EntLib安全性 - 数据库中的授权规则 [英] EntLib Security - Authorization Rules in database

问题描述

我最初在模式和实践论坛中发布了这个问题，但我也在这里发布，因为我还没有在那里得到回复，我想在这里发帖会有所帮助。

----------------------------- -------------------------------------------------- -------------------------------------------------- -------------------------------------

我是Enterprise Library的新手，并且一直在研究安全应用程序块。我几乎没有疑惑：

1。如果有可能我们可以使用从数据库而不是配置文件中检索授权规则的任何内置授权提供程序，那么困扰我的一件事就是困扰我。 （就像SQL Server一样）嗯，从我理解到现在，我没有在EntLib中看到任何这样的功能，除了使用自定义提供程序并自己编写逻辑。
我想使用数据库的原因因为在我们的应用程序中，管理员可以通过应用程序UI修改规则。因此，将它们存储在配置文件中是不可能的。我必须使用数据库。

2。现在，假设我不能在不必编写自定义授权提供程序的情况下将规则存储在数据库中，那么使用安全应用程序块是多么值得。因为SAB提供的两个功能是安全信息的授权和缓存。由于我甚至不会使用配置文件存储规则，并且自己编写授权机制，是否值得使用EntLib？因为那时我自己完成了大部分的工作，对我来说（凭借我有限的知识），只使用EntLib从它的类中派生并自己编写整个故事是没有意义的！好的，事情是我也不打算使用缓存功能。因为这是一个潜在的安全风险，因为信息不受任何手段的保护，我们无法承担在我们的应用程序中的信息，因为它也会存储一些财务数据。

3。 EntLib安全应用程序块和WCF联合安全模型之间是否存在关联？这两个可以一起使用吗？因为WCF联合安全性可以在分布式环境中工作，并且不确定EntLib SAB在这样的环境中的适用性。在这方面似乎没有太多这样的讨论可以帮助我。

FYI：我们正在使用.NET 3.5，SQL 2005，C＃WinForms并评估EntLib 4.0在我们的应用程序场景中的适用性。

对上述问题的任何帮助将不胜感激。任何建议或替代方法也是受欢迎的。

解决方案

我做了一个示例供您参考。 

这是链接。

http://code.msdn.microsoft.com/Extending-the-EnSecurity-f1c44f95

I had originally posted this question in patterns and practices forums, but am posting it here too as I am yet to get a response there and I guess posting here would help.

----------------------------------------------------------------------------------------------------------------------------------------------------------------------

I am new to Enterprise Library and have been studying the security application block. I have few doubts:

1. One thing which bothers me if there is any possibility that we can use any built-in authorization providers which retrieve authorization rules from database instead of the config file. (like SQL Server)
Well, from what I understand till now, i don't see any such feature in EntLib, other than using a custom provider and writing the logic yourself.
The reason i want to use database because in our application, rules can be modified by the administrator through the application UI. So it's just not possible to store them in the config files. I must use database.

2. Now, assuming that I can't store rules in database without having to write a custom authorization provider, how worth it is to use Security Application Block. Because the two features which SAB provides are Authorization and Caching of security information. And since I won't be even using the config files to store rules, and writing the authorization mechanism myself, is it worth using EntLib at all? Because then I am doing most of the job myself, and to me (with my limited knowledge) it doesn't make sense to just use EntLib to derive from its class and write the whole story myself! Okay, the thing is I am not going to use the Caching feature either. Because that is a potential security risk, as the information is not protected by any means and we can't afford to have that in our application, since it would store some financial data as well.

3. Can there be a relation between EntLib Security Application Block and WCF Federated Security Model? Can these two be used together? Because WCF Federated Security would work in a distributed environment and am not sure about the applicability of EntLib SAB in such an environment. There do not seem to be much such discussions earlier that could help me in this regard.

FYI: We are using .NET 3.5, SQL 2005, C# WinForms and evaluating the applicability of EntLib 4.0 in our application's scenario.

Any help on the above questions would be appreciated. Any suggestions\alternative approaches are also welcome.

解决方案

I have done a sample for your reference. 

Here is the link.

http://code.msdn.microsoft.com/Extending-the-EnSecurity-f1c44f95

这篇关于EntLib安全性 - 数据库中的授权规则的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！