也有不少SecurityManager.AccessControlContext等相关的代码, ...

随机推荐

  1. javaWeb学习总结——文件上传、下载

    目录 1.文件上传环境搭建 2.文件上传代码实现 3.关于下载 @ 嘿,熊dei,你不得不知道在Web开发中,文件上传和下载功能是非常常用的功能,关于文件上传,浏览器上传[文件以流的形式传输]--&g ...

  2. PHP连接XMPP用户,聊天室 进行增删改查。

    1.到http://www.igniterealtime.org/projects/openfire/plugins.jsp下载一个插件REST API. 这个插件的作用就是允许程序设计师通过http ...

  3. CentOS 7 安装并配置 MySQL 5.7

    Linux使用MySQL Yum存储库上安装MySQL 5.7,适用于Oracle Linux,Red Hat Enterprise Linux和CentOS系统. 1.添加MySQL Yum存储库 ...

  4. shell 循环读取文件及字符串转为数组

    文件/etc/hdocker_config内容如下: 30.72.63.94 30.72.63.95 30.72.63.96 30.72.63.97 /tmp/lasclocker.tar maste ...

  5. Seata AT 模式启动源码分析

    从上一篇文章「分布式事务中间件Seata的设计原理」讲了下 Seata AT 模式的一些设计原理,从中也知道了 AT 模式的三个角色(RM.TM.TC),接下来我会更新 Seata 源码分析系列文章. ...

  6. 如何打造个人km知识管理系统

    经常有朋友会遇到这样一种情况,在网络中看到一篇很好的文章,但后来因为关键字想不起来,结果怎么都搜索不到.还有些朋友虽然平时也会做一些记录,把有用的资料进行保存,但他们往往将保存的资料分散在不同的地方, ...

  7. 基于FPGA的图像开发平台 其他摄像头附件说明(OV5642 OV9655)

    基于FPGA的图像开发平台 其他摄像头附件说明 FPGA_VIP_V101 编者 奇迹再现 个人博客 http://www.cnblogs.com/ccjt/ 联系邮箱 Shenyae86@163.c ...

  8. 关于spring boot项目配置文件的一些想法

    一.springboot项目中有两种配置文件 springboot项目中有两种配置文件 bootstrap 和 application bootstrap是应用程序的父上下文,由父Spring App ...

  9. 14个Java并发容器,你用过几个?

    作者:acupt 前言 不考虑多线程并发的情况下,容器类一般使用ArrayList.HashMap等线程不安全的类,效率更高.在并发场景下,常会用到ConcurrentHashMap.ArrayBlo ...

  10. CentOS7添加自定义脚本服务

    一.CentOS7添加自定义脚本服务说明 在CentOS7下,已经不再使用chkconfig命令管理系统开机自启动服务和条件自定义脚本服务了,而是使用管理unit的方式来控制开机自启动服务和添加自定义 ...