.NET C＃中，什么是确保每一个方法的最佳做法？ [英] .net C#, what is the best practice for securing every method?

问题描述

我有有一个业务层处理一些数据操作的Web项目。我想通过检查，以确保一些或所有方法，如果有一个活动没有结束，有效的会话执行方法之前。

我首先想到使用属性过类，但我不能正常运行。由于类是通常类，而不是从 System.Web.Page 导出。调用所需的BL实例时，属性类从不运行。此外，某些方法可能并不需要一个有效的会话，让全班同学可能并不需要一个完整的安全性。并且还补充说，在方法的每一个开始检查会话的行不健全的前景十分看好。

如果你问我为什么，我需要保护的方法由，我可以这样解释：

• 这是一个web项目


• 人员可能开出从填写，但从来没有把它保存在那一刻


• 该屏幕等待约30分钟，可以说


• 会议已经结束


• 的用户是早在电脑前，和点击保存按钮，但过程应该无法完成

保存操作很容易被删除操作或 SELECT 。

由于存在形式和东西种类很多，我有 BL.ItemManager ， BL.VideoManager ， BL.ServiceManager 等等......所以，有很多保存，删除和选择方法这些类里面。

$的b
$ b

因此，是否有运行的进程

解决方案

您可以使用面向方面的方法; PostSharp 可能是一种选择。

你所需要的要做的就是创建一个使用PostSharp注入代码之前调用该方法来检查会话是否是活的atrribute。喜欢的东西;

  [SessionAlive] 
公共无效的someMethod（）
  

或者你可以只使用 Session_End中方法在Global.asax文件，或者你可以只使用一些JavaScript代码来力重定向到登录页面。

I have a Web Project which has a Business Layer that handles some data operations. I would like to secure some or all methods by checking if there is an active not ended valid Session before executing the method.

I first thought using Attribute over class but I couldn't run it properly. Since the class is a usual class and not derived from System.Web.Page. the attribute class never runs when the required BL instance is invoked. Besides, some of the methods might not require a valid session, so the whole class might not need a complete security. And also, adding a line that checks the session in every beginning of the method doesn't sound very promising.

If you ask me why would I need to secure by method, I could explain like this:

• This is a web project
• Person might start out the from fill it but never got it save at that moment
• That screen waits about 30 mins lets say
• The session is already ended
• User is back in front of the computer, and clicks SAVE button, but process should NOT be completed

Save operation could easily be a DELETE operation or a SELECT.

Since there are many TYPEs of forms and stuff, I have BL.ItemManager, BL.VideoManager, BL.ServiceManager and so on... So, there are alot of save, delete and select methods inside of these classes.

Therefore, is there a neat way to secure some methods by checking the session before running the process

解决方案

You may use aspect-oriented approach; PostSharp may be an option.

All you need to do is to create an atrribute using PostSharp to inject code before the method call to check whether the session is alive. Something like;

[SessionAlive]
public void SomeMethod()

Or you may just use Session_End method in the Global.asax file, or you may just use some javascript code to force redirection to login page.

这篇关于.NET C＃中，什么是确保每一个方法的最佳做法？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！