我正在寻找一些关于我正在尝试实施的架构的建议和帮助。我正在构建的应用程序为我们内部使用的多个 ASP.NET 网站提供 SSO 和中央身份验证。我面临的问题是,我似乎无法想出一种方法来在有意义的实体框架中构造我的数据。
概述: 1)一个帐户可以与许多应用程序关联 2)角色特定于每个应用程序 3)功能特定于每个应用程序 4)下面没有显示,但我想进一步分解关联并让 Accounts 成为“目录”和应用程序可以访问与应用程序关联的目录列表中的用户(这有意义吗?)用户“乔”将具有如下权限:
Application 1:
Role | Feature 1 | Feature 2 | Feature 3
=============================================
Role1 | x | | x
Role2 | | x | x
Role3 | x | x | x
Application 2:
Role | Feature 1 | Feature 2 | Feature 3
=============================================
Role1 | | | x
Role2 | | x |
Role3 | x | x | x
我将通过类似于以下的 API 访问这些权限:
CheckAccountPermission(Role, Feature), IsAccountInRole(Role)
目前,我一直在尝试以下模型:
Application.cs
public int ApplicationId { get; set; }
public Guid ApplicationGuid { get; set; }
public string Name { get; set; }
public string Description { get; set; }
public bool IsEnabled { get; set; }
public DateTime DateCreated { get; set; }
public DateTime? LastModified { get; set; }
public virtual ICollection<Directory> Directories { get; set; }
public virtual ICollection<Feature> Features { get; set; }
public virtual ICollection<AccountPermission> AccountPermissions { get; set; }
Account.cs
public int AccountId { get; set; }
public string Username { get; set; }
public string Password { get; set; }
public string PasswordSalt { get; set; }
public string FirstName { get; set; }
public string MiddleName { get; set; }
public string LastName { get; set; }
public string EmailAddress { get; set; }
public string AvatarUrl { get; set; }
public string AccountNotes { get; set; }
public DateTime? LastLogin { get; set; }
public DateTime DateCreated { get; set; }
public DateTime? LastModified { get; set; }
public DateTime? LastActivity { get; set; }
public bool IsEnabled { get; set; }
//-------------------//
public int DirectoryId { get; set; }
public virtual Directory Directory { get; set; }
public virtual ICollection<Session> Sessions { get; set; }
public virtual ICollection<AccountPermission> AccountPermissions { get; set; }
Directory.cs
public string Name { get; set; }
public string Description { get; set; }
public bool IsEnabled { get; set; }
public virtual ICollection<Account> Accounts { get; set; }
public virtual ICollection<Role> Roles { get; set; }
public virtual ICollection<Application> Applications { get; set; }
Role.cs
public int RoleId { get; set; }
public string Name { get; set; }
public string Description { get; set; }
public int? PrimaryRoleId { get; set; }
public Role PrimaryRole { get; set; }
public DateTime DateCreated { get; set; }
public DateTime? LastModified { get; set; }
public virtual int DirectoryId { get; set; }
public virtual Directory Directory { get; set; }
public virtual ICollection<AccountPermission> AccountPermissions { get; set; }
AccountPermission.cs
[Key, Column(Order = 0)]
public int AccountId { get; set; }
public virtual Account Account { get; set; }
[Key, Column(Order = 1)]
public int RoleId { get; set; }
public virtual Role Role { get; set; }
[Key, Column(Order = 2)]
public int FeatureId { get; set; }
public virtual Feature Feature { get; set; }
[Key, Column(Order = 3)]
public int ApplicationId { get; set; }
public virtual Application Application { get; set; }
如果我在这里偏离基地或被误导,请随时指出我正确的方向。我真的很想把这件事做好。我能提供的任何澄清信息,请告诉我!感谢大家!