Monday, July 15, 2013

Anonymous authentication for XAF aps.net applications

As promised  in eXpand’s forums with next version of eXpand (13.1.5.8) you can enjoy anonymous authentication for your web applications!
The anonymous authentication functionality is embedded in Xpand.ExpressApp.Security.Web module. After installing this module you need to enable it and setup the anonymous username using XAF’s Application Model Editor.
image
It is possible and recommended to combine anonymous authentication with auto-authentication discussed in http://apobekiaris.blogspot.gr/2013/07/auto-authentication-rememberme-for-your.html. Note that the model of the previous post is refactored to allow each feature to work independently.
image
Next you need to configure XAF’s security system by setting up the Authentication and the LogonParameters as illustrated in the image bellow.
image

And finally you need to create the anonymous user and role in your ModuleUpdater.cs. For this and if your use XpandRole class I provided the next extensions methods (GetAnonymousRole, GetAnonymousUser).
void CreateAnonymousSecurityObjects() {
    var anonymousRole = ObjectSpace.GetAnonymousRole("Anonymous");
    anonymousRole.GetAnonymousUser();

    //add project specific permissions
    anonymousRole.SetTypePermissions<Category>(SecurityOperations.ReadOnlyAccess, SecuritySystemModifier.Allow);
    anonymousRole.SetTypePermissions<Topic>(SecurityOperations.Read, SecuritySystemModifier.Allow);
The GetAnonymousRole method will create a new XpandRole (if not exists) and will add two custom permissions the MyDetailsPermission that will hide MyDetails from anonymous role and the AnonymousLoginPermission. It is also possible to do the same using XAF’s UI as in the next image.
image
Moreover I want to mention that using XpandRole is not mandatory, I used it because of the built-in support for custom permissions. You may have your own implementation following for example How to: Implement Custom Permission, Role and User Objects so feel free to use them.
Together with the MyDetailsPermission I mentioned the AnonymousLoginPermission. This one is responsible for hiding the default XAF’s Logoff action and for providing a new LoginAnonymous action. So when someone visits your site and you use Xpand.ExpressApp.Security.Web with enabled anonymous access, by default XAF will authenticate the anonymous user you created in the ModuleUpdater, and with the LoginAnonymous action will allow authentication as provided by XAF.
image
That was it my friends! I hope you find this implementation easy to use and useful. For questions, feedback etc feel free to use eXpand forums.

Happy XAF’ing to all!

Subscribe to XAF feed
Subscribe to community feed

DiggIt!

0 comments:

Post a Comment