如何在 .net windows 窗体应用程序中将访问控制与我的 ORM 集成?

发布于 2024-08-24 12:54:34 字数 397 浏览 8 评论 0原文

我正在开发一个通用数据库查询工具,一个.Net 3.5 Windows Form应用程序。为了使表示层独立于数据库层。我使用 ORM 框架,来自 DevExpress 的 XPO。

但是,我没有内置访问控制功能。我上网一看,在WCF Data Services中,有一个有趣的概念,Interceptor,它遵循AOP(面向切面编程)。

我想知道谁有这样的在ORM中构建访问控制的经验。我的基本要求是:

  1. 它应该是一个通用方法,并且由用户在运行时控制。所以任何硬编码都是不可接受的。
  2. 它可以基于属性、数据库表,甚至外部程序集。

我愿意购买现成的解决方案。根据AOP的思想,访问控制功能可以轻松地与现有功能集成,并且以前的开发人员几乎不知情;)

欢迎任何建议。

I am developing a general database query tools, a .Net 3.5 Windows Form application. In order to make the presentation layer is independent of the database layer. I use an ORM framework, XPO from DevExpress.

But, I have no access control function built in. I surfed Internet and I found in WCF Data Services, there is an interesting concept, Interceptor, which is following AOP(Aspect Oriented Programming).

I am wondering who has such an experience to build access control in ORM. My basic requirement is :

  1. It should be a general method and controlled by users in runtime. So any hard coding is not acceptable.
  2. It could be based on attribute, database table, or even an external assembly.

I am willing to buy a ready solution. According to the idea of AOP, an access control function can be integrated with existing functions easily and nearly not knowingly to the previous developer;)

Any suggestions are welcome.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

我一直都在从未离去 2024-08-31 12:54:35

我不确定这个答案对您的情况有帮助,但它可能对您来说很有趣。

X-tense 公司(DataObjects.Net ORM 的开发者)计划在几个月内为 DataObjects.Net 实现类似的功能。 X-tense 的计划是提供全功能、随时可用的安全扩展,可能基于属性和方面。当然,它与这个 ORM 密切相关,但你可以从它的描述中得出一些想法。请点击此处查看功能请求及其讨论。

您还可以查看 Rhino安全性,我不知道这个项目的当前状态,但看起来这样的解决方案对您的情况很有用。

I'm not sure that this answer will be helpful in your situation, but it can be interesting for you.

X-tensive company (developer of DataObjects.Net ORM) plans to implement similar feature for DataObjects.Net in few months. X-tensive's plan is to provide full featured ready to use security extension, possibly based on attributes and aspects. Surely it will be closely connected with this ORM, but you can derive some ideas from its description. See feature request and its discussion here.

You can also take a look at Rhino Security, I don't know current status of this project, but it seams such solution can be useful in your case.

不即不离 2024-08-31 12:54:35

为什么不在 ORM 和表示层之间构建一个层呢?通过进行这种分离,您可以轻松切换数据源(将来您可能将数据存储在另一台服务器上并通过 Web 服务访问它)。我确信这一层有一个奇特的名称,但我将所有接口称为管理器。

介绍->经理->数据访问层->数据库

示例:

var user = Program.Components.Get<IUserManager>().GetById(1);
user.FirstName = "Jonas";
Program.Components.Get<IUserManager>().Save(user);

在管理器中,您可以使用IIdentityIPrincipal(.Net中内置的访问控制接口)来控制访问。 http://msdn.microsoft.com/en-us /library/ms172765(VS.80).aspx

Why not build a layer between the ORM and the presentation layer? By doing this separation you can easily switch data sources (in the future you might have your data on another server and access it through web services). I'm sure that there are a fancy name for this layer, but I call all my interfaces for managers.

Presentation -> Managers -> Data Access Layer -> DB

Example:

var user = Program.Components.Get<IUserManager>().GetById(1);
user.FirstName = "Jonas";
Program.Components.Get<IUserManager>().Save(user);

In the managers you can use IIdentity and IPrincipal (built in access control interfaces in .Net) to control access. http://msdn.microsoft.com/en-us/library/ms172765(VS.80).aspx

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文