Xtensive.Orm.Security
7.0.5
See the version list below for details.
dotnet add package Xtensive.Orm.Security --version 7.0.5
NuGet\Install-Package Xtensive.Orm.Security -Version 7.0.5
<PackageReference Include="Xtensive.Orm.Security" Version="7.0.5" />
paket add Xtensive.Orm.Security --version 7.0.5
#r "nuget: Xtensive.Orm.Security, 7.0.5"
// Install Xtensive.Orm.Security as a Cake Addin #addin nuget:?package=Xtensive.Orm.Security&version=7.0.5 // Install Xtensive.Orm.Security as a Cake Tool #tool nuget:?package=Xtensive.Orm.Security&version=7.0.5
Xtensive.Orm.Security
Summary
The extension provides full-fledged security layer (authentication services, principals, roles, secured queries) There are 2 main parts that can also be used separately: authentication services and role-based access to domain entities
Prerequisites
DataObjects.Net 7.0.x or later (http://dataobjects.net)
How to use
Include types from Xtensive.Orm.Security assembly into the domain:
<Xtensive.Orm>
<domains>
<domain ... >
<types>
<add assembly="your assembly"/>
<add assembly="Xtensive.Orm.Security"/>
</types>
</domain>
</domains>
</Xtensive.Orm>
If you are planning to use one of authentication services add
<section name="Xtensive.Orm.Security" type="Xtensive.Orm.Security.Configuration.ConfigurationSection, Xtensive.Orm.Security" />
and set up the desired hashing service:
<Xtensive.Orm.Security>
<hashingService name="plain"/>
</Xtensive.Orm.Security>
Examples
Example #1. Definition of a class that inherits GenericPrincipal class that will describe your users, e.g.:
[HierarchyRoot]
public class User : GenericPrincipal
{
[Field, Key]
public int Id { get; private set; }
[Field]
public string LastName { get; set; }
[Field]
public string FirstName { get; set; }
...
public User(Session session)
: base(session)
{
}
}
Example #2. Having the User class defined above, it can be used for user creation and authentication.
// Creating a user
using (var session = Domain.OpenSession()) {
using (var transaction = session.OpenTransaction()) {
var user = new User(session);
user.Name = "admin";
user.SetPassword("password");
transaction.Complete();
}
}
// Authenticating a user
using (var session = Domain.OpenSession()) {
using (var transaction = session.OpenTransaction()) {
var user = session.Authenticate("admin", "password");
transaction.Complete();
}
}
Example #3. Definition of a hierarchy of roles for users. A role is a set of permissions for a job fuction within a company, e.g.:
EmployeeRole
|
|- StockManagerRole
|
|- SalesRepresentativeRole
|
|- SalesManagerRole
|
|- SalesPresidentRole
The role tree above can be represented like following:
// This is base role for all employees
[HierarchyRoot(InheritanceSchema = InheritanceSchema.SingleTable)]
public abstract class EmployeeRole : Role
{
[Field, Key]
public int Id { get; set; }
protected override void RegisterPermissions()
{
// All employees can read products
RegisterPermission(new Permission<Product>());
// All employees can read other employees
RegisterPermission(new Permission<Employee>());
}
protected EmployeeRole(Session session)
: base(session) {}
}
public class StockManagerRole : EmployeeRole
{
protected override void RegisterPermissions()
{
// Stock manager inherits Employee permissions
base.RegisterPermissions();
// Stock manager can read and write products
RegisterPermission(new Permission<Product>(canWrite:true));
}
public StockManagerRole(Session session)
: base(session) {}
}
public class SalesRepresentativeRole : EmployeeRole
{
protected override void RegisterPermissions()
{
// Sales manager inherits Employee permissions
base.RegisterPermissions();
// All sales representative can read customer
RegisterPermission(new Permission<Customer>());
// All sales representative can read orders
RegisterPermission(new Permission<Order>());
}
protected EmployeeRole(Session session)
: base(session) {}
}
public class SalesManagerRole : SalesRepresentativeRole
{
protected override void RegisterPermissions()
{
// Sales manager inherits SalesRepresentativeRole permissions
base.RegisterPermissions();
// Sales managers can read and write orders
RegisterPermission(new Permission<Order>(canWrite:true));
}
protected SalesManagerRole(Session session)
: base(session) {}
}
public class SalesPresidentRole : SalesRepresentativeRole
{
protected override void RegisterPermissions()
{
// Sales manager inherits SalesRepresentativeRole permissions
base.RegisterPermissions();
// Sales president can read and write customers
RegisterPermission(new Permission<Customer>(canWrite:true));
// Sales president can read and write orders
RegisterPermission(new Permission<Order>(canWrite:true));
}
protected SalesManagerRole(Session session)
: base(session) {}
}
The roles should be intitalized on first domain build for being able to use them further, e.g:
using (var session = Domain.OpenSession()) {
using (var transaction = session.OpenTransaction()) {
new SalesRepresentativeRole(session);
new SalesManagerRole(session);
new SalesPresidentRole(session);
new StockManagerRole(session);
transaction.Complete();
}
}
Example #4. Assigning one of roles to a user.
using (var session = Domain.OpenSession()) {
using (var transaction = session.OpenTransaction()) {
var stockManagerRole = session.Query.All<StockManagerRole>().Single();
var user = new User(session);
user.Name = "peter";
user.SetPassword("password");
user.Roles.Add(stockManagerRole);
transaction.Complete();
}
}
Example #5. Checking whether a user has the required role
user.IsInRole("StockManagerRole");
// or
user.Roles.Contains(stockManagerRole);
Example #6. Session impersonation
using (var imContext = session.Impersonate(user)) {
// inside the region the session is impersonated with the specified
// principal and set of their roles and permissions
// Checking whether the user has a permission for reading Customer entities
imContext.Permissions.Contains<Permission<Customer>>(p => p.CanRead);
// Checking whether the user has a permission for writing to Customer entities
imContext.Permissions.Contains<Permission<Customer>>(p => p.CanWrite);
// another way
var p = imContext.Permissions.Get<Permission<Customer>>();
if (p != null && p.CanRead)
// allow doing some stuff
}
To end the impersonation call ImpersonationContext.Undo() or Dispose() method. Impersonation contexts can be nested, e.g.:
using (var userContext = session.Impersonate(user)) {
// do some user-related stuff
using (var adminContext = session.Impersonate(admin)) {
// do some admin stuff
}
// we are still in user impersonation context
}
// no context here
Example #7. Secure (restrictive) queries. A role may set up a condition that will be automatically added to any query and limits the query results, e.g.:
public class AutomobileManagerRole : EmployeeRole
{
private static IQueryable<Customer> GetCustomers(ImpersonationContext context, QueryEndpoint query)
{
return query.All<Customer>()
.Where(customer => customer.IsAutomobileIndustry);
}
protected override void RegisterPermissions()
{
base.RegisterPermissions();
// This permission tells that a principal can read/write customers
// but only those that are returned by the specified condition
RegisterPermission(new CustomerPermission(true, GetCustomers));
}
public AutomobileManagerRole(Session session)
: base(session) {}
}
Now all employees that have AutomobileManagerRole will read customers that have IsAutomobileIndustry property set to true, e.g.:
using (var session = Domain.OpenSession()) {
using (var transaction = session.OpenTransaction()) {
var automobileManagerRole = session.Query.All<AutomobileManagerRole>().Single();
var user = new User(session);
user.Name = "peter";
user.SetPassword("password");
user.Roles.Add(automobileManagerRole);
using (var context = session.Impersonate(user)) {
var customers = Query.All<Customer>();
// Inside the impersonation context the above-mentioned query condition
// will be added automatically so user will get only automobile customers
}
transaction.Complete();
}
}
Product | Versions Compatible and additional computed target framework versions. |
---|---|
.NET | net5.0 was computed. net5.0-windows was computed. net6.0 was computed. net6.0-android was computed. net6.0-ios was computed. net6.0-maccatalyst was computed. net6.0-macos was computed. net6.0-tvos was computed. net6.0-windows was computed. net7.0 was computed. net7.0-android was computed. net7.0-ios was computed. net7.0-maccatalyst was computed. net7.0-macos was computed. net7.0-tvos was computed. net7.0-windows was computed. net8.0 was computed. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. net9.0 was computed. net9.0-android was computed. net9.0-browser was computed. net9.0-ios was computed. net9.0-maccatalyst was computed. net9.0-macos was computed. net9.0-tvos was computed. net9.0-windows was computed. |
.NET Core | netcoreapp3.1 is compatible. |
-
.NETCoreApp 3.1
- System.Configuration.ConfigurationManager (>= 4.7.0)
- Xtensive.Orm (>= 7.0.5)
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.
Version | Downloads | Last updated |
---|---|---|
7.2.0-Beta-1 | 136 | 12/28/2023 |
7.1.3 | 134 | 12/24/2024 |
7.1.2 | 265 | 10/18/2024 |
7.1.1 | 311 | 11/14/2023 |
7.1.0 | 288 | 4/12/2023 |
7.1.0-RC | 192 | 3/9/2023 |
7.1.0-Beta-2 | 246 | 12/19/2022 |
7.1.0-Beta-1 | 204 | 7/4/2022 |
7.0.6 | 86 | 12/19/2024 |
7.0.5 | 112 | 6/3/2024 |
7.0.4 | 124 | 11/12/2023 |
7.0.3 | 566 | 3/21/2022 |
7.0.2 | 524 | 2/8/2022 |
7.0.1 | 416 | 10/29/2021 |
7.0.0 | 441 | 6/2/2021 |
6.0.14 | 88 | 12/17/2024 |
6.0.13 | 142 | 4/4/2024 |
6.0.12 | 136 | 11/10/2023 |
6.0.11 | 538 | 1/12/2023 |
6.0.10 | 536 | 4/29/2022 |
6.0.9 | 571 | 2/2/2022 |
6.0.8 | 483 | 10/28/2021 |
6.0.7 | 444 | 8/27/2021 |
6.0.6 | 458 | 5/24/2021 |
6.0.5 | 542 | 3/9/2021 |
6.0.4 | 571 | 12/22/2020 |
6.0.3 | 563 | 9/29/2020 |
6.0.0 | 756 | 1/28/2020 |
5.1.0-Beta-1 | 1,153 | 1/30/2015 |
5.0.24 | 516 | 4/27/2021 |
5.0.23 | 497 | 2/4/2021 |
5.0.22 | 617 | 11/18/2020 |
5.0.21 | 577 | 11/6/2020 |
5.0.20 | 723 | 12/25/2019 |
5.0.19 | 726 | 5/30/2019 |
5.0.19-Beta-2 | 472 | 4/16/2019 |
5.0.19-Beta-1 | 610 | 12/29/2018 |
5.0.18 | 1,042 | 9/28/2018 |
5.0.18-Beta-3 | 707 | 7/2/2018 |
5.0.18-Beta-2 | 773 | 6/6/2018 |
5.0.18-Beta-1 | 797 | 4/24/2018 |
5.0.17 | 1,497 | 2/27/2018 |
5.0.17-Beta-3 | 869 | 2/12/2018 |
5.0.17-Beta-2 | 921 | 1/12/2018 |
5.0.17-Beta-1 | 879 | 12/28/2017 |
5.0.16 | 1,219 | 12/1/2017 |
5.0.16-Beta-1 | 809 | 9/27/2017 |
5.0.15 | 1,231 | 8/1/2017 |
5.0.14 | 1,143 | 6/19/2017 |
5.0.13 | 1,226 | 3/22/2017 |
5.0.12 | 1,175 | 2/14/2017 |
5.0.11 | 1,071 | 1/25/2017 |
5.0.11-RC2 | 831 | 12/16/2016 |
5.0.11-RC | 1,126 | 9/20/2016 |
5.0.10 | 1,131 | 8/5/2016 |
5.0.10-RC | 824 | 6/30/2016 |
5.0.9 | 1,434 | 3/3/2016 |
5.0.8 | 1,203 | 2/15/2016 |
5.0.7 | 1,162 | 1/27/2016 |
5.0.7-RC2 | 868 | 12/8/2015 |
5.0.7-RC | 931 | 9/10/2015 |
5.0.6 | 1,255 | 7/3/2015 |
5.0.5 | 1,403 | 4/23/2015 |
5.0.4 | 1,211 | 3/19/2015 |
5.0.4-RC | 1,099 | 2/25/2015 |
5.0.3 | 1,576 | 10/31/2014 |
5.0.2 | 1,286 | 9/11/2014 |
5.0.0 | 1,281 | 8/15/2014 |
5.0.0-RC2 | 934 | 8/1/2014 |
5.0.0-RC | 904 | 7/21/2014 |
5.0.0-Beta-3 | 929 | 5/28/2014 |
5.0.0-Beta-2 | 1,016 | 2/28/2014 |
5.0.0-Beta-1 | 1,049 | 11/14/2013 |
4.6.9 | 1,127 | 7/3/2015 |
4.6.8 | 1,162 | 8/1/2014 |
4.6.7 | 1,312 | 6/23/2014 |
4.6.6 | 1,414 | 4/9/2014 |
4.6.5 | 1,235 | 1/7/2014 |
4.6.4 | 1,490 | 9/30/2013 |
4.6.3 | 3,938 | 2/4/2013 |
4.6.2 | 1,717 | 11/28/2012 |
4.6.0 | 1,502 | 10/11/2012 |
4.6.0-RC | 1,150 | 10/4/2012 |
4.5.8 | 1,274 | 9/30/2013 |
4.5.7 | 1,275 | 2/4/2013 |
4.5.6 | 1,502 | 11/28/2012 |
4.5.5 | 1,422 | 10/11/2012 |
4.5.5-RC | 1,115 | 10/4/2012 |
4.5.3 | 1,408 | 8/6/2012 |
4.5.2 | 1,443 | 5/10/2012 |
4.5.0 | 1,616 | 3/13/2012 |