Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
686 views
in Technique[技术] by (71.8m points)

winforms - How to implement security component in Windows Forms?

Coming from ASP.NET into WindowsForms app development I was expecting to see the similar controls to work with. To my surprise, I didn't see any security controls (login, user management, etc.)

Am I missing something, or I'd have to implement my own security for the application (role based security, user management, etc.)?

The application is for internal use (10 -20 users) but security is very important due to sensitive data. (MSSQL Server 2005 is in the back end, .NET 3.5)

Any info would be appreciated.

EDIT:

i guess my question is "Is there an analog of ASP.NET's Membership provider in WinForms?"

EDIT2:

after some Googling i found this article, I'll give that a try, any other suggestions are appreciated.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

Since you don't have an accepted answer and since I stumbled on this question researching another, I will endeavor to give you some pointers.

As has been pointed out, user management and role-based security in a win forms app is not something that will actually work client-side. In a web analogy, imagine trying to implement all of your security using only javascript and cookies, keeping no information on the server-side. It's insecure by default.

As has also been suggested, you can implement security on your database and have your users connect directly to the database from your win form. I would highly recommend that you do NOT pursue such a course. User management will become a nightmare. You need a middle tier.

What you should do is build a web service that implements role-based security (since you're familiar with it -- there are better authorization options out there) and has a custom authentication store. If you use WCF to build the web service, you can use the same RoleProvider and MembershipProvider classes that you're used to in ASP.NET.

That web service handles all of the business logic of your system and is responsible for connecting to the database. It provides a secure layer of abstraction and reduces the amount of database administration you need to do in order to manage your users. Your win forms app becomes a UI shell, responsible only for handling user interactions and up-front data validation (you should also validate at the middle tier) and nothing else.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...