分享程序员开发的那些事...
更新时间:2022-05-22 23:46:11
您已经在这里回答了自己的问题...
您已经在进行用户身份验证,因此只需更新数据库,以使您具有类似于以下内容的表:
用户ID,WebMethodID
使用每个客户端及其批准的Web方法的相关详细信息填充此表,每个客户端/Web方法对一个条目.
更新您的网络方法,使其仅在客户端/网络方法对被授权的情况下才起作用...像这样:
You''ve just about answered your own question here...
You already have user authentication happening, so simply update your database so that you have a table similar to this:
UserID, WebMethodID
Populate this table with relevant details for each client and their approved webmethods, one entry per client/webmethod pair.
Update your webmethods so that they only work if the client/webmethod pair is authorised... something like this:
if isAuthorised(ClientID, WebmethodID) then
' do the webmethod stuff here
endif
private function isAuthorised(byval ClientID as integer, byval WebmethodID as integer) as boolean
' Make a call to the database to check for the ClientID/Webmethod pair
if FOUND_IN_DATABASE then
isAuthorised = true
else
isAuthorised = false
endif
end function
您总是可以放一些逻辑上找到客户端并根据客户端发回的响应.可能是客户端A的IP范围,对于客户端B的另一个IP范围...如果A正在请求,则允许B,D,F,G进行响应.您可以根据需要在服务层或Db层中编写此逻辑.
但我建议进行3项服务...分别为客户A,B和A提供1项服务C .为什么要把它们全部结合在一起?您可以轻松地进行维护,并且如果需要还可以具有不同类型的安全级别!
You can always put some logic to find the client and based on the client sent back the response. Might be an IP range for client A, another for B ... if A is requesting then allow B,D,F,G to response back. This logic can be written in service layer or Db layer where ever you like.
But i would suggest, make 3 services... 1 each for client A, B & C. Why to club them all? It would be easy for you to maintain and can also have different types of security level if needed!
您可以添加一个入口方法,该方法将在每次调用任何Web方法时都将被调用:
a()
{
if(entry()){
}
其他
{
返回;
}
}
b()
{
if(entry()){
}
其他
{
返回;
}
}
等
此方法可以查找用户访问权限,并确定是否允许用户访问Web方法.
you could add an entry method that will be called each time any of the webmethods are called :
a()
{
if(entry()){
}
else
{
return ;
}
}
b()
{
if(entry()){
}
else
{
return ;
}
}
etc
this method can look up the user access rights and determine if the user is allowed access to the webmethod or not.