安全和策略注入应用程序块
我有一个混合 UI(Win 应用程序、WPF 应用程序,很快还有 ASP.NET MVC 应用程序)设置,到目前为止,我正在使用客户端应用程序服务来确保安全。 我知道如何以编程方式对用户进行身份验证,并且这样做效果很好。 但是......
我想实现一些横切,基本上检查用户是否始终经过身份验证。 由于所有内容都将访问 Web 服务,因此我希望将其作为 UI 所做的几乎所有内容的标准执行。 到目前为止,我认为 PIAB(策略注入应用程序块)将提供该功能。 我想知道的是两件事;
1 PIAB 会涵盖所需的功能吗? 如果针对 UI 使用,则在每个实际步骤中验证身份验证?
...以及...
2 除了 PIAB 之外还有其他选择吗? 我很想对面向方面的策略注入框架进行比较。
I have a mixed UI (Win App, WPF App, and soon an ASP.NET MVC App) setup, so far I'm using Client Application Services for security. I know how to programmatically get a user authenticated and doing so is working beautifully. However...
I want to implement some cross cutting that basically checks to see if the user is authenticated all the time. Since everything will be accessing web services I want to enable this as a standard execution for pretty much everything the UI does. So far I'm thinking the PIAB - Policy Injection Application Block - will serve that function. What I'm wondering is two things;
1 Will the PIAB cover that needed functionality? Verifying authentication at every practical step if used against the UI?
...and...
2 Are there alternatives out there besides the PIAB? I'm curious to do a comparison of aspect oriented policy injection frameworks.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我不太熟悉客户端应用程序服务,但根据我的经验,大多数 AOP 框架都会包装接口以实现横切功能。 如果 CAS 使用接口,您可能可以用您需要的任何功能来包装它们。
替代 AOP 框架:
Spring.NET 和动态代理似乎以大致相同的方式工作,并且在我的 Hello World 类型测试中具有大致相同的性能(大约一半)直接调用和通过反射调用之间)。 PIAB 比这两个框架都要慢得多,而且我发现它更冗长一些。 它确实能够通过 xml 进行配置,但我不确定这是否是一件好事。 不确定其他框架是否提供这一点。 当然,它确实有 MS 的批准印章:P。
I'm not really familiar with Client Application Services but from my experience, most AOP frameworks wrap interfaces in order to implement the cross-cutting functionality. If CAS uses interfaces, you could probably just wrap them with what ever functionality you require.
Alternative AOP frameworks:
Spring.NET and Dynamic proxy seem to work in much the same way and have much the same performance in my Hello World type tests (about half-way between direct calls and invoking through reflection). PIAB is significantly slower than both these frameworks and I found bit more verbose. It does have the ability to be configurable via xml and I'm not sure if that's a good thing or not. Not sure if the other frameworks provide that. It does of course have the MS stamp of approval though :P.