[英]How to set DB connection string username & password outside of Startup.cs?
I want to be able to restrict CRUD access for non-logged in users of a web application. 我希望能够限制Web应用程序的未登录用户的CRUD访问。 This means I need to set the connection string after I have validated if they are a currently logged in user or not.
这意味着我需要在验证它们是否是当前登录用户之后设置连接字符串。
I have CRUD restrictions in my code, but want to put the account permissions in place to ensure users cannot access tables they are not supposed to access, or perform actions they are not supposed to perform. 我的代码中有CRUD限制,但希望将帐户权限放在适当的位置,以确保用户无法访问他们不应访问的表,或执行他们不应执行的操作。
Right now my connection string is set in my Startup.cs
file: 现在我的连接字符串在我的
Startup.cs
文件中设置:
services.AddDbContext<WorldContext>(options => options
.UseMySql(_config["ConnectionStrings:Database"]));
How can I set the connection string, or at least the username & password for the DB account outside of startup? 如何在启动之外设置连接字符串,或者至少设置数据库帐户的用户名和密码? Sometime after I have validated that the user is logged in?
在我确认用户已登录后的某个时间?
I am using ASP.Net Core
, Entity Framework Core
, and Asp.NET Core Identity
. 我正在使用
ASP.Net Core
, Entity Framework Core
和Asp.NET Core Identity
。
I want to grant only the necessary permissions that the user will need. 我只想授予用户所需的必要权限。 As quoted from here: https://msdn.microsoft.com/en-us/library/cc716760(v=vs.110).aspx
引用自: https : //msdn.microsoft.com/en-us/library/cc716760(v = vs1010).aspx
Grant users only the necessary permissions in the data source.
仅授予用户数据源中的必要权限。 A data source administrator should grant only the necessary permissions to users.
数据源管理员应仅向用户授予必要的权限。 Even though Entity SQL does not support DML statements that modify data, such as INSERT, UPDATE, or DELETE, users can still access the connection to the data source.
尽管Entity SQL不支持修改数据的DML语句,例如INSERT,UPDATE或DELETE,但用户仍然可以访问与数据源的连接。 A malicious user could use this connection to execute DML statements in the native language of the data source.
恶意用户可以使用此连接以数据源的本机语言执行DML语句。
There are multiple ways to do this but I would like to do it like this. 有多种方法可以做到这一点,但我想这样做。
Create two DbContext
one for user authentications and reading users database login details. 创建两个
DbContext
用于用户身份验证和读取用户数据库登录详细信息。 Second for users which used to do CRUD operations on rest of the tables. 其次是用于在其余表上执行CRUD操作的用户。
Question is how we register these two DbContext
and where??? 问题是我们如何注册这两个
DbContext
以及???
Here Asp.net Core
Dependence Injection will did lots of work for us. 在这里
Asp.net Core
Dependence Injection将为我们做很多工作。
We can register the LoginDbContext
in Startup.cs
(as sample project did) which will used to validate the users and get there DB
users login details.Also need to Inject IServiceCollection
where we validate the users, So we can register the CRUDDbContext
while creating connection string with user detail which we get from database. 我们可以在
Startup.cs
注册LoginDbContext
(作为示例项目),用于验证用户并获取DB
用户登录详细信息。还需要Inject IServiceCollection
我们验证用户,因此我们可以在创建连接时注册CRUDDbContext
我们从数据库中获取的用户详细信息的字符串 After that we can Inject the CRUDDbContext
in controller or repository classes. 之后,我们可以在控制器或存储库类中注入
CRUDDbContext
。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.