WCF SQL查询服务访问 [英] WCF SQL Queries && Services Access

问题描述

大家好，

我正在编写一个客户端服务器应用程序，其中客户端使用WCF服务通过调用服务方法对表执行SQL查询(INSERT，UPDATE，SELECT等).关键是如何定义对其的访问(即，允许某些客户端选择"记录，而其他客户端则可以在另一张表上插入，选择和更新). Access和表有很多变体，因此大多数客户端必须属于他们各自的访问组.我只能解决一种解决方案:

1)每个表都有小时服务，用于INSERT，UPdate，SELECT，DELETE.
8张桌子x 4服务=服务.再增加一张桌子会使我们再增加+4，所以我不确定这是否可行.

任何一点怎么办?

对不起，我的英语了.

Hi everybody,

I''m writing a client-server application, where the client uses WCF services to execute SQL queries (INSERT, UPDATE, SELECT, etc.) on tables by invoking services methods. The point is how to define access for it (i.e. some clients are permitted to "select" records, others insert, select and update on the other table). There are many variations of Access and many tables, so most of the clients have to belong to their individual access groups. I can sort out only one solution:

1) Every table has hour services for INSERT, UPdate, SELECT, DELETE.
8 tables x 4 services = services. Adding one more table gives us another +4 so I am not sure if this is the way to go.

Any point how to do it?

Sorry for my English.

推荐答案

我建议您创建几个表，分别容纳用户及其角色.

例如-只读角色，仅更新角色，读取更新角色等....

并将用户绑定到各自的角色.

用户登录系统后，将根据其角色执行相应的操作.

因此，得出的结论是，从wcf角度来看(无需检查任何访问权限)，在从客户端应用程序发出调用之前，请检查相应角色，以及是否具有访问权限允许或拒绝他.

您可以查看asp.net成员身份提供程序，Sql角色提供程序，声明性/命令性安全性等选项.

希望对您有所帮助！.

问候，
-Vinayak

Hi,

I would suggest you to Create a couple of tables which holds the user and their roles respectivilley.

for instance - Read only role, Update only role, read update role etc....

And tie up the user to the respective roles.

As soon as the user logs into the system, based on his role do the respective operation.

Hence the conclusion is that, from the wcf perspective(No need to check any access rights) , before making the call from the client application ,check for the respective role and if he has the access allow him or deny him.

You can look at options such as asp.net membership provider,Sql role provider, declarative/imperative security etc.

I hope this helps!.

Regards,
-Vinayak

一种更好的实现方式是使用具有以下字段的加法表.

userid-varchar(50)????
选择允许-是/否
InsertAllowed-是/否
UpdateAllowed-是/否
DeleteAllowed-是/否

收到WCF请求后，您可以针对数据库验证用户ID，以确保他/她具有执行相关操作的权限.

A better way to implement would be to have an addition table with the following fields.

userid -- varchar(50) ????
SelectAllowed - Yes/No
InsertAllowed - Yes/No
UpdateAllowed - Yes/No
DeleteAllowed - Yes/No

Upon receipt of the WCF request, you can validate the userid against the database to make sure that he/she has permission for relevant action.

这篇关于WCF SQL查询服务访问的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！