简体繁体 English

客户端通过Internet访问SQL Server

[英]Client Access to SQL Server over the Internet

原文 2009-10-17 17:34:21 4 3 c#/ sql-server/ wcf/ web-services/ data-structures

Does anyone have any opinions over the best ways to connect a client to SQL Server to get data. 是否有人对将客户端连接到SQL Server以获得数据的最佳方法有任何意见。

So lets say I have a C# DataGridView in a Winform not on the internal network and I need to load it with a lot of data. 因此，可以说我在内部网络上的Winform中有一个C＃DataGridView，而我需要用大量数据加载它。

Currently to access the data we call a component SQLDataAdapter in the client which opens a connection to the SQL server, loads a DataSet and then closes the db connection. 当前，要访问数据，我们在客户端中调用组件SQLDataAdapter，该组件打开与SQL Server的连接，加载DataSet，然后关闭db连接。 This is using SQL Server Authentication and there are many applications being ran over the internet connecting the same way at the same time. 这使用的是SQL Server身份验证，并且有许多应用程序同时通过相同的方式通过Internet运行。

So I want to increase security and not degrade performance. 因此，我想提高安全性而不降低性能。 Which of these options or other options should I look into? 我应该研究以下哪个选项？

-Connect the same way but keep connections open for duration of the users time in the app. -以相同的方式连接，但在应用程序中的用户使用时间内保持连接打开状态。

-Create WebServices server and pass dataset or collection to client. -创建WebServices服务器，并将数据集或集合传递给客户端。

-Create WCF server and connect to db. -创建WCF服务器并连接到数据库。 (LINQ, Identify Framework, ADO.NET...?) （LINQ，Identify Framework，ADO.NET ...？）

-Create both WebServices and WCF server, client connects to WCF, which gets data from WSE server which connects to SQL Server and passes collection or dataset back to client -创建WebServices和WCF服务器，客户端连接到WCF，后者从WSE服务器获取数据，WSE服务器连接到SQL Server，并将集合或数据集传递回客户端

Personally I like the last option the best for a few reasons. 就个人而言，出于某些原因，我最喜欢最后一种选择。 1. It would be easy to take the components we already have built and drop them into web services. 1.将我们已经构建的组件放到Web服务中很容易。 2. It would allow us to stop having our ASP.NET websites access the database directly but connect through the Web Services server(ASMX to ASMX = good?). 2.这将使我们能够停止让ASP.NET网站直接访问数据库，而是通过Web服务服务器进行连接（ASMX到ASMX =好吗？）。 3. We could have better control what data is accessed and given to outside of our network. 3.我们可以更好地控制访问哪些数据并将其提供给网络外部。 And we no longer have to keep connection strings in our applications. 而且，我们不再需要在应用程序中保留连接字符串。

Does anybody have experience with these or a combination of these options? 是否有人对这些选项或这些选项的组合有经验？ I am somewhat wary because I have heard horror stories about servers like this being funnel points when there was no problem just connecting straight to SQL Server. 我有些警惕，因为当直接连接到SQL Server没问题时，我曾听说过有关服务器的恐怖故事，例如漏斗点。

Thanks 谢谢

Jason Stone 杰森·斯通

- --

3 个解决方案

In my opinion, you need a pretty compelling reason to allow direct connections to your database from outside of your network. 我认为，您需要一个非常有说服力的理由，以允许从网络外部直接连接到数据库。 Allowing remote Sql connections can be a big security risk if not done correctly. 如果操作不正确，则允许远程Sql连接可能会带来很大的安全风险。 The industry learned this the hard way with the Sql Slammer virus etc... 业界使用Sql Slammer病毒等方法很难学到这一点...

Winforms/Wpf Client App -> WCF -> Database works really well in the real world. Winforms / Wpf客户端应用程序-> WCF->数据库在现实世界中确实运行良好。 Also, hiding data access behind a service for your remote apps allows you to change your database and related objects without any client changes as long as the data shape passed back and forth remains the same. 此外，只要将来回传递的数据形状保持不变，就可以在远程应用程序的服务后面隐藏数据访问权限，从而无需任何客户端更改即可更改数据库和相关对象。

On the flip side, any apps that have to serve a lot of concurrent users from one logical instance (such as web applications/sites go) should directly connect to the database. 另一方面，必须从一个逻辑实例为大量并发用户提供服务的任何应用程序（例如Web应用程序/站点）都应直接连接到数据库。

In either instance, I don't really see the value of having another set of web services to hide the database from your WCF and Web Apps unless we are talking about a huge disparate enterprise system. 在这两种情况下，除非我们谈论的是一个庞大的异构企业系统，否则我都不认为拥有另一套Web服务来从WCF和Web Apps中隐藏数据库的价值。

Have you checked out the ADO.NET DataServices (formerly known under codename "Astoria")? 您是否签出了ADO.NET DataServices （以前称为代号“ Astoria”）？

It's a technology built on top of WCF with all the goodness of WCF, that allows you to fairly easily (but selectively and securely) expose a data model (typically an ADO.NET Entity Framework model, but Linq-to-SQL or other technologies work, too) as a RESTful service to the internet. 这是一项基于WCF的技术，具有WCF的所有优点，它使您可以轻松（但有选择地，安全地）公开数据模型（通常是ADO.NET实体框架模型），但可以使用Linq-to-SQL或其他技术也可以）作为对互联网的RESTful服务。

You have full control over which parts of your database are actually represented in the model, and then you have various levels of access in the model - you can allow read for collections (eg read a list of all products), or just read of individual items, or even things like updates, inserts or deletes - all under your control. 您可以完全控制数据库的哪些部分实际在模型中表示，然后在模型中具有不同的访问级别-您可以读取集合（例如，读取所有产品的列表），也可以只读取单个项，甚至更新，插入或删除之类的东西-全部在您的控制之下。

With the REST interface, using it is simply browsing to a given URL and then drilling down or linking across the model from there. 使用REST界面，只需浏览到给定的URL，然后从那里向下钻取或链接整个模型。

There's also a client-side API to use, so you can easily and quickly display your data and offer the user navigation within the data. 还有一个客户端API可以使用，因此您可以轻松快速地显示数据，并在数据中为用户提供导航。 You should definitely check out the PDC08 talk on Developing Applications Using Data Services with Mike Flasko, and Offline-Enabled Data Services and Desktop Applications with Pablo Castro. 您绝对应该查看PDC08演讲，该演讲涉及与Mike Flasko一起使用数据服务开发应用程序，以及与Pablo Castro一起使能脱机功能的数据服务和桌面应用程序。

Definitely a good idea, and a very quick and yet safe way to get your data onto the internet! 绝对是一个好主意，并且是一种非常快速且安全的方法，可将数据上传到互联网！ Check it out. 看看这个。

Marc 渣

What @Auger said, plus, get yourself an SSL certificate and server everything over HTTPS. @Auger所说的，再加上一个SSL证书，并通过HTTPS服务器进行所有服务。 This way its secure and it's handled by IIS at a low level, so you know you are getting the best performance. 这样，它的安全性就可以由IIS进行较低级别的处理，因此您将获得最佳性能。