SQLMembershipProvider - 将成员资格添加到现有数据库。 设置权限
我正在将与成员资格相关的架构添加到现有数据库(我们称之为 myDatabase),如下 这些说明。
因此,在 myDatabase 中创建了大量的表、视图和存储过程。
下一步是修改应用程序的 web.config 以使用CustomizedMembershipProvider
<membership defaultProvider="CustomizedMembershipProvider">
<providers>
<add name="CustomizedMembershipProvider"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName="MyDBConnectionString" />
</providers>
</membership>
然后我们还需要指定连接字符串,例如:
<connectionStrings>
<add name="MyDB" MyDBConnectionString ="..." />
</connectionStrings>
这是我的问题:
- 我应该使用与应用程序使用的不同的连接字符串吗? 是否需要在数据库中创建一个具有与成员资格对象相关的权限的新用户?
- 使用用户 ID 等指定连接字符串后,我是否需要为该用户授予对这些新创建的对象的权限? 这仅适用于存储过程还是也适用于表和视图?
编辑: 我注意到数据库中创建了一组角色以及成员资格对象。 因此,关键是将用户分配给适当的角色。 这些角色就像这样
aspnet_Membership_FullAccess
aspnet_Personalization_FullAccess
etc...
所以问题的唯一第一部分仍然存在。 那么创建一个新的数据库用户有什么意义(所以单独的数据库连接)
I am adding membership-related schemas to an existing database (lets call it myDatabase) following those instructions.
As a results the number of tables, views and stored procedures are being created in myDatabase.
The next step is to modify web.config for the application to use CustomizedMembershipProvider
<membership defaultProvider="CustomizedMembershipProvider">
<providers>
<add name="CustomizedMembershipProvider"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName="MyDBConnectionString" />
</providers>
</membership>
Then we also need to specify the connection string like:
<connectionStrings>
<add name="MyDB" MyDBConnectionString ="..." />
</connectionStrings>
Here is my question:
- Should I use different connection string to the one the application uses? As is there a need to create a new user in the database with permissions related specifically to the membership objects?
- Once the connection string is specified with the User ID etc., do I need to grant permissions for that user for those newly created objects? Would that be for stored procedures only or also tables and views?
EDIT:
I noticed that there was a set of roles created in the database along with the membership object. So it is a matter of assigning the user to the proper role(s). The roles are the likes of
aspnet_Membership_FullAccess
aspnet_Personalization_FullAccess
etc...
So the only the first part of the question remains in place. So is there a point in creating a new database user (so separate db connection)
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
关于会员提供程序的一些好文本:
Some good texts about Membership Provider:
我查了一下,
就像分配问题一样
数据库用户到
aspnet_Membership_FullAccess 角色(其他角色,如果您需要与其相关的权限< /a>)
I looked it up a bit,
like it is a matter of assigning the
database user to the
aspnet_Membership_FullAccess role (other roles if you require privileges related to them)
出于性能原因,我建议使用相同的连接字符串。 使用与应用程序相同的连接字符串将允许更有效的连接池。
I would recommend using the same connection string for performance reasons. Using the same connection string as your application will allow more efficient connection pooling.