-
As promised in eXpand’s forums with next version of eXpand (13.1.5.8) you can enjoy anonymous authentication for your web applications!
The anonymous authentication functionality is embedded in Xpand.ExpressApp.Security.Web module. After installing this module you need to enable it and setup the anonymous username using XAF’s Application Model Editor.
It is possible and recommended to combine anonymous authentication with auto-authentication discussed in http://apobekiaris.blogspot.gr/2013/07/auto-authentication-rememberme-for-your.html. Note that the model of the previous post is refactored to allow each feature to work independently.
Next you need to configure XAF’s security system by setting up the Authentication and the LogonParameters as illustrated in the image bellow.
And finally you need to create the anonymous user and role in your ModuleUpdater.cs. For this and if your use XpandRole class I provided the next extensions methods (GetAnonymousRole, GetAnonymousUser).
void CreateAnonymousSecurityObjects() {
var anonymousRole = ObjectSpace.GetAnonymousRole("Anonymous");
anonymousRole.GetAnonymousUser();
//add project specific permissions
anonymousRole.SetTypePermissions<Category>(SecurityOperations.ReadOnlyAccess, SecuritySystemModifier.Allow);
anonymousRole.SetTypePermissions<Topic>(SecurityOperations.Read, SecuritySystemModifier.Allow);
The GetAnonymousRole method will create a new XpandRole (if not exists) and will add two custom permissions the MyDetailsPermission that will hide MyDetails from anonymous role and the AnonymousLoginPermission. It is also possible to do the same using XAF’s UI as in the next image.
Moreover I want to mention that using XpandRole is not mandatory, I used it because of the built-in support for custom permissions. You may have your own implementation following for example How to: Implement Custom Permission, Role and User Objects so feel free to use them.
Together with the MyDetailsPermission I mentioned the AnonymousLoginPermission. This one is responsible for hiding the default XAF’s Logoff action and for providing a new LoginAnonymous action. So when someone visits your site and you use Xpand.ExpressApp.Security.Web with enabled anonymous access, by default XAF will authenticate the anonymous user you created in the ModuleUpdater, and with the LoginAnonymous action will allow authentication as provided by XAF.
That was it my friends! I hope you find this implementation easy to use and useful. For questions, feedback etc feel free to use eXpand forums.
Happy XAF’ing to all!
-
In next version 13.1.5.2 of eXpandframework there is a new Security module for web (Xpand.ExpressApp.Security.Web.dll) that can automatically logon using forms authentication. It is based on the CanAutomaticallyLogonWithStoredLogonParameters functionality of XAF web apps.
Installation
To use it simply install the Xpand.ExpressApp.Security and use the XpandLogonParameters object in your authentication type
To enable this functionality as usual we need to use XAF’s Application Model editor.
As you can see in the image above it is possible to control the ticket expiration as well.
By default XpandLogonParameters will render a RememberMe checkbox
However again using Model Editor we can simply remove the RememberMe PropertyEditor and the auto authentication will work for any user logged in last!
Happy XAFing to everyone! and do not forget your input in our forums http://www.expandframework.com/forum/11-news/3452-auto-authenticate-and-remember-me.html#4007
P.S.: Here is the related code in our github repo http://goo.gl/XfIPC
