We have actually built-in security using .NET Core Identity:
and Active Directory support:
In my opinion Radzen default security is much easier since you do not have to deal with your database schema at all - everything can be setup quickly from Radzen UI.
Did you get a chance to look at the link I posted?
It goes far beyond "basic" security... and keeping users from accessing a form... based on a role.
It implements row level security....
This has been a requirement for every web app I've built over the past two decades...
Users can only see their rows... and they cannot see other users' rows.
Managers can see their rows and their team members' rows...
Administrators can see all the rows...
I could go into all the details... But, the link I posted will save me from repeating it all here.
If I'm missing something, I'd love to hear how Radzen implements Advanced Security - Dynamic User Level Security including Static and Dynamic User Levels like PHP Maker "out of the box."
In the end, this is one wheel I don't want to "reinvent."
I would ask when this is added to Radzen.... Please... Please... Please implement it like PHP Maker did.
I've used a couple other tools that require you to manually "hard code" it directly in each and every form in the "code generator's" UI...
These were tedious.... I needed to go into every form... copy and paste the new code...
These were inflexible.... every time a change needed to be made... I needed to go into every form... copy and paste the updated code... recompile... and redeploy.
These made me want to pull my hair out.... really.
I wasted dozens of hours because they didn't really think through the process... or how much work it would create... It totally blows my mind they didn't look at PHP Maker to see how others implemented this in their "code generator's" UI.
Ideally, I would like to see a concept very similar to PHP Maker's "Advanced Security - Dynamic User Level Security" in Radzen.... It makes it very easy for Developers and App Administrators.
@SteelPhantomDude there are plenty of publicly facing web applications that don't have row-level security - you are browsing one at the moment
This isn't currently on the Roadmap. Still it is very easy to implement with a few lines of code and is mentioned in our Complete application tutorial. Here is an example:
partial void OnOpportunitiesRead(ref IQueryable<Opportunity> items)
{
var userId = security.User.Id;
// Filter the opportunities by the current user's id
items = items.Where(item => item.UserId == userId);
}
If it did NOT, I could then edit your posts... or anyone else's posts. It would be a total screwed up mess....
Someone could go in and replace each and every post with.... I LOVE PRESIDENT TRUMP. Some people may like it. Even if they love Trump, most will not like all of the posts "disappearing."
The way the forum is setup, I can add and edit my own posts..... I can view other's posts... An Admin may be able to edit and delete all users posts as well...
But, users cannot "randomly" edit other's users posts... or delete them because of row level security.
This underscores exactly how important this is... in the real world of public facing web applications.
Role level security... the only way Radzen implements security... may be feasible for some small internal business applications... But, for real world public facing web applications... It leaves massive security holes.
Imagine... if this forum implemented security like Radzen allowing all those in the user role to add, update and delete ALL posts... It would be total chaos!
I understand there are methods for filtering records in classes. But, that is creating way more manual work for each table than is really needed when compared to how elegantly an inexpensive tool ($299.95) such as PHPMaker does it.
While I understand there is a ton of emphasis on the "UI Builder" of Radzen, I'm disappointed that Radzen at $599 is still missing functionality... 16 months after it was initially brought to light.
I guess you didn't read my response completely as it shows the one line of code that implements "row level security" as you understand it.
Anyway it seems that you have found a solution (PHPMaker) that meets your requirements in terms of features and pricing! Glad to hear that. Locking this thread now as there is nothing more to add.