帮助与ASP.NET MVC和自定义的安全设计2个部分的问题 [英] Help with 2-part question on ASP.NET MVC and Custom Security Design

问题描述

我使用ASP.NET MVC和我试图分开了很多我的逻辑。最终，这个应用程序将被pretty大。这基本上是一个SaaS的应用程序，我需要允许不同类型的客户端访问。我有一个问题的两个部分;我一般设计的第一个交易和第二讲述了如何在ASP.NET MVC

I'm using ASP.NET MVC and I am trying to separate a lot of my logic. Eventually, this application will be pretty big. It's basically a SaaS app that I need to allow for different kinds of clients to access. I have a two part question; the first deals with my general design and the second deals with how to utilize in ASP.NET MVC

首先，有最初将一个ASP.NET MVC客户机的前端和将有一组用于第三方网络的服务与（也许移动​​等）进行交互。

Primarily, there will initially be an ASP.NET MVC "client" front-end and there will be a set of web-services for third parties to interact with (perhaps mobile, etc).

我知道我可以有ASP.NET MVC应用程序只需通过Web服务交互，但我认为这是不必要的开销。

I realize I could have the ASP.NET MVC app interact just through the Web Service but I think that is unnecessary overhead.

所以，我创建了一个API，将主要是在Web应用程序和Web服务将利用DLL。 API包含为主，集业务逻辑和数据传输对象等。（所以，这包括像CreateCustomer，EditProduct等为例方法）

So, I am creating an API that will essentially be a DLL that the Web App and the Web Services will utilize. The API consists of the main set of business logic and Data Transfer Objects, etc. (So, this includes methods like CreateCustomer, EditProduct, etc for example)

另外，我的权限要求是有点复杂。我真的不能用直线的角色系统，我需要有一些细化权限（但所有的权限是积极权利）。所以，我不认为我真的可以使用ASP.NET角色/会员制还是我好像我会做得比我自己的滚动更多的工作。我之前和这一次我想我宁愿推出自己用过的会员。

Also, my permissions requirements are a little complicated. I can't really use a straight Roles system as I need to have some fine-grained permissions (but all permissions are positive rights). So, I don't think I can really use the ASP.NET Roles/Membership system or if I can it seems like I'd be doing more work than rolling my own. I've used Membership before and for this one I think I'd rather roll my own.

无论是Web应用程序和Web服务将需要保持安全性令人担忧。所以，我的设计是一种像这样的：

Both the Web App and Web Services will need to keep security as a concern. So, my design is kind of like this:

• 在API中的每个方法都需要核实来电者的安全

• Each method in the API will need to verify the security of the caller

在Web应用程序，每个页（行动，在MVC说吧）也将检查用户的权限（所以，不要present用户使用添加用户按钮，如果用户没有这种权利，而且每当API接收AddCustomer（），检查安全太）

In the Web App, each "page" ("action" in MVC speak) will also check the user's permissions (So, don't present the user with the "Add Customer" button if the user does not have that right but also whenever the API receives AddCustomer(), check the security too)

我认为Web服务真正需要的DLL中的检查，因为它可能不总是在某种pre-认证上下文的使用（像在Web应用程序中使用会话/ 18.3）;还具有安全检查的API意味着我真的没有检查它在其他地方，如果我在移动（iPhone说），不想做客户端检查各类

I think the Web Service really needs the checking in the DLL because it may not always be used in some kind of pre-authenticated context (like using Session/Cookies in a Web App); also having the security checks in the API means I don't really HAVE TO check it in other places if I'm on a mobile (say iPhone) and don't want to do all kinds of checking on the client

然而，在Web应用程序，我认为会有一些工作重复，因为Web应用程序presenting与选项的用户，这是确定之前检查用户的安全，但我想了一个办法，避免这种情况重复数据删除通过允许Web应用程序告诉API不检查安全;而Web服务总是希望安全性进行验证

However, in the Web App I think there will be some duplication of work since the Web App checks the user's security before presenting the user with options, which is ok, but I was thinking of a way to avoid this duplication by allowing the Web App to tell the API not check the security; while the Web Service would always want security to be verified

这是一个好方法吗？如果不是，有什么好？如果是这样，什么是实施这个的一个好办法。我想这样做的：

Is this a good method? If not, what's better? If so, what's a good way of implementing this. I was thinking of doing this:

在API，我将有两个功能，每个动作：

In the API, I would have two functions for each action:

// Here, "Credential" objects are just something I made up
public void AddCustomer(string customerName, Credential credential
                           , bool checkSecurity)
{
  if(checkSecurity)
  {
    if(Has_Rights_To_Add_Customer(credential)) // made up for clarity
    {
      AddCustomer(customerName);
    }
    else
      // throw an exception or somehow present an error
  }
  else
    AddCustomer(customerName);
}

public void AddCustomer(string customerName)
{
  // actual logic to add the customer into the DB or whatever



  //  Would it be good for this method to verify that the caller is the Web App
  //  through some method? 
}

所以，这是一个好的设计或者我应该做些什么不同？

So, is this a good design or should I do something differently?

---

我的下一个问题是，它明确地似乎并不像我真的可以用[授权...]，用于确定用户是否有权限做一些事情。事实上，一个动作可能依赖于各种权限和视图可能隐藏或显示取决于许可的某些选项。
什么是做到这一点的最好方法是什么？我应该有某种的PermissionSet对象，用户随身携带整个或Web应用程序在会话无论和MVC行动的方法，它检查的各种会检查该用户是否可以使用该动作，然后查看会有一些ViewData的或任何权限做隐藏/显示？

My next question is that clearly it doesn't seem like I can really use [Authorize ...] for determining if a user has the permissions to do something. In fact, one action might depend on a variety of permissions and the View might hide or show certain options depending on the permission. What's the best way to do this? Should I have some kind of PermissionSet object that the user carries around throughout the Web App in Session or whatever and the MVC Action method would check if that user can use that Action and then the View will have some ViewData or whatever where it checks the various permissions to do Hide/Show?

推荐答案

您提出什么都不行。动作可以被缓存，并且当他们的行动（因此你的家轧安全性）的不运行。的ASP.NET成员资格，但仍然有效，因为MVC缓存是意识到这一点

What you propose will not work. Actions can be cached, and when they are, the action (and hence your home-rolled security) does not run. ASP.NET membership, however, still works, since the MVC caching is aware of it.

您需要使用ASP.NET会员国共同努力，而不是试图彻底改造它。你可以，除其他事项：

You need to work with ASP.NET membership instead of trying to reinvent it. You can, among other things:

• 实现自定义成员提供程序或角色提供商。


• 亚型AuthorizeAttribute并重新实现AuthorizeCore。


• 使用微软日内瓦/ Windows标识基金会基于声明的访问。

另外，我完全ChaosPandion，谁建议分析前，让您的code结构变化不同意。避免了表演的原因异常是荒谬的 - 特别的想法，单纯的潜力的投掷无效用户异常会以某种方式罐的有效的用户的性能。您code的最慢的部分可能是在其他地方。使用分析器找到的，而不是跳跃在最新的微优化风潮真正的性能问题。

Also, I completely disagree with ChaosPandion, who suggests making structural changes in your code before profiling. Avoiding exceptions for "performance" reasons is absurd -- especially the idea that the mere potential to throw an exception for invalid users will somehow tank the performance for valid users. The slowest part of your code is likely elsewhere. Use a profiler to find the real performance issues instead of jumping on the latest micro-"optimization" fad.

正确的理由，以避免对授权的例外是，以表明在一个Web应用程序的未授权访问尝试正确的方法是将HTTP状态code更改为401未经授权，而不是抛出异常（这将返回500 ）。

The correct reason to avoid exceptions for authorizations is that the correct way to indicate an attempt at unauthorized access in a web app is to change the HTTP status code to 401 Unauthorized, not throwing an exception (which would return 500).

这篇关于帮助与ASP.NET MVC和自定义的安全设计2个部分的问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！