在哪里放置访问权限
[英]Where to place the access privileged
问题描述
I am developing an application in MVC4. 
我正在开发MVC4中的应用程序。 In that I have various types of user and each user carry different access privileged. 因为我有各种类型的用户,每个用户都具有不同的访问特权。 Depending upon the access user carry application will generate the view accordingly. 取决于访问权限,用户携带应用程序将相应地生成视图。 This Access will be give to user at the time of creation. 该访问权限将在创建时授予用户。
I have store this access privileged in Database. 我已将此访问权限特权存储在数据库中。 My Problem is that every time user did something I have to check the whether it has access or not, for that every time I need to take it from database but I don't want to do. 我的问题是,每次用户执行某项操作时,我都必须检查它是否具有访问权限,因为每次我都需要从数据库中获取它但我不想这样做时。 I wish do that to keep in a xml file but when multiple user use it will get over write which do malfunctioning. 我希望这样做以保留在xml文件中,但是当多个用户使用它时,它将覆盖发生故障的重写。
I want to know that what is the great place to keep those details so that it will be available me all the time through out the project. 我想知道保留这些详细信息的最佳位置是什么,以便在整个项目过程中始终可以使用它。
1 个解决方案
解决方案1
1 2014-04-07 15:54:32
You can store this information in the global Application Cache which is accessible to all sessions of your web application. 您可以将此信息存储在全局应用程序缓存中,您的Web应用程序的所有会话都可以访问该信息。 If you want to store the data per session then can you should consider storing your data in the Session. 如果要按会话存储数据,则可以考虑将数据存储在会话中。
Here is a link to techniques and best practices for caching in .net. 这是.net中缓存技术和最佳实践的链接。
Session caching is probably more useful in your case since the data is for a logged in user. 在这种情况下,会话缓存可能更有用,因为数据是针对已登录用户的。
Stuffing user data in the session is pretty straightforward. 在会话中填充用户数据非常简单。 Here is an example of how I would envision storing data about a user. 这是我如何设想存储有关用户的数据的示例。
public class MySession
{
private const string _SessionName = "__MY_SESSION__";
private MySession(){}
public MyUser CurrentUser { get; set; }
public static MySession Current
{
get
{
MySession session =(MySession)HttpContext.Current.Session[_SessionName];
if (session == null)
{
session = new MySession();
HttpContext.Current.Session[_SessionName] = session;
}
return session;
}
}
public void Clear()
{
HttpContext.Current.Session.Clear();
HttpContext.Current.Session.Abandon();
}
}
You can then use this class in some static helper class that is accessible to server side methods. 然后,您可以在服务器端方法可以访问的某些静态帮助器类中使用此类。
public static MyAppClass
{
public static MySession Session { get { return MySession.Current; } }
}
And then in your controllers you simply make a call similar to: 然后在您的控制器中,您只需拨打类似于以下内容的电话:
public ActionResult Login()
{
MyUser user=GetUserFromDatabase();
MyAppClass.Session.CurrentUser=user;
}
public ActionResult SomMethod()
{
MyUser loggedInUser=MyAppClass.Session.CurrentUser;
if(loggedInUser.CanAccess(something))
{
....
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.