[英]What precautions can I take for using custom authentication on a Windows application?
I am writing a new version of a Delphi app in WPF/MVVM. 我正在WPF / MVVM中编写Delphi应用程序的新版本。 It is not a complete redesign from the ground up, but rather just replacing Delphi code with WPF code, with a few modernization changes.
这不是从头开始的完整重新设计,而只是用WPF代码替换了Delphi代码,并进行了一些现代化的更改。 I currently only have access to the running Delphi app, not source, but will have that soon.
我目前只能访问正在运行的Delphi应用程序,而不能访问源代码,但是很快就可以访问。
Currently authentication uses a database query for a user name and hashed - I suspect it's not quite one way, but must address that later than today - password. 目前,身份验证使用数据库查询用户名并进行哈希处理(我怀疑这不是一种方法,但必须在今天以后解决)-密码。 How do I store that a user is authenticated, to check for access to all application commands and data?
如何存储用户已通过身份验证,以检查对所有应用程序命令和数据的访问? A simple private boolean in the
User
view model, an instance which is contained in the top level, application, view model? User
视图模型中的一个简单的私有布尔值,该实例包含在顶级应用程序视图模型中吗? Or maybe when I extend to authorization, simply the fact that the User
view model has been allocated a null list of permissions? 也许当我扩展到授权时,仅仅是为
User
视图模型分配了一个空权限列表这一事实? What is normally done here? 通常在这里做什么?
The application is an access control and time and attendance management app for a very large international corporation, so security levels need be fairly high. 该应用程序是一家大型国际公司的访问控制和考勤管理应用程序,因此安全级别需要相当高。 Using AD is not feasible at this point due to the equally massive user base and list of access rights, and the rewrite is on very high priority.
由于同样庞大的用户群和访问权限列表,此时使用AD是不可行的,并且重写具有很高的优先级。
Not a simple question, actually. 实际上,这不是一个简单的问题。
This doesn't fit as a comment, so I'm posting this as an answer: 这不适合作为评论,因此我将其发布为答案:
Those questions might help you decide which way to go. 这些问题可能会帮助您决定要走的路。
For example, if you're using 3-tier architecture, WCF for the communication, application used on a Windows domain, you might be interested in a non-custom authentication (you could use Windows authentication). 例如,如果您在Windows域上使用3层体系结构,用于通信的WCF应用程序,则您可能会对非自定义身份验证感兴趣(可以使用Windows身份验证)。 See MSDN (Authentication, Authorization, and Identities in WCF) .
请参阅MSDN(WCF中的身份验证,授权和身份) 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.