Xtensive.Orm.Security
7.0.5
See the version list below for details.
dotnet add package Xtensive.Orm.Security --version 7.0.5
NuGet\Install-Package Xtensive.Orm.Security -Version 7.0.5
<PackageReference Include="Xtensive.Orm.Security" Version="7.0.5" />
paket add Xtensive.Orm.Security --version 7.0.5
#r "nuget: Xtensive.Orm.Security, 7.0.5"
// Install Xtensive.Orm.Security as a Cake Addin #addin nuget:?package=Xtensive.Orm.Security&version=7.0.5 // Install Xtensive.Orm.Security as a Cake Tool #tool nuget:?package=Xtensive.Orm.Security&version=7.0.5
Xtensive.Orm.Security
Summary
The extension provides full-fledged security layer (authentication services, principals, roles, secured queries) There are 2 main parts that can also be used separately: authentication services and role-based access to domain entities
Prerequisites
DataObjects.Net 7.0.x or later (http://dataobjects.net)
How to use
Include types from Xtensive.Orm.Security assembly into the domain:
<Xtensive.Orm>
<domains>
<domain ... >
<types>
<add assembly="your assembly"/>
<add assembly="Xtensive.Orm.Security"/>
</types>
</domain>
</domains>
</Xtensive.Orm>
If you are planning to use one of authentication services add
<section name="Xtensive.Orm.Security" type="Xtensive.Orm.Security.Configuration.ConfigurationSection, Xtensive.Orm.Security" />
and set up the desired hashing service:
<Xtensive.Orm.Security>
<hashingService name="plain"/>
</Xtensive.Orm.Security>
Examples
Example #1. Definition of a class that inherits GenericPrincipal class that will describe your users, e.g.:
[HierarchyRoot]
public class User : GenericPrincipal
{
[Field, Key]
public int Id { get; private set; }
[Field]
public string LastName { get; set; }
[Field]
public string FirstName { get; set; }
...
public User(Session session)
: base(session)
{
}
}
Example #2. Having the User class defined above, it can be used for user creation and authentication.
// Creating a user
using (var session = Domain.OpenSession()) {
using (var transaction = session.OpenTransaction()) {
var user = new User(session);
user.Name = "admin";
user.SetPassword("password");
transaction.Complete();
}
}
// Authenticating a user
using (var session = Domain.OpenSession()) {
using (var transaction = session.OpenTransaction()) {
var user = session.Authenticate("admin", "password");
transaction.Complete();
}
}
Example #3. Definition of a hierarchy of roles for users. A role is a set of permissions for a job fuction within a company, e.g.:
EmployeeRole
|
|- StockManagerRole
|
|- SalesRepresentativeRole
|
|- SalesManagerRole
|
|- SalesPresidentRole
The role tree above can be represented like following:
// This is base role for all employees
[HierarchyRoot(InheritanceSchema = InheritanceSchema.SingleTable)]
public abstract class EmployeeRole : Role
{
[Field, Key]
public int Id { get; set; }
protected override void RegisterPermissions()
{
// All employees can read products
RegisterPermission(new Permission<Product>());
// All employees can read other employees
RegisterPermission(new Permission<Employee>());
}
protected EmployeeRole(Session session)
: base(session) {}
}
public class StockManagerRole : EmployeeRole
{
protected override void RegisterPermissions()
{
// Stock manager inherits Employee permissions
base.RegisterPermissions();
// Stock manager can read and write products
RegisterPermission(new Permission<Product>(canWrite:true));
}
public StockManagerRole(Session session)
: base(session) {}
}
public class SalesRepresentativeRole : EmployeeRole
{
protected override void RegisterPermissions()
{
// Sales manager inherits Employee permissions
base.RegisterPermissions();
// All sales representative can read customer
RegisterPermission(new Permission<Customer>());
// All sales representative can read orders
RegisterPermission(new Permission<Order>());
}
protected EmployeeRole(Session session)
: base(session) {}
}
public class SalesManagerRole : SalesRepresentativeRole
{
protected override void RegisterPermissions()
{
// Sales manager inherits SalesRepresentativeRole permissions
base.RegisterPermissions();
// Sales managers can read and write orders
RegisterPermission(new Permission<Order>(canWrite:true));
}
protected SalesManagerRole(Session session)
: base(session) {}
}
public class SalesPresidentRole : SalesRepresentativeRole
{
protected override void RegisterPermissions()
{
// Sales manager inherits SalesRepresentativeRole permissions
base.RegisterPermissions();
// Sales president can read and write customers
RegisterPermission(new Permission<Customer>(canWrite:true));
// Sales president can read and write orders
RegisterPermission(new Permission<Order>(canWrite:true));
}
protected SalesManagerRole(Session session)
: base(session) {}
}
The roles should be intitalized on first domain build for being able to use them further, e.g:
using (var session = Domain.OpenSession()) {
using (var transaction = session.OpenTransaction()) {
new SalesRepresentativeRole(session);
new SalesManagerRole(session);
new SalesPresidentRole(session);
new StockManagerRole(session);
transaction.Complete();
}
}
Example #4. Assigning one of roles to a user.
using (var session = Domain.OpenSession()) {
using (var transaction = session.OpenTransaction()) {
var stockManagerRole = session.Query.All<StockManagerRole>().Single();
var user = new User(session);
user.Name = "peter";
user.SetPassword("password");
user.Roles.Add(stockManagerRole);
transaction.Complete();
}
}
Example #5. Checking whether a user has the required role
user.IsInRole("StockManagerRole");
// or
user.Roles.Contains(stockManagerRole);
Example #6. Session impersonation
using (var imContext = session.Impersonate(user)) {
// inside the region the session is impersonated with the specified
// principal and set of their roles and permissions
// Checking whether the user has a permission for reading Customer entities
imContext.Permissions.Contains<Permission<Customer>>(p => p.CanRead);
// Checking whether the user has a permission for writing to Customer entities
imContext.Permissions.Contains<Permission<Customer>>(p => p.CanWrite);
// another way
var p = imContext.Permissions.Get<Permission<Customer>>();
if (p != null && p.CanRead)
// allow doing some stuff
}
To end the impersonation call ImpersonationContext.Undo() or Dispose() method. Impersonation contexts can be nested, e.g.:
using (var userContext = session.Impersonate(user)) {
// do some user-related stuff
using (var adminContext = session.Impersonate(admin)) {
// do some admin stuff
}
// we are still in user impersonation context
}
// no context here
Example #7. Secure (restrictive) queries. A role may set up a condition that will be automatically added to any query and limits the query results, e.g.:
public class AutomobileManagerRole : EmployeeRole
{
private static IQueryable<Customer> GetCustomers(ImpersonationContext context, QueryEndpoint query)
{
return query.All<Customer>()
.Where(customer => customer.IsAutomobileIndustry);
}
protected override void RegisterPermissions()
{
base.RegisterPermissions();
// This permission tells that a principal can read/write customers
// but only those that are returned by the specified condition
RegisterPermission(new CustomerPermission(true, GetCustomers));
}
public AutomobileManagerRole(Session session)
: base(session) {}
}
Now all employees that have AutomobileManagerRole will read customers that have IsAutomobileIndustry property set to true, e.g.:
using (var session = Domain.OpenSession()) {
using (var transaction = session.OpenTransaction()) {
var automobileManagerRole = session.Query.All<AutomobileManagerRole>().Single();
var user = new User(session);
user.Name = "peter";
user.SetPassword("password");
user.Roles.Add(automobileManagerRole);
using (var context = session.Impersonate(user)) {
var customers = Query.All<Customer>();
// Inside the impersonation context the above-mentioned query condition
// will be added automatically so user will get only automobile customers
}
transaction.Complete();
}
}
Product | Versions Compatible and additional computed target framework versions. |
---|---|
.NET | net5.0 was computed. net5.0-windows was computed. net6.0 was computed. net6.0-android was computed. net6.0-ios was computed. net6.0-maccatalyst was computed. net6.0-macos was computed. net6.0-tvos was computed. net6.0-windows was computed. net7.0 was computed. net7.0-android was computed. net7.0-ios was computed. net7.0-maccatalyst was computed. net7.0-macos was computed. net7.0-tvos was computed. net7.0-windows was computed. net8.0 was computed. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. |
.NET Core | netcoreapp3.1 is compatible. |
-
.NETCoreApp 3.1
- System.Configuration.ConfigurationManager (>= 4.7.0)
- Xtensive.Orm (>= 7.0.5)
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.
Version | Downloads | Last updated |
---|---|---|
7.2.0-Beta-1 | 132 | 12/28/2023 |
7.1.2 | 215 | 10/18/2024 |
7.1.1 | 302 | 11/14/2023 |
7.1.0 | 283 | 4/12/2023 |
7.1.0-RC | 189 | 3/9/2023 |
7.1.0-Beta-2 | 242 | 12/19/2022 |
7.1.0-Beta-1 | 200 | 7/4/2022 |
7.0.5 | 103 | 6/3/2024 |
7.0.4 | 118 | 11/12/2023 |
7.0.3 | 559 | 3/21/2022 |
7.0.2 | 516 | 2/8/2022 |
7.0.1 | 409 | 10/29/2021 |
7.0.0 | 432 | 6/2/2021 |
6.0.13 | 135 | 4/4/2024 |
6.0.12 | 130 | 11/10/2023 |
6.0.11 | 488 | 1/12/2023 |
6.0.10 | 528 | 4/29/2022 |
6.0.9 | 562 | 2/2/2022 |
6.0.8 | 474 | 10/28/2021 |
6.0.7 | 436 | 8/27/2021 |
6.0.6 | 450 | 5/24/2021 |
6.0.5 | 534 | 3/9/2021 |
6.0.4 | 563 | 12/22/2020 |
6.0.3 | 556 | 9/29/2020 |
6.0.0 | 748 | 1/28/2020 |
5.1.0-Beta-1 | 1,144 | 1/30/2015 |
5.0.24 | 498 | 4/27/2021 |
5.0.23 | 490 | 2/4/2021 |
5.0.22 | 609 | 11/18/2020 |
5.0.21 | 569 | 11/6/2020 |
5.0.20 | 714 | 12/25/2019 |
5.0.19 | 720 | 5/30/2019 |
5.0.19-Beta-2 | 468 | 4/16/2019 |
5.0.19-Beta-1 | 606 | 12/29/2018 |
5.0.18 | 1,031 | 9/28/2018 |
5.0.18-Beta-3 | 700 | 7/2/2018 |
5.0.18-Beta-2 | 765 | 6/6/2018 |
5.0.18-Beta-1 | 790 | 4/24/2018 |
5.0.17 | 1,484 | 2/27/2018 |
5.0.17-Beta-3 | 860 | 2/12/2018 |
5.0.17-Beta-2 | 912 | 1/12/2018 |
5.0.17-Beta-1 | 871 | 12/28/2017 |
5.0.16 | 1,208 | 12/1/2017 |
5.0.16-Beta-1 | 801 | 9/27/2017 |
5.0.15 | 1,220 | 8/1/2017 |
5.0.14 | 1,131 | 6/19/2017 |
5.0.13 | 1,215 | 3/22/2017 |
5.0.12 | 1,165 | 2/14/2017 |
5.0.11 | 1,060 | 1/25/2017 |
5.0.11-RC2 | 824 | 12/16/2016 |
5.0.11-RC | 1,118 | 9/20/2016 |
5.0.10 | 1,119 | 8/5/2016 |
5.0.10-RC | 817 | 6/30/2016 |
5.0.9 | 1,421 | 3/3/2016 |
5.0.8 | 1,192 | 2/15/2016 |
5.0.7 | 1,152 | 1/27/2016 |
5.0.7-RC2 | 861 | 12/8/2015 |
5.0.7-RC | 924 | 9/10/2015 |
5.0.6 | 1,243 | 7/3/2015 |
5.0.5 | 1,391 | 4/23/2015 |
5.0.4 | 1,200 | 3/19/2015 |
5.0.4-RC | 1,092 | 2/25/2015 |
5.0.3 | 1,566 | 10/31/2014 |
5.0.2 | 1,276 | 9/11/2014 |
5.0.0 | 1,270 | 8/15/2014 |
5.0.0-RC2 | 924 | 8/1/2014 |
5.0.0-RC | 896 | 7/21/2014 |
5.0.0-Beta-3 | 922 | 5/28/2014 |
5.0.0-Beta-2 | 1,008 | 2/28/2014 |
5.0.0-Beta-1 | 1,039 | 11/14/2013 |
4.6.9 | 1,117 | 7/3/2015 |
4.6.8 | 1,150 | 8/1/2014 |
4.6.7 | 1,299 | 6/23/2014 |
4.6.6 | 1,402 | 4/9/2014 |
4.6.5 | 1,225 | 1/7/2014 |
4.6.4 | 1,479 | 9/30/2013 |
4.6.3 | 3,928 | 2/4/2013 |
4.6.2 | 1,705 | 11/28/2012 |
4.6.0 | 1,491 | 10/11/2012 |
4.6.0-RC | 1,142 | 10/4/2012 |
4.5.8 | 1,264 | 9/30/2013 |
4.5.7 | 1,262 | 2/4/2013 |
4.5.6 | 1,492 | 11/28/2012 |
4.5.5 | 1,411 | 10/11/2012 |
4.5.5-RC | 1,107 | 10/4/2012 |
4.5.3 | 1,397 | 8/6/2012 |
4.5.2 | 1,434 | 5/10/2012 |
4.5.0 | 1,603 | 3/13/2012 |