使用ASP.NET成员资格提供程序数据库和您自己的数据库
[英]Using the ASP.NET membership provider database with your own database?
问题描述
We are developing an ASP.NET MVC Application that currently uses it's own database ApplicationData for the domain models and another one Membership for the user management / membership provider. 
我们正在开发,目前使用它自己的数据库中的ASP.NET MVC应用程序 ApplicationData域模型和另一个Membership的用户管理/成员提供。
We do access restrictions using data-annotations in our controllers. 我们使用控制器中的data-annotations来访问限制。
[Authorize(Roles = "administrators, managers")]
This worked great for simple use cases. 这对于简单的用例非常有用。
As we are scaling our application our customer wants to restrict specific users to access specific areas of our ApplicationData database. 在我们扩展应用程序时,我们的客户希望限制specific users访问ApplicationData数据库的特定区域。
Each of our products contains a foreign key referring to the region the product was assembled in. 我们的每个产品都包含一个外键,指的是产品组装的区域。
A user story would be: 用户故事将是:
- Users in the role NewYorkManagers should only be able to edit / see products that are assembled in New York. NewYorkManagers角色的用户应该只能编辑/查看在纽约组装的产品。
We created a placeholder table UserRightsRegions that contains the UserId and the RegionId . 我们创建了一个包含UserId和RegionId的占位符表UserRightsRegions 。
How can I link both the ApplicationData and the Membership databases in order to work properly / having cross-database-key-references ? 如何链接 ApplicationData和Membership数据库以便正常工作/具有cross-database-key-references ? (Is something like this even possible?) (这样的事情甚至可能吗?)
All help is more than appreciated! 所有帮助都非常感谢!
5 个解决方案
解决方案1
2 已采纳 2010-03-10 21:47:24
In my opinion, you should be able to integrate your database with the standard aspnet_db reliably, but I would advise against duplicating or replacing the aspnet_users table. 在我看来,你应该能够可靠地将你的数据库与标准的aspnet_db集成,但我建议不要复制或替换aspnet_users表。
That is the focal point of all the providers that use the aspnet_db schema, including custom providers that may augment but do not implement custom replacement. 这是使用aspnet_db模式的所有提供者的焦点,包括可能增加但不实现自定义替换的自定义提供者。
To maximize reuse of strong tested infrastructure code in the provider stack/API it is best to go with that flow. 为了最大限度地重用提供程序堆栈/ API中经过测试的强大基础架构代码,最好使用该流程。
You will want to be very attentive to any modified membership core functions and ensure that the way your new constraints behave in an expected fashion in each case. 您将需要非常关注任何已修改的成员资格核心功能,并确保新约束在每种情况下以预期方式运行的方式。
The facet of the membership story that I have found needs the most attention is deleting a user, and a simple modification/addition to the delete user sproc can manage this capably. 我发现最需要关注的会员故事的一个方面是删除用户,对删除用户sproc的简单修改/添加可以有效地管理这个。
解决方案2
0 2010-03-10 15:37:27
It sounds like you might need to create your own customized Membership Provider. 听起来您可能需要创建自己的自定义成员资格提供程序。 You can probably (not positive here) extend the existing one so you don't have to completely reinvent it. 你可能(不是积极的)扩展现有的,所以你不必完全重新发明它。 Here is a video from ASP.net that describes how to do that. 这是来自ASP.net的视频,描述了如何做到这一点。 Google "asp.net membership provider" for tons more. 谷歌“asp.net会员提供商”更多。
解决方案3
0 2010-03-10 15:43:22
You can try rolling your own membership or just extend is like Dave suggests. 您可以尝试滚动自己的会员资格,或者像Dave建议的那样延长。
Create your own [Users] Table which can be populated based off the aspnet_Membership table. 创建您自己的[Users]表,可以根据aspnet_Membership表填充。 So therefore you could have more control over it. 因此,您可以对其进行更多控制。
You could also just implement a more involved Profiles system. 您还可以实现更复杂的Profiles系统。 The .NET team has improved the way profiles are stored now, so instead of "blobicizing" them, you can set them up to be stored in an actual table now [thank god]. .NET团队已经改进了现在存储配置文件的方式,因此您可以将它们设置为现在存储在实际的表中[感谢上帝],而不是将它们“blobicizing”。
解决方案4
0 2010-03-15 12:10:16
If you find the right articles, it's really easy to extend the membership provider to allow for extra functionality. 如果您找到了正确的文章,扩展成员资格提供程序以实现额外功能非常容易。 I've moved my users table to my main SQL server table and have written my own role manager that gets values from a separate table. 我已将用户表移动到我的主SQL服务器表,并编写了自己的角色管理器,从单独的表中获取值。 What it sounds like you need to do is to set up a table in your users DB with the location of each user, then create a method on the user object something like "GetLocation()" that returns the user's location from the DB, you could then user that to filter your data from your main DB. 你需要做的是在你的用户数据库中设置一个表,每个用户的位置,然后在用户对象上创建一个方法,如“GetLocation()”,从数据库返回用户的位置,你然后可以使用它来过滤主数据库中的数据。 Here's a few articles I had kicking aroundin my bookmarks, see if they help, if you have a look on the main ASP.NET site or google for membership provider extending articles, there are plenty around. 这里有一些我在我的书签中喋喋不休的文章,看看它们是否有用,如果你看一下主要的ASP.NET网站或谷歌的会员提供商扩展文章,那里有很多。 http://msdn.microsoft.com/en-us/library/ms998347.aspx http://www.4guysfromrolla.com/articles/120705-1.aspx http://msdn.microsoft.com/en-us/library/aa479048.aspx http://msdn.microsoft.com/en-us/library/ms998347.aspx http://www.4guysfromrolla.com/articles/120705-1.aspx http://msdn.microsoft.com/en-us/库/ aa479048.aspx
解决方案5
0 2010-03-23 08:30:22
As the others have pointed out there are many good resources available that can help you with creating your custom provider using the existing database. 正如其他人指出的那样,有许多可用的资源可以帮助您使用现有数据库创建自定义提供程序。
It looks like you are headed in the right direction with mapping tables. 看起来你正朝着正确的方向前进,有了映射表。 I think the one piece you are missing is Distributed Queries . 我认为您缺少的一件是分布式查询 。 This link is specific to Sql Server 2008. There is a link there to the documentation for Sql Server 2005 if that is what you are using. 此链接特定于Sql Server 2008.如果您正在使用它,那么有一个链接到Sql Server 2005的文档。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.