网址验证的多租户架构 [英] URL Verification in multi-tenant architecture
问题描述
什么是验证在多租户架构web应用程序的URL,以确保从一个组织用户并不简单地通过改变查询字符串参数获取访问另一个组织的数据的最佳方式。我不想做每个页面加载验证。应用程序正在兴建ASP.net 3.5。
what would be the best way to verify URLs in a multi-tenant architecture web-app to make sure that a user from one org does not gets access to the another org's data simply by changing the query string parameters. I dont want to be doing a verification on each page load. the app is being built on ASP.net 3.5.
推荐答案
您真的不应该控制访问基于URL数据。你应该通过限制用户身份验证的数据访问和不幸的是,这意味着你将需要验证每个页面加载,或者更具体地说,在每个数据访问。
You really shouldn't be controlling access to data based on the url. You should restrict data access by user authentication and unfortunately that means that you will have to verify on each page load, or more specifically on each data access.
这篇关于网址验证的多租户架构的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
