Security on server
Programmatic access to security system on the server side is performed via SecurityProvider
. If necessary, you can integrate DWKit with an
existing security system. To do this, create a class implementing ISecurityProvider
interface and specify the instance of your class upon
configuration of DWKitRuntime
. Learn more about it here.
DWKitRuntime.Security = new CustomSecurityProvider(...);
After that, you will be able to get access to profiles of authorized users and check their permissions.
Now let's talk about ISecurityProvider
properties and methods that are used most often.
-
Getting info on current user.
User user = DWKitRuntime.Security.CurrentUser;
User user = await DWKitRuntime.Security.GetCurrentUserAsync(); -
You can get access to the following information from
User
object:user.Name
- user name.user.Email
- user e-mail.user.Id
- user Guid, primary key from thedwSecurityUser
table.user.Roles
- list of all user roles.user.Groups
- list of all user groups current user belongs to.user.IsLocked
- indicates that user is blocked.user.IsInRole(roleName)
- checks if user has a specific role.user.IsInGroup(groupName)
- checks if user belongs to a specific group.user.ImpersonatedUserId
- user ID substituted by signed-in user, primary key from thedwSecurityUser
table.user.ImpersonatedUserName
- name of the user substituted by the signed-in user.user.GetOperationUserId()
- returns ID of the user performing the operation - eitherImpersonatedUserId
orId
.user.GetOperationUserName()
- returns ID of the user performing the operation - eitherImpersonatedUserName
orName
.
-
Checks if user has permission bound to form. In the code below we check standard permission to edit data in form.
if (!await DWKitRuntime.Security.CheckFormPermission(formName, "Edit"))
{
throw new Exception("Access denied!");
} -
User authentication by login and password.
bool isValid = await DWKitRuntime.Security.ValidateUserByLoginAsync(login, password);
-
User signing in.
await DWKitRuntime.Security.SignInAsync(login, remember);
-
User signing out.
await DWKitRuntime.Security.SignOutAsync();
Login and logout operations are in the standard AccountController
.
Database structure
Security objects are stored in database in the following tables:
dwSecurityUser
- Users are stored here.dwSecurityCredential
- Users logins and password hashes are stored here, if user is authenticated inside DWKit. Also, records which notify that user has external logins, if he was authenticated using external authentication providers, are stored here.dwSecurityGroup
- User groups are stored here.dwSecurityGroupToSecurityUser
- User - User group binding.dwSecurityPermission
- Permissions are stored here.dwSecurityPermissionGroup
- Permissions groups are stored here.dwSecurityRole
- Roles are stored here.dwSecurityRoleToSecurityPermission
- values of types of access for Permissions are stored here.dwSecurityGroupToSecurityRole
- User group - Role binding.dwSecurityUserToSecurityRole
- User - Role binding.