Anonymous authentication for XAF aps.net applications
As promised in eXpand’s forums with next version of eXpand (13.1.5.8) you can enjoy anonymous authentication for your web applications!
The anonymous authentication functionality is embedded in Xpand.ExpressApp.Security.Web module. After installing this module you need to enable it and setup the anonymous username using XAF’s Application Model Editor.
It is possible and recommended to combine anonymous authentication with auto-authentication discussed in http://apobekiaris.blogspot.gr/2013/07/auto-authentication-rememberme-for-your.html. Note that the model of the previous post is refactored to allow each feature to work independently.
Next you need to configure XAF’s security system by setting up the Authentication and the LogonParameters as illustrated in the image bellow.
And finally you need to create the anonymous user and role in your ModuleUpdater.cs. For this and if your use XpandRole class I provided the next extensions methods (GetAnonymousRole, GetAnonymousUser).
void CreateAnonymousSecurityObjects() {
var anonymousRole = ObjectSpace.GetAnonymousRole("Anonymous");
anonymousRole.GetAnonymousUser();
//add project specific permissions
anonymousRole.SetTypePermissions<Category>(SecurityOperations.ReadOnlyAccess, SecuritySystemModifier.Allow);
anonymousRole.SetTypePermissions<Topic>(SecurityOperations.Read, SecuritySystemModifier.Allow);
The GetAnonymousRole method will create a new XpandRole (if not exists) and will add two custom permissions the MyDetailsPermission that will hide MyDetails from anonymous role and the AnonymousLoginPermission. It is also possible to do the same using XAF’s UI as in the next image.
Moreover I want to mention that using XpandRole is not mandatory, I used it because of the built-in support for custom permissions. You may have your own implementation following for example How to: Implement Custom Permission, Role and User Objects so feel free to use them.
Together with the MyDetailsPermission I mentioned the AnonymousLoginPermission. This one is responsible for hiding the default XAF’s Logoff action and for providing a new LoginAnonymous action. So when someone visits your site and you use Xpand.ExpressApp.Security.Web with enabled anonymous access, by default XAF will authenticate the anonymous user you created in the ModuleUpdater, and with the LoginAnonymous action will allow authentication as provided by XAF.
That was it my friends! I hope you find this implementation easy to use and useful. For questions, feedback etc feel free to use eXpand forums.
Happy XAF’ing to all!
