用户名和角色 [英] Username and role
问题描述
我有以下数据库:table<User>(UserID,Name,Surname,Username,Password,Email)
,table<Role>(RoleID,RoleName,Description)
和table<UsersInRole>(UserID,RoleID)
.我使用用户名和密码创建登录身份验证以访问应用程序(使用Linq ToSql来存储数据),这是正确的.
现在,我希望为每个用户创建一个角色,但是我不知道该如何制定它.我看到了一些有关它的功能,但它涉及的是web.app.
I have this databases: table<User>(UserID,Name,Surname,Username,Password,Email)
, table<Role>(RoleID,RoleName,Description)
, and table<UsersInRole>(UserID,RoleID)
. I create a login authentication with username and password to access to the application (with Linq ToSql to store data), and it is right.
Now I wish to create a role for each user, but I don't know how work out it; I saw some features about it but it refers to web.app.
这是适用于登录的过程代码:
This is the code of the procedure that applies to login:
public partial class Window1 : Window
{
public Window1()
{
InitializeComponent();
}
public bool ValidateApplicationUser(string userName, string password)
{
{
var AuthContext = new DataClasses1DataContext();
var query = from c in AuthContext.Users
where (c.Username == userName.ToLower() && c.Password == password.ToLower())
select c;
if(query.Count() != 0 )
{
return true;
}
return false;
}
}
private void mahhh(object sender, RoutedEventArgs e)
{
bool authenticated = true;
{
if (usernameTextBox.Text !="" && passwordTextBox.Text != "")
{
authenticated = ValidateApplicationUser(usernameTextBox.Text , passwordTextBox.Text);
}
}
if (!authenticated)
{
MessageBox.Show("Invalid login. Try again.");
}
else
{
MessageBox.Show("Congradulations! You're a valid user!");
Window3 c = new Window3();
c.ShowDialog();
this.Close();
}
}
}
我不知道如何实现为用户分配角色的方法. 您有任何想法或建议做对吗?
I don't know how to implement a method to assign a role to the user. Do you have any idea or suggest to make it right?
推荐答案
首先,尝试不要在数据库中存储密码;最好存储一个散列.我不太确定您的意思是向用户分配角色"-您是否难以从数据库中获取角色?还是您不确定之后如何处理?如果是后者,那么主要"就是要走的路.在最简单的级别上:
First, try not to store passwords in the database; it is better to store a hash. I'm not quite sure what you mean "assign a role to the user" - are you having difficulty getting the role from the db? Or are you unsure what to do with it afterwards? If the latter, the "principal" is the way to go; at the simplest level:
string username = ...
string[] roles = ...
Thread.CurrentPrincipal = new GenericPrincipal(
new GenericIdentity(username), roles);
现在您可以使用基于角色的安全性,无论是声明性的还是命令性的.
Now you can use role-based security, either declarative or imperative.
说明性:
[PrincipalPermission(SecurityAction.Demand, Role="ADMIN")]
public void Foo()
{ // validated automatically by the .NET runtime ;-p
}
当务之急:
static bool IsInRole(string role)
{
IPrincipal principal = Thread.CurrentPrincipal;
return principal != null && principal.IsInRole(role);
}
...
bool isAdmin = IsInRole("ADMIN");
这篇关于用户名和角色的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!