堆栈内存溢出
  简体   繁体   English

限制某些用户的服务的最佳方法是什么

[英]what is the best way to restrict services for certain users

 原文  2011-06-14 15:13:45       c#/ asp.net/ asp.net-mvc-2/ design-patterns/ domainservices

问题描述

EDIT: reworded and simplified question to be consise...编辑:改写和简化的问题要简洁......

In my service layer I have something like在我的服务层中,我有类似的东西

GetAllMessages(string userid);

I could have various types of users on my system like Clients / Supplier etc...我的系统上可以有各种类型的用户,例如客户/供应商等...

This service is only available to all types of users, however what is the best way to implement services only available to selected users eg此服务仅适用于所有类型的用户,但是实现仅对选定用户可用的服务的最佳方式是什么,例如

DeleteAllMessages(string userid); //client only
NewSupplierMessages(string userid); //supplier

Typically these methods will be in one class called MessagesService通常,这些方法将在一个名为MessagesService的 class 中

NOTE: just to clarify, the user is loggedon and authenticated, however I am wondering if I should write my methods as such:注意:为了澄清,用户已登录并经过身份验证,但是我想知道我是否应该这样编写我的方法:

DeleteAllMessages(ClientUser user); //client only
NewSupplierMessages(SupplierUser userid); //supplier

Basically get the details of the user for every action and call methods in a more strongly typed manner...基本上获取每个操作的用户详细信息,并以更强类型的方式调用方法......

EDIT 2:编辑2:

Note my domain layer is in a seperate class library from my web app, a "client user" will be part of a "client", similarly a "supplier user" will be part of "supplier" - so if I wanted to query my service layer and call the correct code (ie retrieve the correct details) - I MUST pass in the user id or a strongly typed class of the user, I cannot see how having a contraint on a DTO object that represents who can access the service as incorrect/ brittle?请注意,我的域层位于我的 web 应用程序的单独 class 库中,“客户用户”将成为“客户”的一部分,同样,“供应商用户”将成为“供应商”的一部分 - 所以如果我想查询我的服务层并调用正确的代码(即检索正确的详细信息) - 我必须传入用户 id 或用户的强类型 class,我看不到 DTO object 上的约束如何表示谁可以访问服务不正确/易碎?

Other wise I will have something like this:否则我会有这样的事情:

GetClientDetails();

The user is handled by asp.net so we know this action can be accessed by the user, however what if there are multiple clients?用户由 asp.net 处理,所以我们知道用户可以访问此操作,但是如果有多个客户端怎么办? Surely then we must pass in some some of client id/ if I was to pass in user id I could get the client id from it...当然,我们必须传入一些客户端 ID/如果我要传入用户 ID,我可以从中获取客户端 ID...

Rather I would say my domain layer is incorrect seeing something like the above signature...相反,我会说我的域层不正确,看到类似上面的签名......

EDIT 3: The only other alternative I could think off is, when the user authenticates, store the use in a class called UserSession inside the asp.net mvc application as a global state, then inject this using DI (ninject) into my domain service layer, therefore when my signatures can be 编辑 3:我能想到的唯一其他选择是,当用户进行身份验证时,将使用存储在 asp.net mvc 应用程序中名为 UserSession 的 class 中,作为全局 Z9ED39E2EA931586B6A985A6942EF57ject 使用此域服务注入到 my domain layer,然后注入因此,当我的签名可以

GetClientDetails();

The domain service class implementing this interface could be:实现此接口的域服务 class 可以是:

public class ClientService : IClientWorkerService
{

    private ISession _session;
    private IGenericRepo = _repo;
    public ClientService(IUserSession _session, IGenericRepo _repo)
    {
      this._session = _session;
      this._repo = _repo;
    }

    public ClientDetails GetClientDetails()
    {
      var loggedonuser = _session.GetUser();

      if(!loggedonuser.isClient())
        throw new NoAccessException()

      return _repo.Single<Client>(x=> x.ClientID == loggedonuser.ClientID);
    }

}

1 个解决方案

解决方案1
 1 已采纳  2011-06-14 15:27:15

See MSDN: ASP.NET AuthorizationMSDN:ASP.NET 授权

Authorization determines whether an identity should be granted access to a specific resource.授权确定是否应授予身份访问特定资源的权限。 In ASP.NET, there are two ways to authorize access to a given resource:在 ASP.NET 中,有两种方法可以授权对给定资源的访问:

File authorization文件授权

File authorization is performed by the FileAuthorizationModule.文件授权由 FileAuthorizationModule 执行。 It checks the access control list (ACL) of the.aspx or.asmx handler file to determine whether a user should have access to the file.它检查 .aspx 或 .asmx 处理程序文件的访问控制列表 (ACL) 以确定用户是否应该有权访问该文件。 ACL permissions are verified for the user's Windows identity (if Windows authentication is enabled) or for the Windows identity of the ASP.NET process.针对用户的 Windows 身份(如果启用了 Windows 身份验证)或 Z9E0DAZ3438E1E38AB8 进程的 Windows 身份验证 ACL 权限。 For more information, see ASP.NET Impersonation.有关详细信息,请参阅 ASP.NET 模拟。

URL authorization URL授权

URL authorization is performed by the UrlAuthorizationModule, which maps users and roles to URLs in ASP.NET applications. URL 授权由 UrlAuthorizationModule 执行,它将用户和角色映射到 ASP.NET 应用程序中的 URL。 This module can be used to selectively allow or deny access to arbitrary parts of an application (typically directories) for specific users or roles.该模块可用于选择性地允许或拒绝特定用户或角色对应用程序的任意部分(通常是目录)的访问。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 测试 WCF 服务的最佳方法是什么? - What's the best way to test WCF services? 通过标签查找特定按钮的最佳方法是什么? - What is the best way to find a certain button by a tag? 在编译时限制方法访问的最佳方法是什么? - What is the best way to restrict method access at compile time? 在多个服务/组件之间跟踪性能的最佳方法是什么 - What is the best way to track performance across multiple services/components 在Windows Store Apps中使用REST服务的最佳方法是什么? - What is the best way to consume REST services in Windows Store Apps? 在服务器之间分发服务的多个副本的最佳方法是什么? - What's the best way to distribute multiple copies of services across servers? 合并到多个构造函数中注入的相同服务的最佳方法是什么? - What is the best way to merge into one same services injected in several constructors? 在VB.NET应用程序中使用服务的最佳方法是什么? - What is the best way of working with Services in a VB.NET application? 在ASP.NET MVC中管理用户的最佳方法是什么 - What is the best way to manage users in ASP.NET MVC 允许用户在iPhone上加载其历史记录的最佳方法是什么? - What's the best way to allow users to load their history on iPhone?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM