Security on server
Programmatic access to security system on the server side is performed via
SecurityProvider. If necessary, you can integrate DWKit with an
existing security system. To do this, create a class implementing
ISecurityProvider interface and specify the instance of your class upon
DWKitRuntime. Learn more about it here.
DWKitRuntime.Security = new CustomSecurityProvider(...);
After that, you will be able to get access to profiles of authorized users and check their permissions.
Now let's talk about
ISecurityProvider properties and methods that are used most often.
Getting info on current user.
User user = DWKitRuntime.Security.CurrentUser;
User user = await DWKitRuntime.Security.GetCurrentUserAsync();
You can get access to the following information from
user.Name- user name.
user.Email- user e-mail.
user.Id- user Guid, primary key from the
user.Roles- list of all user roles.
user.Groups- list of all user groups current user belongs to.
user.IsLocked- indicates that user is blocked.
user.IsInRole(roleName)- checks if user has a specific role.
user.IsInGroup(groupName)- checks if user belongs to a specific group.
user.ImpersonatedUserId- user ID substituted by signed-in user, primary key from the
user.ImpersonatedUserName- name of the user substituted by the signed-in user.
user.GetOperationUserId()- returns ID of the user performing the operation - either
user.GetOperationUserName()- returns ID of the user performing the operation - either
Checks if user has permission bound to form. In the code below we check standard permission to edit data in form.
if (!await DWKitRuntime.Security.CheckFormPermission(formName, "Edit"))
throw new Exception("Access denied!");
User authentication by login and password.
bool isValid = await DWKitRuntime.Security.ValidateUserByLoginAsync(login, password);
User signing in.
await DWKitRuntime.Security.SignInAsync(login, remember);
User signing out.
Login and logout operations are in the standard
Security objects are stored in database in the following tables:
dwSecurityUser- Users are stored here.
dwSecurityCredential- Users logins and password hashes are stored here, if user is authenticated inside DWKit. Also, records which notify that user has external logins, if he was authenticated using external authentication providers, are stored here.
dwSecurityGroup- User groups are stored here.
dwSecurityGroupToSecurityUser- User - User group binding.
dwSecurityPermission- Permissions are stored here.
dwSecurityPermissionGroup- Permissions groups are stored here.
dwSecurityRole- Roles are stored here.
dwSecurityRoleToSecurityPermission- values of types of access for Permissions are stored here.
dwSecurityGroupToSecurityRole- User group - Role binding.
dwSecurityUserToSecurityRole- User - Role binding.