Log In
[Expand]General Information
[Expand]WinForms Controls
[Expand]ASP.NET Controls and MVC Extensions
[Expand]ASP.NET Bootstrap Controls
[Expand]ASP.NET Core Bootstrap Controls
[Expand]WPF Controls
[Expand]Xamarin Controls
[Expand]Windows 10 App Controls
[Expand]Office File API
[Expand]Report and Dashboard Server
[Collapse]eXpressApp Framework
 [Expand]Getting Started
 [Expand]Design-Time Features
 [Collapse]Task-Based Help
  [Expand]Business Model Design
  [Expand]Application Model
  [Expand]List Editors
  [Expand]Property Editors
  [Expand]Scheduler and Notifications
    How to: Assign the Same Permissions for All Users of an Active Directory Group
    How to: Call Direct SQL Queries in Integrated Mode or through the Middle Tier Application Server
    How to: Connect to the WCF Application Server from Non-XAF Applications
    How to: Enable Logging in the Application Server
    How to: Get the Current User in Code
    How to: Hide the 'Protected Content' Columns in a List View and Property Editors in a Detail View
    How to: Implement a Custom Security Operation that Can be Permitted at the Type Level
    How to: Implement a Custom Security System User Based on an Existing Business Class
    How to: Implement Custom Security Objects (Users, Roles, Operation Permissions)
    How to: Manually Configure Permissions for Associated Collections and Reference Properties
    How to: Use Custom Logon Parameters and Authentication
    How to: Use the Integrated Mode of the Security System in Non-XAF Applications
    How to: Change the Client-Side Security Mode from UI Level to Integrated in XPO applications
  [Expand]Miscellaneous UI Customizations
  Frequently Asked Questions (FAQ)
 [Expand]API Reference
[Expand]CodeRush Classic
[Expand]Cross-Platform Core Libraries
[Expand]Tools and Utilities
 End-User Documentation
This documentation page describes implementations made in our v17.2 release cycle. To learn about functionality shipping with v18.1, navigate to our updated help file experience at docs.devexpress.com. Learn More

How to: Call Direct SQL Queries in Integrated Mode or through the Middle Tier Application Server

By default, you cannot execute Direct SQL Queries and Stored Procedures in Integrated Mode of the Security System, or when the Middle Tier Application Server is used. The "Transferring requests via ICommandChannel is prohibited within the security engine" exception occurs when you execute the corresponding methods of the Session.


Do not use this approach to handle a database update when the application version changes. Instead, use the protected methods of the ModuleUpdater class.

To allow execution of direct queries and stored procedures in these configurations, set the SecuredObjectSpaceProvider.AllowICommandChannelDoWithSecurityContext property to true after instantiating the SecuredObjectSpaceProvider object. By default, this object is created in the XafApplication.CreateDefaultObjectSpaceProvider method overridden in the WinApplication.cs (WinApplication.vb), WebApplication.cs (WebApplication.vb) and MobileApplication.cs (MobileApplication.vb) files.

If you are using the middle-tier application server, open the Program.cs (Program.vb) file located in the application server project and modify the code that creates the ServiceHost object as follows:

If you run the Application Server as a windows service, you can use the same code in the ApplicationServerService.cs (ApplicationServerService.vb) file.

You can now access the Object Space, cast it to the XPObjectSpace type, get the Session object using the XPObjectSpace.Session property, and call Session.ExecuteQuery, Session.ExecuteSproc or other suitable methods.

Is this topic helpful?​​​​​​​