c# - 在 C# windows 应用程序中控制用户权限

Question

我已经用 C# 和 SQL 2008 设计了 ​​Windows 应用程序。现在，我想控制该用户可以访问哪个部分及其权限。

所以，我想知道在sql中设计表并为每个用户设置权限更好还是有其他解决方案？

Answer 1

一般来说，我所看到的内容大致如下：

有一张tblUser这样的桌子：

tblUser
    UserId
    UserName
    etc...

角色表：

tblRole
    RoleId
    Name

和一个链接器表：

tblUserRole
    UserId
    RoleId

在您的应用程序中，您将检查当前用户是否在tblUserRole表中具有相应的角色。如果是这样，则允许当前用户使用该功能，否则显示错误消息，禁止用户输入等...

例如MS SQL，您可以有以下类型Stored Procedure：

添加用户

CREATE PROCEDURE spAddUser
    @UserName AS nvarchar(256)
AS
BEGIN
-- SET NOCOUNT ON added to prevent extra result sets from
-- interfering with SELECT statements.
SET NOCOUNT ON;

INSERT INTO tblUser
    (UserName)
    VALUES(@UserName)

SELECT SCOPE_IDENTITY( ) AS 'Id'
END
GO

添加用户角色

CREATE PROCEDURE spAddUserRole
@UserId AS int,
@RoleId As int
AS
BEGIN
-- SET NOCOUNT ON added to prevent extra result sets from
-- interfering with SELECT statements.
SET NOCOUNT ON;

INSERT INTO tblUserRole
    (UserId, RoleId)
    VALUES(@UserId, @RoleId)
END
GO

用户是否有角色

CREATE PROCEDURE spDoesUserHaveRole
@UserId AS int,
@RoleId As int,
@HasRole AS bit OUTPUT
AS
BEGIN
-- SET NOCOUNT ON added to prevent extra result sets from
-- interfering with SELECT statements.
SET NOCOUNT ON;

SELECT @HasRole = COUNT(UserId) > 0 FROM tblUserRole
    WHERE UserId = @UserId AND
          RoleId = @RoleId
END
GO