MVC3 多用户数据级安全性
我正在开发的应用程序是多用户和多公司的,目前我在试图找出确保数据级别安全性的最有效/最佳方法时遇到了麻烦,从广义上讲,阻止 UserA 看到 UserB 的数据。如果有各种控制器(产品、订单等)和模型,那么路由类似于 Product/Edit/1 和 Order/Edit/1。但是,为了确保用户无法更改路由来查看彼此的数据,似乎每个服务层/数据库层调用都需要我检查特定的产品密钥/订单密钥是否属于经过身份验证的用户?这是最好的选择还是我错过了一些更优雅的东西。
编辑更新
从下面Omri的回答中,第一个链接实际上有一个链接到此处。它提到了实现访问级别安全性的各种方法,但我想这就是我想了解人们的意见的地方。我应该这样做吗:
public class ProductController
{
public ActionResult Edit(int id)
{
if (_productService.CanUserEdit(id, userID))
{
_productService.Save(id);
}
else
{
throw UnauthorizedException;
}
return RedirectToAction("Index");
}
}
或者
public class ProductController
{
public ActionResult Edit(int id)
{
_productService.Save(id, userID);
return RedirectToAction("Index");
}
}
public class ProductService
{
public void Save(int id, int userID)
{
if (CanUserEdit(id, userID))
{
//DO SAVE
}
}
private CanUserEdit(int id, int userID)
{
}
}
显然,两种实现之间没有太大区别,只是操作是否发生在控制器内或服务级别。服务级别会根据公司的不同而动态变化,因此我的猜测是,我们可能应该执行第一个选项,让每个公司的产品服务派生自实现 CanUserEdit 功能的公共基类,因为它不会改变。
The application I am working on is multi-user and multi-company and I am having trouble at the moment trying to figure out the most efficient/best way to ensure data level security, in broad terms prevent UserA from seeing UserB's data. If there are various controllers (Products, Orders, etc) and models, then the routes are something like Product/Edit/1 and Order/Edit/1. However, to ensure that users cannot alter the routes to see each others data it seems that each service layer/db layer call will require me checking that the specific product key/order key belongs to the authenticated user? Is this the best option or am I missing something more elegant.
Edit Update
From Omri's answer below, the first link actually has a link to here. It mentions the various ways to accomplish the access level security, but I guess this is what I want to know people's opinions about. Should I do something like this:
public class ProductController
{
public ActionResult Edit(int id)
{
if (_productService.CanUserEdit(id, userID))
{
_productService.Save(id);
}
else
{
throw UnauthorizedException;
}
return RedirectToAction("Index");
}
}
OR
public class ProductController
{
public ActionResult Edit(int id)
{
_productService.Save(id, userID);
return RedirectToAction("Index");
}
}
public class ProductService
{
public void Save(int id, int userID)
{
if (CanUserEdit(id, userID))
{
//DO SAVE
}
}
private CanUserEdit(int id, int userID)
{
}
}
Obviously there is not much difference between the two implementations, just whether or not the action takes place within the Controller or at the service level. The service level changes on the fly based on the company, so my guess is that we probably should do the first option and have the product service for each company derive from a common base class that implements the CanUserEdit capability since that does not change.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
似乎有两种常见的方法:OnActionExecuting 或 AuthorizeAttribute。参见这里:
如何扩展/构建 ASP.NET MVC 3 授权属性来处理此场景
ASP.NET MVC 3 还具有全局操作过滤器,允许您全局应用操作过滤器,而无需显式属性声明:
http://blog .tallan.com/2011/02/04/global-action-filters-in-asp-net-mvc-3/
Seems to be two common approaches: OnActionExecuting or AuthorizeAttribute. See here:
How to Extend/Architect the ASP.NET MVC 3 Authorize Attribute to Handle This Scenario
ASP.NET MVC 3 also has Global Action Filters which allow you to apply action filters globally without the need for explicit attribute declaration:
http://blog.tallan.com/2011/02/04/global-action-filters-in-asp-net-mvc-3/