简体繁体 English

.Net 应用程序：数据库连接最佳实践

[英].Net Application: Database Connection Best Practices

原文 2020-01-18 20:05:23 2 1 c#/ .net/ database/ database-connection/ desktop-application

I am a beginner in programming in the sense that I have 0 expérience: I have never developped any application.我是编程初学者，因为我有 0 次经验：我从未开发过任何应用程序。 A few months ago, I started developping a desktop app in WPF/C# with a SQL Server Database.几个月前，我开始使用 WPF/C# 和 SQL Server 数据库开发桌面应用程序。

As I am more familiar with Databases, the first thing I did was create my DB and all the tables & relationships.随着我对数据库更加熟悉，我做的第一件事就是创建我的数据库以及所有表和关系。 I knew that I didn't want to include my queries in my application so I created 100+ stored procedures containing all the logics that have to be implemented in my app.我知道我不想在我的应用程序中包含我的查询，所以我创建了 100 多个存储过程，其中包含必须在我的应用程序中实现的所有逻辑。 Now that I have finished creating my UI, I am about to start coding and the first thing I have to do is establish a connection between my app and my DB and I know that it wouldn't be good practice to include my connection string, DB user/passwords in the App.config due to risk of future maintainance problems.现在我已经完成了我的 UI 的创建，我即将开始编码，我要做的第一件事就是在我的应用程序和我的数据库之间建立一个连接，我知道包含我的连接字符串不是一个好的做法，由于未来维护问题的风险，App.config 中的数据库用户/密码。

I believe that the best thing to do would be to have a sort of layer between my application and my database where I can store connection informations so that my app can interact with that layer and the layer with the DB.我相信最好的办法是在我的应用程序和我的数据库之间有一个层，我可以在其中存储连接信息，以便我的应用程序可以与该层以及与数据库的层进行交互。 My question is: how do I do that?我的问题是：我该怎么做？ I have seen answers here that suggests creating a WCF service.我在这里看到了建议创建 WCF 服务的答案。 This is like a foreign language to me but I am very willing to learn.这对我来说就像一门外语，但我非常愿意学习。 I would like to have some feedback on whether someone with 0 programming experience can implement such an architecture or should I just give up.我想得到一些关于 0 编程经验的人是否可以实现这样的架构或者我应该放弃的反馈。 Is there no open source documentation that has this type of implementation?是否没有具有此类实现的开源文档？

Secondly, are there other best practices that I should be aware of regarding my applications?其次，关于我的应用程序，我还应该了解其他最佳实践吗？ For instance:例如：

I have implemented a RBAC approach but all access controls are implemented in my stored procedures.我已经实现了 RBAC 方法，但所有访问控制都在我的存储过程中实现。 Is that Ok?这可以吗？
Connecting to the app requires a username and a password.连接到应用程序需要用户名和密码。 Those information are stored in one single table in my DB.这些信息存储在我的数据库中的一个表中。 I am thinking of encrypting the password field.我正在考虑加密密码字段。
The app can be distributed to multiple clients.该应用程序可以分发给多个客户端。 I am thinking of implementing three different DataBases (Test, Accept and Production, probably in different servers as well) and for each client, I will create a specific schema in the DB so that each client has its own objects.我正在考虑实现三个不同的数据库（测试、接受和生产，可能也在不同的服务器中）并且对于每个客户端，我将在数据库中创建一个特定的模式，以便每个客户端都有自己的对象。 This way, there never is interaction between data from different clients.这样，来自不同客户端的数据之间永远不会发生交互。 The problem is providing the app to a new client will require customizing everything (schema, tables, procedures, fucntions, ...) but I feel like this can cause maintainance problems as each change will have to be applied accross each client's schema.问题是向新客户端提供应用程序需要自定义所有内容（架构、表、过程、功能等），但我觉得这可能会导致维护问题，因为每个更改都必须应用于每个客户端的架构。
Regaring DB connection, while it is possible to include a connection string in the App.Config, in Visual Studio, there is also the possibility to directly connect to the DataBase in DataSources.关于DB连接，虽然可以在App.Config中包含连接字符串，但在Visual Studio中，也可以直接连接到DataSources中的DataBase。 What's the best approach?最好的方法是什么？

I might miss some other things but It would be great to have feedback on those questions.我可能会错过一些其他的东西，但如果能对这些问题有反馈，那就太好了。

1 个解决方案

Now that I have finished creating my UI现在我已经完成了我的用户界面的创建

Up to reading this I thought you'd finished creating your back end在阅读本文之前，我以为您已经完成了后端的创建

I know that it wouldn't be good practice to include my connection string, DB user/passwords in the App.config due to risk of future maintainance problems.我知道由于未来维护问题的风险，在 App.config 中包含我的连接字符串、数据库用户/密码不是一个好习惯。

If you're not going to store your connection string in the app.config then you need another way of authenticating, such as windows credentials.如果您不打算将连接字符串存储在 app.config 中，那么您需要另一种身份验证方式，例如 Windows 凭据。 Or you need to encrypt sections of your app config.或者您需要加密应用程序配置的部分。 It's more about security than future maintenance.与其说是未来的维护，不如说是关于安全性。 If anything not putting db connection details in your app.config will create more maintenance headaches because for the most part things are engineered to expect that that's where they will be.如果没有将 db 连接详细信息放在 app.config 中，则会造成更多的维护麻烦，因为在大多数情况下，事情的设计都是为了期望那是他们所在的位置。 You can store them in aa text file or ask your user for them every time, if you like, of course当然，如果您愿意，您可以将它们存储在文本文件中或每次向您的用户询问它们

I believe that the best thing to do would be to have a sort of layer between my application and my database where I can store connection informations so that my app can interact with that layer and the layer with the DB.我相信最好的办法是在我的应用程序和我的数据库之间有一个层，我可以在其中存储连接信息，以便我的应用程序可以与该层以及与数据库的层进行交互。

It's not so much about storing connection details;与存储连接详细信息无关； this sounds like you're starting to break into the typical architecture of having a data layer that deals with objects in the database, and a business logic layer that deals with operations the business needs to perform using one or more data layer entities.这听起来像是您开始打破具有处理数据库中对象的数据层和处理业务需要使用一个或多个数据层实体执行的操作的业务逻辑层的典型架构。 Creating a new account will require info about the person and the address, and the data layer might reat these as different things, whereas the business layer thinks of them as one thing vital to a particular process创建新帐户将需要有关人员和地址的信息，数据层可能会将它们视为不同的事物，而业务层会将它们视为对特定流程至关重要的一件事

how do I do that?我怎么做？

Most people do it by deferring data related things to a library like EF, that is interested in the db and the entities it contains and modelling them in code.. Then you have a set of classes taht define the operations you will perform to achieve the business goal, and a set of data storage classes that support those operations, and a set of processes for mapping the business objects to the database entity objects;大多数人通过将数据相关的事情推迟到像 EF 这样的库中来做到这一点，该库对 db 及其包含的实体感兴趣，并在代码中对它们进行建模。业务目标，一组支持这些操作的数据存储类，以及一组将业务对象映射到数据库实体对象的过程； a CreateAccountModel is generated by the UI and passed to a AccountRepository's CreateAccount method; CreateAccountModel 由 UI 生成并传递给 AccountRepository 的 CreateAccount 方法； internally the account repository knows about Person objects and Address objects in the DB, via a db context, and will create one of each using the data it finds in the CreateAccountModel.在内部，帐户存储库通过 db 上下文了解 DB 中的 Person 对象和 Address 对象，并将使用它在 CreateAccountModel 中找到的数据创建其中的一个。 This disconnects the business requirement process of creating an account from the things that store the data.这将创建帐户的业务需求过程与存储数据的事物断开连接。 Conceptually you can swap out the database for another that stores Individual and Location instead of Person and Address, and the business layer doesn't care.从概念上讲，您可以将数据库换成另一个存储个人和位置而不是人员和地址的数据库，而业务层并不关心。 Read around on the topic;阅读有关该主题的内容； there isn't a right or wrong way to do it so it's not an easy question to present a fact based answer to没有正确或错误的方法来做到这一点，因此提出基于事实的答案并不是一个容易的问题

I have seen answers here that suggests creating a WCF service我在这里看到了建议创建 WCF 服务的答案

WCF is a framework for webservices; WCF 是一个 Web 服务框架； websites that a computer can use instead of a human.计算机可以代替人类使用的网站。 You could insert this layer of abstraction for sure but realistically you'd only want to do it if your user interface is somehow very distant from your data storage and processing center, or your business financial model relies on your providing your software as a service to someone.您可以肯定地插入这一抽象层，但实际上，如果您的用户界面与您的数据存储和处理中心相距甚远，或者您的业务财务模型依赖于您将软件作为服务提供给某人。 I wouldn't expect a UI that is used locally and has its own DB to need to complexity of being operable over a network, if all it will ever do is call the service on the local machine我不希望在本地使用并拥有自己的数据库的 UI 需要通过网络进行操作的复杂性，如果它所做的只是在本地机器上调用服务

should I just give up我应该放弃吗

It's not a question SO is designed to answer.这不是 SO 旨在回答的问题。 It's not a question that a seasoned professional asks这不是经验丰富的专业人士会问的问题

Is there no open source documentation that has this type of implementation?是否没有具有此类实现的开源文档？

There are millions of projects and thousands of architectures;有数百万个项目和数以千计的架构； this should tell you that there is more than one way of doing something and ultimately what is right is subjective/opinion.这应该告诉您做某事的方法不止一种，最终正确的是主观/意见。 If it works, and doesn't crash and meets the client's expectations and didn't cost you more to build and maintain than you were paid for it, you could say it was right如果它有效，并且不会崩溃并满足客户的期望，并且您的构建和维护成本没有超过您支付的费用，那么您可以说它是正确的

Secondly, are there other best practices that I should be aware of regarding my applications?其次，关于我的应用程序，我还应该了解其他最佳实践吗？

Probably hundreds of them, but not a question SO is designed to answer可能有数百个，但不是 SO 旨在回答的问题

Is that Ok?这可以吗？

Does it meet the criteria for being OK?它是否符合 OK 的标准？

Connecting to the app requires a username and a password.连接到应用程序需要用户名和密码。 Those information are stored in one single table in my DB.这些信息存储在我的数据库中的一个表中。 I am thinking of encrypting the password field.我正在考虑加密密码字段。

Passwords should always be one way encrypted.密码应始终以一种方式加密。 You take what you're given by the user, apply the same one way encrypt and compare the result with the stored encrypt.您采用用户提供的内容，应用相同的一种方式加密并将结果与存储的加密进行比较。 Same result, password supplied by the user was good同样的结果，用户提供的密码是好的

The app can be distributed to multiple clients.该应用程序可以分发给多个客户端。 I am thinking of implementing three different DataBases (Test, Accept and Production, probably in different servers as well) and for each client, I will create a specific schema in the DB so that each client has its own objects.我正在考虑实现三个不同的数据库（测试、接受和生产，可能也在不同的服务器中）并且对于每个客户端，我将在数据库中创建一个特定的模式，以便每个客户端都有自己的对象。 This way, there never is interaction between data from different clients.这样，来自不同客户端的数据之间永远不会发生交互。 The problem is providing the app to a new client will require customizing everything (schema, tables, procedures, fucntions, ...) but I feel like this can cause maintainance problems as each change will have to be applied accross each client's schema.问题是向新客户端提供应用程序需要自定义所有内容（架构、表、过程、功能等），但我觉得这可能会导致维护问题，因为每个更改都必须应用于每个客户端的架构。

Not one we can answer as we don't know your target market's desire for data separation.我们无法回答，因为我们不知道您的目标市场对数据分离的需求。 Most companies that sign up to a service are OK with sharing a DB with other clients, and having separation achieved via some in-table data means such as "clients have their own totally random GUID, then all the accounts have a clientid, all the users have an accountid etc.." so there's a definite hierarchy to the data and a separation.大多数注册服务的公司都可以与其他客户共享数据库，并且通过一些表内数据实现分离意味着“客户有自己的完全随机的GUID，然后所有帐户都有一个clientid，所有的用户有一个 accountid 等等。”所以数据和分离有明确的层次结构。

If you will only have a handful of clients and they demand high degree of separation from peers, you could consider to make a new db (same structure, different data) for each of them, because dealing with multiple different schema with identical tables can be a nightmare如果你只有少数客户端并且他们要求与对等点高度分离，你可以考虑为每个客户端创建一个新的数据库（相同结构，不同数据），因为处理具有相同表的多个不同模式可能是一个噩梦

Regaring DB connection, while it is possible to include a connection string in the App.Config, in Visual Studio, there is also the possibility to directly connect to the DataBase in DataSources关于DB连接，虽然可以在App.Config中包含连接字符串，但在Visual Studio中，也可以直接连接DataSources中的DataBase

There is, but you might find that your connection string ends up stored in a config file anyway.有，但您可能会发现您的连接字符串最终存储在配置文件中。 Visual Studio is not usually present on the client machine that runs the app so anything it knows that is vital for the app to work is bundled with the app when you publish运行应用程序的客户端计算机上通常不存在 Visual Studio，因此在您发布时，它知道的对应用程序工作至关重要的任何内容都与应用程序捆绑在一起