Geek Answers Handbook

How to integrate access control with my ORM in a Windows.net form application?

I am developing a general database query tool - the .NET 3.5 Windows Form application. So that the presentation level does not depend on the database level. I am using the ORM framework, XPO from DevExpress.

But I do not have a built-in access control function. I was browsing the Internet, and I found in WCF's data services, there is an interesting Interceptor concept that follows AOP (aspect-oriented programming).

I am wondering who has such experience for creating access control in ORM. My basic requirement:

  • This should be a general method and controlled by users at runtime. Therefore, any hard coding is unacceptable.
  • It can be based on an attribute, a database table, or even an external assembly.

I am ready to buy a turnkey solution. According to the idea of ​​AOP, the access control function can be integrated with existing functions easily and almost unreasonable for the previous developer;)

Any suggestions are welcome.

+6
c # database access-control orm
source share
2 answers

I'm not sure this answer will be useful in your situation, but it may be of interest to you.

X-tensive company (developer of DataObjects.Net ORM ) plans to implement a similar function for DataObjects.Net in a few months. X-Tensive Plan is to provide a fully functional, ready-to-use security extension, possibly based on attributes and aspects. Of course, it will be closely related to this ORM, but you can get some ideas from your description. See Request function and its discussion here .

You can also take a look at Rhino Security , I do not know the current status of this project, but this seams such a solution can be useful in your case.

+1
source share

Why not create a layer between the ORM and the presentation layer? By doing this separation, you can easily switch data sources (in the future, you may have your data on another server and access it through web services). I'm sure there is a fancy name for this layer, but I call all my interfaces for managers.

Presentation → Managers → Data Access Level → DB

Example:

var user = Program.Components.Get<IUserManager>().GetById(1); user.FirstName = "Jonas"; Program.Components.Get<IUserManager>().Save(user);

In managers, you can use IIdentity and IPrincipal (built-in access control interfaces in .Net) to control access. http://msdn.microsoft.com/en-us/library/ms172765(VS.80).aspx

0
source share

More articles:


All Articles