从Web服务体系结构访问数据库
[英]Access to database from web service architecture
问题描述
I've got a web service (ASMX) that connects to an oracle database and I think my architecture is not the right one. 
我有一个连接到oracle数据库的Web服务(ASMX),我认为我的架构不是正确的。
To access the database I'm using a DLL that has all the database logic and returns completed objects. 要访问数据库,我使用的DLL具有所有数据库逻辑并返回已完成的对象。 The oracle connection is created within the DLL, so the database server, user, and pass is hardcoded in the code what I know that cannot be ok. oracle连接是在DLL中创建的,因此数据库服务器,用户和pass在代码中是硬编码的,我知道这可能不行。 My question is about where to create the connection to the database, and how to configure the server/user/pass parameters in an external configuration file but not to be reading it each time I have to connect to the database. 我的问题是关于在何处创建与数据库的连接,以及如何在外部配置文件中配置server / user / pass参数,但是每次必须连接到数据库时都不要读取它。
Right now I have: 现在我有:
ASMX: ASMX:
- contains the web methods 包含Web方法
- validates the request params 验证请求参数
- calls the DLL method 调用DLL方法
DLL: DLL:
- creates the database connection (hardcoded constants for the database server/user/password) 创建数据库连接(数据库服务器/用户/密码的硬编码常量)
- selects data from database 从数据库中选择数据
- creates some objects with that data 使用该数据创建一些对象
- closes the connection. 关闭连接。
- returns those objects 返回那些对象
AMSX: AMSX:
- process the returned objects from the DLL and returns them. 处理DLL中返回的对象并返回它们。
Should I create the connection in the web methods and store those parameters in a application or session variable, instead of creating them in the dll methods? 我应该在Web方法中创建连接并将这些参数存储在应用程序或会话变量中,而不是在dll方法中创建它们吗?
Thank you for your help 谢谢您的帮助
1 个解决方案
解决方案1
0 2012-01-23 12:13:11
As advised in the comment from Davide if you are not using something like NHibernate or MS Entity Framework then it is arguably best practice to separate the Business Logic Layer from the Data Access Layer . 正如Davide的评论中所建议的那样,如果您没有使用像NHibernate或MS Entity Framework这样的东西,那么将业务逻辑层与数据访问层分开可能是最好的做法。 The benefits are well documented including separation of concerns, Testing and allowing the DAL to be cross platform/system agnostic. 好处有详细记录,包括关注点分离,测试和允许DAL跨平台/系统无关。
1.creates the database connection (hardcoded constants for the database server/user/password)
This is a very bad practice and can lead to a wide variety of security and deployment issues. 这是一种非常糟糕的做法,可能导致各种各样的安全和部署问题。
My question is about where to create the connection to the database, and how to configure the server/user/pass parameters in an external configuration file but not to be reading it each time I have to connect to the database.
The best and most convenient place to store the database connection string in the ConnectionString section of the App.config or Web.Config file, if you create a static property to expose the connection string from the config file then you do not need to read the configuration setting every time. 在App.config或Web.Config文件的ConnectionString部分中存储数据库连接字符串的最佳和最方便的位置,如果您创建静态属性以从配置文件中公开连接字符串,那么您不需要阅读每次配置设置。
private static readonly string connectionString = ConfigurationManager.ConnectionStrings["MyConnectionString"].ConnectionString;
Should I create the connection in the web methods and store those parameters in a application or session variable, instead of creating them in the dll methods?
The short answer is no, the API you are exposing for your Web Service should do only what it is designed for, exposing the underlying business object from the Data Access Layer. 简短的答案是否定的,您为Web服务公开的API应该只执行它的设计,从数据访问层公开底层业务对象。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.