Web应用程序中的业务逻辑安全
[英]Business Logic Security in Web Applications
问题描述
Some weeks ago I've asked a question regarding best practice on how to secure a Business Layer . 
几周前,我问了一个有关如何保护业务层的最佳实践的问题。
In the meantime I have something based on PrincipalPermission and some custom code for specifics checks. 同时,我有一些基于PrincipalPermission东西和一些用于特定检查的自定义代码。 But I'm still not really happy about that solution and struggling how to make it better. 但是我对这种解决方案并在如何使其变得更好方面仍然不满意。
What I'm still trying to achieve: 我仍在努力实现的目标:
- Ensure that every method call is denied by default if nothing is declared on it 如果没有声明任何方法,请确保默认情况下拒绝每个方法调用
- Inheritance: Define basic permissions on a base class that get inherited 继承:在继承的基类上定义基本权限
- Something that is easy to use for specific checks 易于进行特定检查的东西
I don't want to use OAP because it work on generic classes and has some limitations as well. 我不想使用OAP,因为它适用于通用类,并且也有一些限制。
Additional question: Is there some kind of Security Framework that can be implemented withing applications? 附加问题:是否可以通过应用程序实施某种安全框架?
I'm working with ASP.NET / MVC and targeting .net 4.0 我正在使用ASP.NET/MVC并定位.net 4.0
1 个解决方案
解决方案1
1 已采纳 2010-10-13 14:40:32
.Net Framework does not contain anything aside from System.Security.Principal . .Net Framework除了System.Security.Principal外,不包含任何其他内容。
There are some helpful suggestions, including ASP.Net membership, or roll-your-own solutions with example code, on this earlier related question . 关于这个较早的相关问题 ,有一些有用的建议,包括ASP.Net成员资格或带有示例代码的自带解决方案。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.