[英]Business Logic Security in Web Applications
Some weeks ago I've asked a question regarding best practice on how to secure a Business Layer . 几周前,我问了一个有关如何保护业务层的最佳实践的问题。
In the meantime I have something based on PrincipalPermission
and some custom code for specifics checks. 同时,我有一些基于
PrincipalPermission
东西和一些用于特定检查的自定义代码。 But I'm still not really happy about that solution and struggling how to make it better. 但是我对这种解决方案并在如何使其变得更好方面仍然不满意。
What I'm still trying to achieve: 我仍在努力实现的目标:
I don't want to use OAP because it work on generic classes and has some limitations as well. 我不想使用OAP,因为它适用于通用类,并且也有一些限制。
Additional question: Is there some kind of Security Framework that can be implemented withing applications? 附加问题:是否可以通过应用程序实施某种安全框架?
I'm working with ASP.NET / MVC and targeting .net 4.0 我正在使用ASP.NET/MVC并定位.net 4.0
.Net Framework does not contain anything aside from System.Security.Principal
. .Net Framework除了
System.Security.Principal
外,不包含任何其他内容。
There are some helpful suggestions, including ASP.Net membership, or roll-your-own solutions with example code, on this earlier related question . 关于这个较早的相关问题 ,有一些有用的建议,包括ASP.Net成员资格或带有示例代码的自带解决方案。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.