有没有办法为 C# 库设置调用应用程序的执行权限?
我正在创建一个用于多个应用程序的 DAL,但我没有提供任何授权或身份验证来验证调用应用程序是否有权执行 DAL 并访问数据,即确保用户只能看到他们所在的信息可以看到,对我来说,确定这些规则是业务层的责任。最终,我想在 Web 和桌面应用程序之间共享这个库,但是一旦 DAL 库到达桌面,我不希望用户获取 DAL 并不受限制地访问 DAL 提供的数据。
有没有办法确保调用的应用程序是经过批准的应用程序?我想避免通过每个函数或类创建传递密钥或密码。理想情况下,我希望 DAL 具有某种应用程序级别的方式,知道该应用程序是可信的并且可以执行代码。
这可能有点牵强,但我希望也许有一些关于如何解决问题的创造性想法,或者也许我需要以不同的方式解决问题。
I'm creating a DAL for use in multiple applications, but I'm not providing any authorization or authentication to verify that the calling application has the permissions to execute the DAL and access the data i.e. making sure the user only sees the information they are allowed to see, to me this is the responsibility of the business layer to determine those rules. Ultimately I want to share this library between Web and desktop applications, but once the DAL library reaches the desktop I don't want a user taking the DAL and getting unrestricted access to the data the DAL provides.
Is there a way to ensure that the calling application is an approved application? I would like to avoid a key or password that is passed through each function or class creation. Ideally I would like some application level way of the DAL knowing that the application is a trusted one and can execute the code.
This is probably far fetched but I was hoping maybe there were some creative ideas on how to solve the problem or maybe I need to address the issue a different way.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
在 DAL 代码中,您可以让它检查数据库中允许的调用者列表。
System.Reflection.Assembly.GetExecutingAssembly()
可能有一些属性可用于提供要存储的授权调用者信息。In the DAL code, you can have it check for a list of allowed callers in the database.
System.Reflection.Assembly.GetExecutingAssembly()
probably has some properties you can use to supply the authorized caller information to store.