用户登录Windows应用程序最佳实践 [英] User Logon for Windows Applications Best Practices

问题描述

我有一个用VS 2010编写的C＃windows应用程序，它使用SQL Server Express数据库作为后端。我发现我需要拥有不同权限的不同用户，以限制粗心用户可以造成多大的伤害。例如，一个高度信任的用户可以批量删除和编辑用于修改大量记录的记录，而另一个用户只能编辑或删除单个记录。高度信任的用户可以访问所有屏幕，而其他用户只能访问这些屏幕的子集等.AFAIK这不一定能很好地映射到SQL Server中内置的身份验证系统，该系统管理用户组的读写权限每张桌子。可以只滚动自己的自定义身份验证系统，向用户，组和权限添加到数据库表并相应地管理它们。虽然这对我来说是一个新问题，但我的预感是，这可能是Windows开发中一个非常古老和熟悉的问题。如果不是很好的话，我当然可以自己动手做一些可行的东西，但为什么不看看有更多经验的人是怎么做的呢。



有没有人有任何想法或建议在这个问题？你可以指出哪个特别好的例子？

I have a C# windows application written in VS 2010 that uses SQL Server Express database as the back-end. I'm finding that I have a need for having different users with different rights, to limit how much damage can be done by careless users. For example, one highly trusted user can mass delete and edit records for modifying large numbers of records while another user can only edit or delete individual records. A highly trusted user can access all of the screens while other users will only access a subset of those screens, etc. AFAIK this doesn't necessarily map very well to the authentication system built into SQL Server which manages user groups read and write permissions for each table. There is the possibility of just rolling your own custom authentication system, to add to the database tables for users, groups, and permissions and managing those accordingly. While this is a new problem for me, my hunch is that this would likely be a very old and familiar problem within windows development. I could certainly roll my own and make something workable if not great, but why not see how others with more experience are doing it.

Does anyone have any thoughts or recommendations on this subject? Any especially good examples that you could point me in the direction of?

推荐答案

这篇关于用户登录Windows应用程序最佳实践的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！