sql身份验证模式
我正在创建桌面应用程序,以检查局域网中的用户名和密码,并且用户名和密码存储在另一台计算机中.
我想用两种方式做.
1)我将运行一个服务器程序,其中存储了用户名和密码的数据库,因此,如果客户端将用户名和密码发送给服务器,并且服务器接收到它们并正常检查.
2)当客户端要使用用户名和密码登录时,此方法对我来说是新方法,
他必须直接连接到lan sql数据库并检查身份验证.
我的问题是哪个会更好.
如果您认为第二个更好,那我该如何实现呢?
提前感谢
i am creating desktop application program to check username and password in lan network , and the username and passwords are stored in a different computer.
i thought of doing in two ways like .
1) i will running a server program where the database of username and password are stored ,so if a client sends the username and password to server and the server recieves them and checks normally .
2) this method is new to me ,when client wants to login with username and password,
he has to connect direct to lan sql database and checks for authentication .
my problem is which would be better .
if you think 2nd one is better how can i implement that .
THANKS IN ADVANCE
第二种方法更可取.
如果选择第一种方法,则必须加密其密码,并且还使用集成身份验证来防止将密码嵌入EXE文件资源中.
但是,如果选择第二种方法,则可以管理用户从SSMS对DB资源的访问.
为了实现第二种方法,您可以通过给定的用户名和密码动态构建连接字符串,并尝试在try catch块中连接到服务器.如果遇到异常,则给定的用户名和密码不正确(如果其他条件很好).
希望对您有所帮助.
The second method is preferable.
If you choose the first method you have to encrypt their passwords and also use integrated authentication for preventing embedding of passwords in your EXE file resources.
But if you choose the second method you can manage user access to the resources of DB from SSMS.
For implementing the second methods you can build your connection string by the given username and password dynamically and try to connect to the server in atry catchblock. If you got an exception then the given username and password was not correct (if the other conditions were well).
Hope it helps.