使用WCF和Entity Framework在分层应用程序中实现身份验证和授权的最简单方法
[英]Simplest way of implementing authentication and authorization in layered application with WCF and Entity Framework
问题描述
I am designing (and will be implementing) an layered application for "task management". 
我正在设计(并将实现)“任务管理”的分层应用程序。
I would like to use ASP.NET MVC (not a condition) and use WCF (any kind of web services) for communication between server and client (= database and controller in mvc case). 我想使用ASP.NET MVC(不是条件)并使用WCF(任何类型的Web服务)在服务器和客户端(在mvc情况下为数据库和控制器)之间进行通信。 I would like to make it with WCF, because there probably will be an desktop client later (which will probably provide only part of functionality, but still...). 我想用WCF做到这一点,因为稍后可能会有一个桌面客户端(它可能仅提供部分功能,但仍然...)。
I have several layers in mind so far: 到目前为止,我有几个想法:
---- Services (Business logic) - WCF ----服务(业务逻辑)-WCF
--- Repository -存储库
-- ORM: Entity framework -ORM:实体框架
- DB: MsSQL -DB:MsSQL
This should be base (or let's say a server) of whole system. 这应该是整个系统的基础(或者说是服务器)。 Client should be web application in ASP.NET MVC or Silverlight and also a desktop application (whatever technology.. silverlight, forms.. or even Adobe Flex). 客户端应该是ASP.NET MVC或Silverlight中的Web应用程序,也应该是桌面应用程序(任何技术,Silverlight,表格或Adobe Flex)。
The main problems so far: 到目前为止的主要问题:
I don't know what is better (easier): Trying to somehow implement default asp.net membership and glue it somehow with my tables for tasks (and projects etc.).
我不知道哪个更好(更容易):尝试以某种方式实现默认的asp.net成员身份,并以某种方式将其与任务表(和项目等)粘合在一起。 Or should I try to modify asp.net membership to use my own users table? 还是应该尝试修改asp.net成员资格以使用自己的用户表? I need users to be able to change their details or create new user etc. inside my application (not with ASP.NET configuration tool). 我需要用户能够在我的应用程序中更改其详细信息或创建新用户等(而不是使用ASP.NET配置工具)。 So I think, that I will need to find some easy way how to use asp.net membership, but with my users table. 所以我认为,我将需要找到一些简单的方法来使用asp.net成员身份,但要使用我的users表。 I don't know where and how to do authentication and authorization of users.
我不知道在哪里以及如何进行用户身份验证和授权。 I like using attributes at controllers, which say, that controller isn't accessible unless user is in some group. 我喜欢在控制器上使用属性,也就是说,除非用户在某个组中,否则无法访问该控制器。 But I think, that this way, I would only secure my client side, but the server remains insecure. 但是我认为,这样一来,我只能保护客户端,而服务器仍然不安全。 So when someone gets an service's address, he can call it and get data. 因此,当有人获得服务的地址时,他可以调用该服务并获取数据。 I don't know what is the simplest way to secure services in this scenario. 我不知道在这种情况下保护服务安全的最简单方法是什么。 Should I add an additional parameter to each service's operation, which would provide username and password which would service check every time? 我是否应该在每个服务的操作中添加一个额外的参数,以提供每次服务都会检查的用户名和密码? I don't think, that it's a correct solution. 我不认为这是正确的解决方案。
I am really stuck with this.. because there is just too many different types of protocols, services and types. 我真的对此感到困惑。因为协议,服务和类型的种类太多了。 I'm lost in it. 我迷路了。 Also from what I have seen so far, the trend is all about REST. 同样从到目前为止我所看到的,趋势全都在于REST。 Which is of course cool and there are awesome visual studio templates like WCF Data Service, when I just provide my entities context and I got working CRUD app. 当我仅提供实体上下文并且可以使用CRUD应用程序时,这当然很酷,并且有很棒的Visual Studio模板,例如WCF数据服务。 But I am not creating an public service, I got one storage with data for all users and every user has to see only his data. 但是我不是在创建公共服务,而是为所有用户提供了一个存储有数据的存储,每个用户只能看到他的数据。
3 - Is there a simple way, how to generate serializable entities from Entity Framework? 3-有没有简单的方法,如何从Entity Framework生成可序列化的实体? I have read few paragraphs about 'metal' tool, which can make LINQ to SQL entities serializable, co I can transfer them. 我已经读了几篇有关“金属”工具的文章,它们可以使LINQ to SQL实体可序列化,因此我可以传输它们。 I just want to know if there is any better way, then rewriting all my entities into composite types (lot's of remapping). 我只想知道是否有更好的方法,然后将我的所有实体重写为复合类型(很多重新映射)。
Sorry, if this seems too chaotic. 抱歉,如果这看起来太混乱了。 I am quite new in .Net and there are simply too many technologies and principles, so it's hard to consume it all at once. 我对.Net相当陌生,而且技术和原理太多了,因此很难一次全部使用。 I am also probably missing some relations and obvious solutions... 我可能还缺少一些关系和明显的解决方案...
Thanks for any possible hint 感谢您的任何提示
1 个解决方案
解决方案1
0 已采纳 2011-03-23 06:20:03
We use a similar architecture but with NHibernate instead of EF. 我们使用类似的架构,但是使用NHibernate而不是EF。
ASP.NET Membership Provider is designed to support the scenario you are talking about.
ASP.NET成员资格提供程序旨在支持您所讨论的方案。 You can create your own subclass of System.Web.Security.MembershipProvider. 您可以创建自己的System.Web.Security.MembershipProvider子类。 This allows you to map all the functions to operate against your own tables. 这使您可以映射所有函数以针对自己的表进行操作。 You are absolutely correct - this needs to happen at the server.
您是完全正确的-这需要在服务器上进行。 You need to look into System.IdentityModel.Policy.IAuthorizationPolicy. 您需要研究System.IdentityModel.Policy.IAuthorizationPolicy。 This interface allows you to customise the handling of authorisation at the WCF service. 此接口使您可以自定义WCF服务上的授权处理。 This can be based on name/password, windows authentication or even claims-based authorisation. 这可以基于名称/密码,Windows身份验证甚至基于声明的授权。 Cannot help with EF serialisation - but with NHibernate we had two options: i) Create DTOs for transmission on the wire and map to/from the DTOs, or ii) Create custom serialisers to take care of circular references etc. We went the second route.
无法帮助进行EF序列化-但是使用NHibernate,我们有两个选择:i)创建要在线路上传输的DTO并映射到DTO /从DTO映射,或者ii)创建自定义序列化程序以处理循环引用等。我们走了第二条路线。
My only other suggestion would be to question whether you need the repository layer if you're using EF. 我唯一的其他建议是质疑如果使用EF是否需要存储库层。 Why not have the service implementation logic deal directly with EF? 为什么服务实现逻辑不能直接处理EF?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.