Skip to main content
.NET 6.0+

DevExpress v24.1 Update — Your Feedback Matters

Our What's New in v24.1 webpage includes product-specific surveys. Your response to our survey questions will help us measure product satisfaction for features released in this major update and help us refine our plans for our next major release.

Take the survey Not interested

AuthenticationActiveDirectory.CustomCreateUser Event

Occurs when a user is created automatically.

Namespace: DevExpress.ExpressApp.Security

Assembly: DevExpress.ExpressApp.Security.v24.1.dll

#Declaration

public event EventHandler<CustomCreateUserEventArgs> CustomCreateUser

#Event Data

The CustomCreateUser event's data class is CustomCreateUserEventArgs. The following properties provide information specific to this event:

Property Description
Handled Gets or sets a value that indicates whether the event handler has completely handled the event or whether the system should continue its own processing. Inherited from HandledEventArgs.
ObjectSpace Gets an Object Space used to create a user persistent object.
User Specifies an auto-created user.
UserName Gets the login name of the auto-created user.

#Remarks

When the AuthenticationActiveDirectory.CreateUserAutomatically property is set to true, the Security System creates a user for the Windows account used to start the application. To customize this process, handle the CustomCreateUser event and assign a user object to the CustomCreateUserEventArgs.User parameter. Set the Handled parameter to true to cancel the default user creation.

The following example demonstrates how to handle this event and create a new user associated with a low-privileged “Default” role in the event handler:

File: MySolution.Win\WinApplication.cs (MySolution.Win\WinApplication.vb)

using DevExpress.Data.Filtering;
using DevExpress.ExpressApp.Security;
using DevExpress.ExpressApp.Security.Strategy;
// ...
public partial class MySolutionWindowsFormsApplication : WinApplication {
    public MySolutionWindowsFormsApplication() {
        // ...
        authenticationActiveDirectory1.CustomCreateUser += authenticationActiveDirectory1_CustomCreateUser;
    }
    private void authenticationActiveDirectory1_CustomCreateUser(object sender, CustomCreateUserEventArgs e) {
        ApplicationUser user = e.ObjectSpace.CreateObject<ApplicationUser>();
        user.UserName = e.UserName;
        PermissionPolicyRole defaultRole = 
            e.ObjectSpace.FirstOrDefault<PermissionPolicyRole>(role => role.Name == "Default");
        if (defaultRole != null) {
            user.Roles.Add(defaultRole);
        }
        e.User = user;
        e.Handled = true;
    }
    // ...
}

To create this “Default” role, override the ModuleUpdater.UpdateDatabaseAfterUpdateSchema method in the Updater.cs (Updater.vb) file (the Solution Wizard adds similar code):

File: MySolution.Module\DatabaseUpdate\Updater.cs (MySolution.Module\DatabaseUpdate\Updater.vb)

public override void UpdateDatabaseAfterUpdateSchema() {
    base.UpdateDatabaseAfterUpdateSchema();
    // ...
    PermissionPolicyRole defaultRole = ObjectSpace.FirstOrDefault<PermissionPolicyRole>(role => role.Name == "Default");
    if(defaultRole == null) {
        defaultRole = ObjectSpace.CreateObject<PermissionPolicyRole>();
        defaultRole.Name = "Default";
        defaultRole.AddObjectPermissionFromLambda<ApplicationUser>(SecurityOperations.Read, u => u.Oid == (Guid)CurrentUserIdOperator.CurrentUserId(), SecurityPermissionState.Allow);
        defaultRole.AddNavigationPermission(@"Application/NavigationItems/Items/Default/Items/MyDetails", SecurityPermissionState.Allow);
        defaultRole.AddMemberPermissionFromLambda<ApplicationUser>(SecurityOperations.Write, "ChangePasswordOnFirstLogon", u => u.Oid == (Guid)CurrentUserIdOperator.CurrentUserId(), SecurityPermissionState.Allow);
        defaultRole.AddMemberPermissionFromLambda<ApplicationUser>(SecurityOperations.Write, "StoredPassword", u => u.Oid == (Guid)CurrentUserIdOperator.CurrentUserId(), SecurityPermissionState.Allow);
        defaultRole.AddTypePermissionsRecursively<PermissionPolicyRole>(SecurityOperations.Read, SecurityPermissionState.Deny);
        defaultRole.AddTypePermissionsRecursively<ModelDifference>(SecurityOperations.ReadWriteAccess, SecurityPermissionState.Allow);
        defaultRole.AddTypePermissionsRecursively<ModelDifferenceAspect>(SecurityOperations.ReadWriteAccess, SecurityPermissionState.Allow);
        defaultRole.AddTypePermissionsRecursively<ModelDifference>(SecurityOperations.Create, SecurityPermissionState.Allow);
        defaultRole.AddTypePermissionsRecursively<ModelDifferenceAspect>(SecurityOperations.Create, SecurityPermissionState.Allow);                
    }
    ObjectSpace.CommitChanges();
}
See Also