WPF用户安全最佳实践 [英] WPF User Security best practice

问题描述

背景:

我正在使用登录名创建一个wpf应用程序， 管理员应该有权访问整个应用程序，但是用户将具有受限的访问权限.

I am creating a wpf application with a login,  The admin should have access to the entire application but the users will have restricted access. 

我计划在数据库中创建用户角色，用户将在其中分配角色.

I am planning to create user roles in the database where the users will have a assigned role.

我需要什么:

最佳做法是将用户角色存储在数据库中吗?有其他替代解决方案吗?

Is storing the user role in database, the best practice? Are there any alternative solutions?

有什么有效的方法可以限制用户根据用户角色策略查看表单/选项卡中的字段的能力?

What is an efficient way to restrict users ability to view fields in a form/ tabs based on a user role strategy?

 

推荐答案

您可以将自己的自定义凭据存储在数据库中，或使用Windows帐户和/或Windows组对用户进行身份验证.您应该选择哪种身份验证方法取决于您的要求.没有牢固的对与错方法.你应该 不过，出于安全考虑，切勿将凭据以明文形式存储在数据库中(存储的密码应散列和加盐).

You could store your own custom credentials in a database or authenticate users using Windows accounts and/or Windows groups. Which authentication method you should choose depends on your requirements. There is no solid hard right or wrong way. You should never store the credentials in cleartext in the database for security reasons though (the stored passwords should be hashed and salted).

有关示例，请参阅我的有关WPF中的自定义授权的博客文章，以及有关如何通过实现从IIdentity和IPrincipal派生的类在WPF应用程序中实现自己的自定义身份验证和授权的更多信息. 界面并覆盖应用程序线程的默认标识: http://blog.magnusmontin.net/2013/03/24/custom-authorization-in-wpf/

Please refer to my blog post about custom authorization in WPF for an example and more information about how to implement your own custom authentication and authorization in a WPF application by implementing classes that derive from the IIdentity and IPrincipal interfaces and overriding the application thread’s default identity: http://blog.magnusmontin.net/2013/03/24/custom-authorization-in-wpf/

这篇关于WPF用户安全最佳实践的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！