How to assign a default security role to a new application user when Windows authentication is enabled

I want to talk about a typical scenario where AuthenticationActiveDirectory and SecurityStrategyComplex/SecurityComplex/SecuritySimple strategies are involved. Currently, when the AuthenticationActiveDirectory.CreateUserAutomatically option is set to True (the default value), a new Windows user opening such an application gets full administrative privileges.  While it can be good in certain scenarios, in others it is best to restrict this new user by assigning some limiting access permissions, e.g. to be able to view some records only.

There are several ways to accomplish this task in XAF:

1. You can create a user object manually and assign a custom role to it via the AuthenticationActiveDirectory.CustomCreateUser event. To subscribe to the CustomCreateUser event, run the Application Designer and focus the AuthenticationActiveDirectory component. Then, in the Properties window, switch to Events and double click CustomCreateUser in the property grid.

Redirecting from an external hyperlink to a View in an XAF Web app with the ASP.NET Forms Authentication - YOUR FEEDBACK IS NEEDED

I wanted to ask the XAF community members interested in this functionality to test a simpler solution to the problem described in this thread. Long story short, you have a hyperlink to an XAF Web application form like this: 

http://localhost:50292/Default.aspx#ShortcutViewID=Department_DetailView&ShortcutObjectKey=782f7cc7-123a-4145-be2d-5dd95f59f80f&ShortcutObjectClassName=MainDemo.Module.BusinessObjects.Department&Shortcutmode=View

and want to include it in an email and send it to a user so that he or she is able to navigate to that view on your web site (e.g., open a user profile or changed order details). If that app has a security system  with a logon form enabled, then the URL fragment after # is cut after a successful authentication, which makes navigation to the required app screen not possible by default. Instead, the URL fragment before the hash symbol is opened (see similar threads on StackOverFlow for more details: one, two, three).

There was a tricky solution to work around the default ASP.NET request processing mechanism in the original Support Center thread, but today I wanted to share a simpler solution for our users.

Here it comes:

1. In the Solution Explorer, right-click the YourSolutionName.Web/Login.aspx file and invoke the View Markup command from the context menu.

2. Paste the <script/> element with the JavaScript code below before the </body> element, as follows: