Security on server

Programmatic access to security system on the server side is performed via SecurityProvider. If necessary, you can integrate DWKit with an existing security system. To do this, create a class implementing ISecurityProvider interface and specify the instance of your class upon configuration of DWKitRuntime. Learn more about it here.

 DWKitRuntime.Security = new CustomSecurityProvider(...);

After that, you will be able to get access to profiles of authorized users and check their permissions.

Now let's talk about ISecurityProvider properties and methods that are used most often.

  • Getting info on current user.

    User user = DWKitRuntime.Security.CurrentUser;
    User user = await DWKitRuntime.Security.GetCurrentUserAsync();
  • You can get access to the following information from User object:
    • user.Name - user name.
    • user.Email - user e-mail.
    • user.Id - user Guid, primary key from the dwSecurityUser table.
    • user.Roles - list of all user roles.
    • user.Groups - list of all user groups current user belongs to.
    • user.IsLocked - indicates that user is blocked.
    • user.IsInRole(roleName) - checks if user has a specific role.
    • user.IsInGroup(groupName) - checks if user belongs to a specific group.
    • user.ImpersonatedUserId - user ID substituted by signed-in user, primary key from the dwSecurityUser table.
    • user.ImpersonatedUserName - name of the user substituted by the signed-in user.
    • user.GetOperationUserId() - returns ID of the user performing the operation - either ImpersonatedUserId or Id.
    • user.GetOperationUserName() - returns ID of the user performing the operation - either ImpersonatedUserName or Name.
  • Checks if user has permission bound to form. In the code below we check standard permission to edit data in form.

    if (!await DWKitRuntime.Security.CheckFormPermission(formName, "Edit"))
    {
      throw new Exception("Access denied!");
    }
  • User authentication by login and password.

    bool isValid = await DWKitRuntime.Security.ValidateUserByLoginAsync(login, password);
  • User signing in.

    await DWKitRuntime.Security.SignInAsync(login, remember);
  • User signing out.

    await DWKitRuntime.Security.SignOutAsync();

Login and logout operations are in the standard AccountController.

Database structure

Security objects are stored in database in the following tables:

  • dwSecurityUser - Users are stored here.
  • dwSecurityCredential - Users logins and password hashes are stored here, if user is authenticated inside DWKit. Also, records which notify that user has external logins, if he was authenticated using external authentication providers, are stored here.
  • dwSecurityGroup - User groups are stored here.
  • dwSecurityGroupToSecurityUser - User - User group binding.
  • dwSecurityPermission - Permissions are stored here.
  • dwSecurityPermissionGroup - Permissions groups are stored here.
  • dwSecurityRole - Roles are stored here.
  • dwSecurityRoleToSecurityPermission - values of types of access for Permissions are stored here.
  • dwSecurityGroupToSecurityRole - User group - Role binding.
  • dwSecurityUserToSecurityRole - User - Role binding.