Web 应用程序中的业务逻辑安全
几周前,我在 如何保护业务层。
与此同时,我有一些基于 PrincipalPermission 的内容和一些用于具体检查的自定义代码。但我仍然对这个解决方案不太满意,并努力如何让它变得更好。
我仍在努力实现的目标:
- 如果没有声明任何内容,则确保默认情况下拒绝每个方法调用
- 继承:在继承的基类上定义基本权限
- 易于用于
我不想要 的特定检查的东西使用 OAP 因为它适用于泛型类并且也有一些限制。
附加问题:是否有某种可以在应用程序中实现的安全框架?
我正在使用 ASP.NET / MVC 并针对 .net 4.0
Some weeks ago I've asked a question regarding best practice on how to secure a Business Layer.
In the meantime I have something based on PrincipalPermission and some custom code for specifics checks. But I'm still not really happy about that solution and struggling how to make it better.
What I'm still trying to achieve:
- Ensure that every method call is denied by default if nothing is declared on it
- Inheritance: Define basic permissions on a base class that get inherited
- Something that is easy to use for specific checks
I don't want to use OAP because it work on generic classes and has some limitations as well.
Additional question: Is there some kind of Security Framework that can be implemented withing applications?
I'm working with ASP.NET / MVC and targeting .net 4.0
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
.Net Framework 不包含除 System.Security.Principal 之外的任何内容。
.Net Framework does not contain anything aside from
System.Security.Principal.There are some helpful suggestions, including ASP.Net membership, or roll-your-own solutions with example code, on this earlier related question.