Xomega.Net Walkthrough Tutorial

4.4 Securing UI objects

While securing business services can generally fulfill your security requirements, you typically also want to hide any UI fields that the user should have no access to, or disable those that they have read-only access to.

Our Sales Order List screen has criteria by customer store and name as shown below.

However, they don't make much sense for external customer users, since the list will always show only their own sales orders, as we have coded in the previous section. In order to hide these fields for external customers, let's open our SalesOrderCriteriaCustomized data object, and add the following code to its OnInitialized method.

In this case, we are using the CurrentPrincipal member of the data object, as well as our handy extension methods to determine the user privileges. For external customers we set the AccessLevel to None on the operator properties for customer store and name, and Xomega Framework takes care of hiding the property-bound controls, and their labels for us. Note that with this logic being in a data object class, it will be also reusable with other C# based clients like WebForms or WPF desktop clients.

We will see the effect of these security checks once we implement the actual authentication for each specific technology, as described in the following sections.

Next: 4.5 Adding Blazor Server authentication >

	Please enable session cookies in order to register or sign in. sign in \| register
	Home Download Order Forums Blog Contact Us
Xomega Tutorials Complete Walkthrough Before you start 1. Basic search/details views 1.1 Creating Xomega solution 1.2 Importing model from DB 1.3 Adding CRUD ops and views 1.4 Building model 1.5 Running application 2. Modeling search view 2.1 Modeling results list 2.2 Field config, links 2.3 Custom result fields 2.4 Modeling search criteria 2.5 Static enumerations 2.6 Dynamic enumerations 2.7 Auto-complete 2.8 Cascading selection 2.9 Custom UI validations 3. Modeling details view 3.1 Updating child list 3.2 Read-only fields 3.3 Child data objects 3.4 Multi-value sub-object 3.5 Fields from related objects 3.6 Lookup form for selection 3.7 Custom contextual selection 3.8 Standard contextual selection 3.9 Dynamic view titles 3.10 View layout, master-details 4. Implementing security 4.1 Claims identity 4.2 Password authentication 4.3 Securing services 4.4 Securing UI objects 4.5 Blazor Server authentication 4.6 WebForms authentication 4.7 WPF authentication 4.8 WCF authentication 4.9 REST authentication 4.10 WebAssembly authentication 4.11 SPA authentication Next steps Video Tutorials MDD with Xomega.Net Building Desktop Apps Building SPA Web Apps Generating Documentation How-To Guides Environment Object Model and Database Service Model Presentation Layer Static Data and Lists of Values Design Documentation Customization and Extensibility Xomega Generators Model Enhancement Import from Database Full CRUD and Views Enumerations from Database Data Layer EF Domain Objects Entity Data Model Database Schema Database Change Script Service Layer Service Contracts Service Implementations WCF Services Configuration WCF Service Host Files Web API Controllers Presentation Layer Common Xomega Data Objects View Models REST Service Clients Label Resources WCF Client Configuration Blazor Blazor Views Syncfusion Blazor Views Web Forms ASP.NET Views WPF WPF Views TypeScript SPA SPA Views XomegaJS Data Objects TS Service Contracts TS Lookup Cache Loaders TS Enumeration Constants Static Data Lookup Cache Loaders Enumeration Constants Enumeration Data XML Enumeration Reload SQL Documentation Domain Model Design Service Model Design Static Data Design SQLXML Report Custom Generators Xomega.Net for Visual Studio Xomega Project Xomega Editor Xomega Model	4.4 Securing UI objects While securing business services can generally fulfill your security requirements, you typically also want to hide any UI fields that the user should have no access to, or disable those that they have read-only access to. Our Sales Order List screen has criteria by customer store and name as shown below. However, they don't make much sense for external customer users, since the list will always show only their own sales orders, as we have coded in the previous section. In order to hide these fields for external customers, let's open our SalesOrderCriteriaCustomized data object, and add the following code to its OnInitialized method. In this case, we are using the CurrentPrincipal member of the data object, as well as our handy extension methods to determine the user privileges. For external customers we set the AccessLevel to None on the operator properties for customer store and name, and Xomega Framework takes care of hiding the property-bound controls, and their labels for us. Note that with this logic being in a data object class, it will be also reusable with other C# based clients like WebForms or WPF desktop clients. We will see the effect of these security checks once we implement the actual authentication for each specific technology, as described in the following sections. Next: 4.5 Adding Blazor Server authentication >
	Copyright © 2009-2021 Xomega.Net. All rights reserved.