堆栈内存溢出
  简体   繁体   English

我应该使用哪种方法将数据库或目录服务(AD LDS(ldap))用于Windows应用程序(.net)的角色管理?为什么?

[英]Which approach should i use database or directory services (AD LDS(ldap)) for role management a windows application (.net)?And Why?

 原文  2014-02-24 18:01:56       c#/ .net/ database/ windows/ active-directory

问题描述

I have a windows service, and want to define two roles (administrator and reader) for all the users whoever tries to access my service. 我有一个Windows服务,并且想为所有尝试访问我的服务的用户定义两个角色(管理员和读者)。 So that whoever is assigned with administrator role can have full control over my system, whereas reader can only do readonly operations. 这样,无论是谁分配了管理员角色,都可以完全控制我的系统,而读者只能执行只读操作。

So, looks like I have two options. 因此,看起来我有两个选择。

Approach using Database 使用数据库的方法

I can simply use database to maintain and their corresponding roles. 我可以简单地使用数据库来维护它们的相应角色。 so, whenever I get a request based on user context, I can validate by querying the db and validate it. 因此,只要我收到基于用户上下文的请求,就可以通过查询数据库进行验证并对其进行验证。

It sounds simple option, but how to make it safe? 听起来很简单,但是如何使其安全呢?

  • For ex, if some looks at my code in reflector, they can find out which table and manipulate the contents so that they can exploit this solution :( 例如,如果有人在反射器中查看我的代码,他们可以找出哪个表并处理内容,以便他们可以利用此解决方案:(

Approach using Directory Services (AD LDS - LDAP) 使用目录服务的方法(AD LDS-LDAP)

Looks like Microsoft defined Active Directory lightweight Directory Service particularly for this purposes. 看起来像Microsoft为此定义的Active Directory轻型目录服务。 I can probably define my own roles and probably add windows security principals to them so that only the AD LDS administrators can manipulate - looks like better approach. 我可能可以定义自己的角色,并可能向他们添加Windows安全性主体,以便只有AD LDS管理员才能进行操作-看起来是更好的方法。

But, I am not sure how to do this programmatically in c# - can any one give me pointers so that I can have a quick start? 但是,我不确定如何在C#中以编程方式执行此操作 -任何人都可以给我指点以便我快速入门吗?

Finally, which option is better/recommended and why? 最后,哪个选项更好/推荐,为什么?

Update: 更新:

Looks like these two User Group and Role Management in .NET with Active Directory , What does "active directory integration" mean in your .NET app? 看起来像是带有Active Directory的.NET中的这两个用户组和角色管理, .NET应用程序中的“活动目录集成”是什么意思? gives me some detail in what I am looking for, and it looks like its probably take some time before I consolidate these to define approach for my app :) 给了我一些我想要的东西的细节,看来我可能需要一些时间才能合并它们以定义应用程序的方法:)

Best Regards! 最好的祝福!

1 个解决方案

解决方案1
 1 已采纳  2014-02-24 18:55:15

This will get you the SID of the groups 这将使您获得组的SID
You just need to determine the SID of the group you determine to be admin 您只需要确定要确定为管理员的组的SID 

System.Security.Principal.WindowsIdentity identity = System.Security.Principal.WindowsIdentity.GetCurrent();
Debug.WriteLine(identity.Name);
foreach (System.Security.Principal.IdentityReference ir in identity.Groups) Debug.WriteLine(ir.Value);

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 我应该为Windows应用程序使用哪个事件处理程序? - Which Event handler should i use for my windows application? 数据库触发器或应用程序代码? 在这种情况下,我应该使用哪一个? - Database trigger or application code? which one should I use in this case? 小型网络应用程序应使用哪个数据库 - Which Database should I use for small network application 我应该使用哪个.NET异常来发出外部应用程序故障信号? - Which .NET exception should I use for signaling external application failure? ASP.NET身份通过LDAP身份验证进行角色管理 - ASP.NET Identity Role management through LDAP Authentication 如何在 AspNet Core 3 中将 Azure AD 身份验证与基于 SQL 的角色管理结合使用? - How do I use Azure AD authentication with SQL based role management in AspNet Core 3? 我应该使用辅助角色还是线程来重置数据库中条目的状态? - Should I use a Worker Role or a Thread to reset the states of an entry in the database? 通过DateTime自定义属性搜索Active Directory(AD LDS) - Search Active Directory (AD LDS) by DateTime custom attribute IEnumerable的作用是什么<t>我为什么要使用它?</t> - What's the role of IEnumerable<T> and why should I use it? 我应该使用哪个框架和数据库? - Which framework and database should i use?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM