用户名和角色 [英] Username and role

问题描述

我有以下数据库:table<User>(UserID,Name,Surname,Username,Password,Email)，table<Role>(RoleID,RoleName,Description)和table<UsersInRole>(UserID,RoleID).我使用用户名和密码创建登录身份验证以访问应用程序(使用Linq ToSql来存储数据)，这是正确的. 现在，我希望为每个用户创建一个角色，但是我不知道该如何制定它.我看到了一些有关它的功能，但它涉及的是web.app.

I have this databases: table<User>(UserID,Name,Surname,Username,Password,Email), table<Role>(RoleID,RoleName,Description), and table<UsersInRole>(UserID,RoleID). I create a login authentication with username and password to access to the application (with Linq ToSql to store data), and it is right. Now I wish to create a role for each user, but I don't know how work out it; I saw some features about it but it refers to web.app.

这是适用于登录的过程代码:

This is the code of the procedure that applies to login:

public partial class Window1 : Window
    {
        public Window1()
        {
            InitializeComponent();
        }


        public bool ValidateApplicationUser(string userName, string password)
        {
          {
                var AuthContext = new DataClasses1DataContext();
                var query = from c in  AuthContext.Users
                            where (c.Username == userName.ToLower() && c.Password == password.ToLower())
                            select c;

                if(query.Count() != 0 )
                {
                    return true;
                }

                return false;
            }

        }

        private void mahhh(object sender, RoutedEventArgs e)
        {
            bool authenticated = true;
            {
                if (usernameTextBox.Text !="" && passwordTextBox.Text != "")
                {
                    authenticated = ValidateApplicationUser(usernameTextBox.Text , passwordTextBox.Text);
                }

            }
            if (!authenticated)
            {
                MessageBox.Show("Invalid login. Try again.");
            }
            else
            {
                MessageBox.Show("Congradulations! You're a valid user!");
                Window3 c = new Window3();
                c.ShowDialog();
                this.Close();
            }
        }
    }

我不知道如何实现为用户分配角色的方法. 您有任何想法或建议做对吗?

I don't know how to implement a method to assign a role to the user. Do you have any idea or suggest to make it right?

推荐答案

首先，尝试不要在数据库中存储密码；最好存储一个散列.我不太确定您的意思是向用户分配角色"-您是否难以从数据库中获取角色?还是您不确定之后如何处理?如果是后者，那么主要"就是要走的路.在最简单的级别上:

First, try not to store passwords in the database; it is better to store a hash. I'm not quite sure what you mean "assign a role to the user" - are you having difficulty getting the role from the db? Or are you unsure what to do with it afterwards? If the latter, the "principal" is the way to go; at the simplest level:

        string username = ...
        string[] roles = ...
        Thread.CurrentPrincipal = new GenericPrincipal(
            new GenericIdentity(username), roles);

现在您可以使用基于角色的安全性，无论是声明性的还是命令性的.

Now you can use role-based security, either declarative or imperative.

说明性:

    [PrincipalPermission(SecurityAction.Demand, Role="ADMIN")]
    public void Foo()
    { // validated automatically by the .NET runtime ;-p

    }

当务之急:

    static bool IsInRole(string role)
    {
        IPrincipal principal = Thread.CurrentPrincipal;
        return principal != null && principal.IsInRole(role);
    }
    ...
    bool isAdmin = IsInRole("ADMIN");

这篇关于用户名和角色的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！