在VB.NET Winforms中实现登录 [英] Implementing logins in VB.NET Winforms

问题描述

问候！

我正在尝试实现需要用户登录的Winform应用程序.用户登录后，根据其SQL用户角色，他/她将有权访问相应的数据库对象.问题是我不确定实现此方法的安全方式(并且google今天不太友好...)

我想到的一种方法是，使基本用户只能访问存储过程，该存储过程将检索尝试登录的用户的密码哈希，一旦用户提供了正确的密码，连接字符串就会在运行时动态更改.但是然后，真正考虑它，就无法实现将密码哈希存储在数据库中的整个目的.有什么想法吗?

Greetings!

I''m trying to implement a winform application where the user is required to login. Once the user logs in, he/she will have access to the corresponding database objects, according to his/her SQL user role. The problem is that I''m not sure of a secure way of implementing this ( and google is not too friendly today...)

One method I thought up was to make a base user that only has access to the stored procedure that retrieves the password hash of users attempting to login, and once the user provides the correct password, the connection string is dynamically changed during runtime. But then, really thinking about it, it defeats the whole purpose of storing the password hash in the database. Any ideas?

推荐答案

您使用什么来连接数据库?一个ORM，一个SqlConnection对象，其他方法?
此处是有关ADO.NET2.0中的安全准则的文章 [此处是更新但不那么详细的文章 [此处是有关实体框架4中安全性考虑的文章. [

What are you using to connect to the database? An ORM, a SqlConnection Object, other methods?
Here is an article on Security Guidelines in ADO.NET2.0[^], which I guess should be fine if you''re using SqlConnection Objects.
Here is a more up-to-date, but less detailed article[^] on ADO.NET4.
When working with ORM''s, such as the Entity Framework, I think you should check the website of that product on best practices for connecting to databases. Here is an article on security considerations in Entity Framework 4.[^]
Sorry that I could not be more detailed, but I think the above links should provide you with enough clues as to how to connect to a database (Windows logon, SQL logon, encrypted password). Which approach works best for you is dependent on your situation, technologies and needs.
Hope it helps! :)

这篇关于在VB.NET Winforms中实现登录的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！