我怎么能隔离用户“在ASP.net MVC应用程序中的数据?
所以我有一个asp.net应用程序(使用MVC5,ASP 4.5,EF)部署在Azure上。该应用程序允许用户注册和登录。
然而,一旦登录,任何人都可以看到其他人的数据。
So I have an asp.net application (using MVC5, ASP 4.5, EF) deployed on Azure. The application allows users to register and login. However, once logged in, anyone can see everyone else's data.
什么是数据隔离属于不同的用户,使每个用户只能看到他/她创建数据的最佳实践?
What is the best practice to isolate the data belonging to different users so that each user can only see the data he/she creates?
另一个小问题是如何Facebook的分离其用户的数据?
Another small question is how does Facebook separates its users' data?
感谢
有关的每一块数据的用户创建,储存他们的用户ID,只允许用户看到了他们的用户ID数据。一对夫妇的例子:
For every piece of data a user creates, store their user ID and only allow users to see data that has their user ID. A couple of examples:
SQL:
SELECT UserDataID, Value FROM UserData WHERE UserID = @UserID;
在传递用户的ID到 @UserID 参数。
LINQ:
using (var entityFrameworkContext = new MyDataEntities())
{
var currentUserData = entityFrameworkContext.UserData.Where(userData -> userData.UserID = currentUserID);
}
其中, currentUserID 可能是从窗体身份验证的用户名或ID,例如: HttpContext.Current.User.Identity.Name 。
Where currentUserID could be the user name or ID from forms authentication, for example: HttpContext.Current.User.Identity.Name.