WAF has a classic three layer architecture. The first layer is the data layer. The relevant objects are located under the namespace “WAF.Data”. For most parts you do not need to access this API. The key function of this layer is to translate queries to SQL and convert the results into WAF objects. The layer also deals with the text indexing and content link library.
The central object is the WAF.Data.DataAccessObject object. Each WAF installation has one active instance of this object. You can access it via the WAF engine with: WAF.Runitme.Engine.Dao
The WAF engine layer contains the objects you work against to retrieve and set information in WAF.
They layer also contains the objects needed to host schedules tasks and the Workflow system to host application threads that run outside the context from a normal page request.
The API in this layer is designed to work in any thread context, whether it is a windows workflow, a HTTP request, a windows winform application etc.
There are two main objects in this layer. The WAFSession and the WAFEngine object.
In each installation there is one instance of WAFEngine. You can access it with: “WAF.Runtime.Engine”. This object forms the central runtime core of a WAF installation. The object contains all the major parts that make up the WAF runtime:
- The WAF DAO object
- All WAF Sessions
- The WAF Workflow Runtime
- The WAF Query Cache
- The WAF Content Cache
- Methods for changing content data
- Methods for updating the search index
- Methods for modifying the semantic data model
However, most of the time you will not access this object directly.
The key API object in WAF is “WAF.Engine.WAFSession”. An instance of WAFSession is created for every HTTP session. Each WAFSession holds session related information like the user associated with it, the current user culture and current site. The WAFSession instance is automatically created on the first page request and it is disposed after a fixed amount of minutes without activity. All methods on the session object checks if the user has access to execute the requested action. This applies to both read and write access. Every retrieval of a content object goes through one of the methods on the session object. Every content object has a reference to the session object that was used to retrieve it. The same applies to all content queries. A content query is also always associated with a WAFSession and the result it filtered according to the users’ access rights and the session’s culture.
Like the WAFEngine object, the WAFSession object is designed to work in any thread context. You can use all of its methods in any context whether it is a HTTP Request, during the execution of a Windows Workflow, or other context.
In general you should use the WAFSession object during the generation of html page content. This ensures you only output the content the current user has access to. To access the session associated with a page request you can use: “WAF.Presentation.Web.WAFContext.Session”
In the context of a Windows Workflow you can use “WAF.Engine.Workflow.Runtime.WFContext.Session”. This is a reference to the session that started the workflow.
If you need access to methods or data the current user does not have access to there is a system session you can use. This is a special session that is always present in a WAF installation. This session has full access to everything in WAF. Internally it is used to run scheduled tasks and miscellaneous maintenance work like content indexing. The system session can be accessed with: “WAFRuntime.SystemSession”. This session never times out. Be aware that the current culture of the System Session might be different to the culture of the current session associated with the page view.
A typical example would be the generation of contents to store data from a web form. Often anonymous users does not have access to create content, but if you create the new content with the system session you will be able to run the “UpdateChanges()” method on the content to insert the data even though the user associated with the page request is anonymous and does not have access to create content. It is however good practice to use the system session as little as possible as you lose the built in security protection through the session associated with the user. You must also remember to ensure the content is created in the correct culture and to update the contents author ID correctly.
The presentation layer in WAF contains a collection of objects used in the presentation of content to the user. Primarily this is in the context of web in the form of HTML.
The key object is “WAF.Presentation.Web.WAFContext”. This object is a static object. It contains a series of methods and properties related to the current http page request.
The most important property is: “WAFContext.Session”. This give access to the session associated with the page request and you should use this session access the content in WAF during a page request. All methods on this session has built in security checks to make sure the current user has sufficient access run the method you are calling.
WAFContext has a series of properties and helper methods for generating URL’s. By using the methods on the WAFContext object you ensure that the URL’s will be correct relative to the current page request. The main method to get the URL of another content is: “WAFContext.GetUrl()”