ASP.NET 到 SQL Server 凭据
我目前正在致力于将 Windows 桌面应用程序转换为网站/应用程序。整个应用程序的数据结构存储在 SQL Server 数据库中。每个数据库代表一个不同的“库”。一个客户可以拥有许多不同的“库”(数据库),我正在考虑将许多客户安装放在同一台 Web 服务器上。
这将是一个互联网站点,因此我强烈考虑使用 Microsoft 提供的用户帐户管理来访问站点。我想我会提供管理员级别的访问权限,允许用户分配特定数据库的权限。 (即,默认情况下,通过 Microsoft 机制创建用户帐户不会提供任何实际功能。)
用户访问权限将具有以下通用级别:
1. 读访问(没有这个,用户甚至不知道该库存在)
2.插入访问(用户可以向系统添加记录)
3.编辑访问权限(用户可以更改记录的详细信息)
4. 删除访问权限(您认为这会做什么:)?)
5. 管理员权限(用户可以修改其他用户的属性)
我正在考虑一种模型,其中网站中只有一个帐户来处理所有 SQL Server 交互。因此,上面处理允许/拒绝访问级别 1 到 5 的所有代码都将由我的网站页面中的代码处理,而不是由 SQL Server 的用户帐户管理处理。
我想我会拥有一个中央数据库,其中包含所有用户名以及他们的帐户(至少)对哪些库具有读取访问权限(上面的 1 级访问权限)。然后,级别 2 到 5 将存储在该用户和该数据库的每个数据库中。
我想到两个问题:
- 这种做法合理吗?我是否缺少另一种更安全的方法来执行我想要的操作(例如使用 SQL Server 的用户管理工具)?
- 如果我要采用这种方法,我将如何在网站上创建“超级用户”帐户?我假设它是某种“网络服务”或“本地服务”帐户,但我仍然不太清楚哪个帐户在 ASP.NET 中执行什么操作。
谢谢!
I am currently working on converting a Windows Desktop application to a Web Site/Application. The data structure for the entire application is stored in SQL Server databases. Each database represents a different "library". One customer can have many different "libraries" (databases), and I'm contemplating placing many customer installations on the same web server.
This will be an internet site, so I'm strongly considering using Microsoft's supplied user account management for site access. I'm thinking that I would then provide administrator-level access that would allow a user to be assigned privileges on a particular database. (i.e., by default, creating a user account through the Microsoft mechanisms wouldn't give any real functionality.)
User access would have the following generic levels:
1. Read access (without this, the user shouldn't even know the library exists)
2. Insert access (user can add records to the system)
3. Edit access (user can alter the details of a record)
4. Delete access (what do you think this does :)?)
5. Admin access (user can modify other users' attributes)
I'm considering a model where there is a single account in the website that handles all SQL Server interactions. Thus, all of the code to handle allowing/denying access levels 1 through 5 above would be handled by code in my website pages, rather than by SQL Server's user account management.
I'm thinking that I would have one, central database that would contain all user names and to which libraries their account has (at least) read access (level 1 access from above). Then, levels 2 through 5 would be stored in each database for that user and that database.
Two questions occur to me:
- Is this approach reasonable? Am I missing another way to do what I want (like, using SQL Server's user management tools) that is safer?
- If I were going to enact this method, how would I create the "SuperUser" account on the website? I'm assuming it would be some sort of "NETWORK SERVICE" or "LOCAL SERVICE" account, but I'm still a little bit hazy about which account does what in ASP.NET.
Thanks!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
为什么你不能使用角色和成员资格来使用 ASP.Net 登录身份验证..我认为这应该对你有帮助..
Why cant you use ASP.Net Login authentication using Roles and Membership.. I think this should help you..