大家都知道,微软企业库中的Security Application Block是把权限规则写在配置文件中的(app.config,web.config),并没有提供存在数据库的实现形式。我去年就向企业库项目组的人建议在SAB中加入这一实现形式,遗憾的是,直到现在的3.1版本,还是没有实现这一功能。
还好GotDotNet上有人提供了这一功能的扩展:Database Rules Provider ,不过这个扩展没有权限操作的功能(添加,删除,修改权限。。。),不方便大家的日常使用,所以我就对其作了一些修改,加入了权限操作功能。现在放出来与大家共享:)
项目下载:Database Authorization Provider.rar
DbRulesManager.cs:
1using System;
2using System.Data;
3using System.Data.Common;
4using System.Data.SqlClient;
5using System.Configuration;
6using System.Collections.Generic;
7using System.Security.Principal;
8using System.Web.Security;
9
10using Microsoft.Practices.ObjectBuilder;
11using Microsoft.Practices.EnterpriseLibrary.Security;
12//using Microsoft.Practices.EnterpriseLibrary.Security.Authorization;
13using Microsoft.Practices.EnterpriseLibrary.Security.Configuration;
14using Microsoft.Practices.EnterpriseLibrary.Data;
15using Microsoft.Practices.EnterpriseLibrary.Configuration;
16using System.Configuration.Provider;
17
18namespace Kreeg.EnterpriseLibrary.Security.Database.Authorization
19{
20 /**//// <summary>
21 /// Class for retrieving rules from the database
22 /// </summary>
23 public class DbRulesManager
24 {
25
26 private Microsoft.Practices.EnterpriseLibrary.Data.Database dbRules = null;
27 /**//// <summary>
28 /// Creates a Database Rules Manager instance
29 /// </summary>
30 /// <param name="databaseService">The Database Instance to use to query the data(要查询数据的数据库实例)</param>
31 /// <param name="config">The configuration context</param>
32 public DbRulesManager(string databaseService)
33 {
34 //DatabaseProviderFactory factory = new DatabaseProviderFactory(config);
35 dbRules = DatabaseFactory.CreateDatabase(databaseService);
36 }
37
38
39 /**//// <summary>
40 /// Retrieves a rule from the database
41 /// </summary>
42 /// <param name="Name">The name of the rule</param>
43 /// <returns>An AuthorizationRuleData object</returns>
44 public AuthorizationRuleData GetRule(string name)
45 {
46
47 AuthorizationRuleData rule = null;
48
49 DbCommand cmd = dbRules.GetStoredProcCommand("dbo.GetRuleByName");
50 dbRules.AddInParameter(cmd, "Name", DbType.String, name);
51
52 using(IDataReader reader = dbRules.ExecuteReader(cmd))
53 {
54 if(reader.Read())
55 {
56 rule = GetRuleFromReader(reader);
57 }
58 }
59
60 return rule;
61 }
62
63 private AuthorizationRuleData GetRuleFromReader(IDataReader reader)
64 {
65 AuthorizationRuleData rule = new AuthorizationRuleData();
66 rule.Name = reader.GetString(reader.GetOrdinal("Name"));
67 rule.Expression = reader.GetString(reader.GetOrdinal("Expression"));
68
69 return rule;
70 }
71
72
73 /**////// <summary>
74 ///// Retrieves all rules in the database as a DataSet
75 ///// </summary>
76 ///// <returns>A DataSet containing all of the rules</returns>
77 //public DataSet GetAllRules()
78 //{
79 // DbCommand cmd = dbRules.GetStoredProcCommand("dbo.GetAllRules");
80
81 // using(DataSet ds = dbRules.ExecuteDataSet(cmd))
82 // {
83 // return ds;
84 // }
85 //}
86
87
88 /**//// <summary>
89 /// Retrieves all rules in the database as a Collection
90 /// </summary>
91 /// <returns>An AuthorizationRuleDataCollection containing all of the rules</returns>
92 public List<AuthorizationRuleData> GetAllRulesAsCollection()
93 {
94 List<AuthorizationRuleData> rules = new List<AuthorizationRuleData>();
95
96 DbCommand cmd = dbRules.GetStoredProcCommand("dbo.GetAllRules");
97
98 using(IDataReader reader = dbRules.ExecuteReader(cmd))
99 {
100 while(reader.Read())
101 {
102 AuthorizationRuleData rule = GetRuleFromReader(reader);
103 rules.Add(rule);
104 }
105 }
106 return rules;
107 }
108
109 /**//// <summary>
110 /// Inserts a rule into the database
111 /// </summary>
112 /// <param name="name">The name of the rule</param>
113 /// <param name="expression">The expression defining the rule</param>
114 public void InsertRule(string name, string expression,string description)
115 {
116 DbCommand cmd = dbRules.GetStoredProcCommand("dbo.InsertRule");
117 dbRules.AddInParameter(cmd, "Name", DbType.String, name);
118 dbRules.AddInParameter(cmd, "Expression", DbType.String, expression);
119 dbRules.AddInParameter(cmd, "Description",DbType.String, description);
120
121 dbRules.ExecuteNonQuery(cmd);
122 }
123
124 /**//// <summary>
125 /// Saves the rule to the database
126 /// </summary>
127 /// <param name="ruleId">The Rule Id</param>
128 /// <param name="name">The name of the rule</param>
129 /// <param name="expression">The expression</param>
130 public void UpdateRuleById(int ruleId, string name, string expression)
131 {
132 DbCommand cmd = dbRules.GetStoredProcCommand("dbo.UpdateRuleById");
133 dbRules.AddInParameter(cmd, "id", DbType.Int32, ruleId);
134 dbRules.AddInParameter(cmd, "Name", DbType.String, name);
135 dbRules.AddInParameter(cmd, "Expression", DbType.String, expression);
136 //dbRules.AddInParameter(cmd, "Description", DbType.String, description);
137
138 dbRules.ExecuteNonQuery(cmd);
139 }
140
141 /**//// <summary>
142 /// Removes a rule from the database
143 /// </summary>
144 /// <param name="ruleId">The ruleid to remove</param>
145 public void DeleteRuleById(int ruleId)
146 {
147 DbCommand cmd = dbRules.GetStoredProcCommand("dbo.DeleteRuleById");
148 dbRules.AddInParameter(cmd, "id", DbType.Int32, ruleId);
149
150 dbRules.ExecuteNonQuery(cmd);
151 }
152
153
154 /**//***************** Follow Function Created by levinknight 2006.06.07 *****************/
155
156 GetAllRules#region GetAllRules
157 public string[] GetAllRules()
158 {
159 string rules = string.Empty;
160 DbCommand cmd = dbRules.GetStoredProcCommand("dbo.G
2using System.Data;
3using System.Data.Common;
4using System.Data.SqlClient;
5using System.Configuration;
6using System.Collections.Generic;
7using System.Security.Principal;
8using System.Web.Security;
9
10using Microsoft.Practices.ObjectBuilder;
11using Microsoft.Practices.EnterpriseLibrary.Security;
12//using Microsoft.Practices.EnterpriseLibrary.Security.Authorization;
13using Microsoft.Practices.EnterpriseLibrary.Security.Configuration;
14using Microsoft.Practices.EnterpriseLibrary.Data;
15using Microsoft.Practices.EnterpriseLibrary.Configuration;
16using System.Configuration.Provider;
17
18namespace Kreeg.EnterpriseLibrary.Security.Database.Authorization
19{
20 /**//// <summary>
21 /// Class for retrieving rules from the database
22 /// </summary>
23 public class DbRulesManager
24 {
25
26 private Microsoft.Practices.EnterpriseLibrary.Data.Database dbRules = null;
27 /**//// <summary>
28 /// Creates a Database Rules Manager instance
29 /// </summary>
30 /// <param name="databaseService">The Database Instance to use to query the data(要查询数据的数据库实例)</param>
31 /// <param name="config">The configuration context</param>
32 public DbRulesManager(string databaseService)
33 {
34 //DatabaseProviderFactory factory = new DatabaseProviderFactory(config);
35 dbRules = DatabaseFactory.CreateDatabase(databaseService);
36 }
37
38
39 /**//// <summary>
40 /// Retrieves a rule from the database
41 /// </summary>
42 /// <param name="Name">The name of the rule</param>
43 /// <returns>An AuthorizationRuleData object</returns>
44 public AuthorizationRuleData GetRule(string name)
45 {
46
47 AuthorizationRuleData rule = null;
48
49 DbCommand cmd = dbRules.GetStoredProcCommand("dbo.GetRuleByName");
50 dbRules.AddInParameter(cmd, "Name", DbType.String, name);
51
52 using(IDataReader reader = dbRules.ExecuteReader(cmd))
53 {
54 if(reader.Read())
55 {
56 rule = GetRuleFromReader(reader);
57 }
58 }
59
60 return rule;
61 }
62
63 private AuthorizationRuleData GetRuleFromReader(IDataReader reader)
64 {
65 AuthorizationRuleData rule = new AuthorizationRuleData();
66 rule.Name = reader.GetString(reader.GetOrdinal("Name"));
67 rule.Expression = reader.GetString(reader.GetOrdinal("Expression"));
68
69 return rule;
70 }
71
72
73 /**////// <summary>
74 ///// Retrieves all rules in the database as a DataSet
75 ///// </summary>
76 ///// <returns>A DataSet containing all of the rules</returns>
77 //public DataSet GetAllRules()
78 //{
79 // DbCommand cmd = dbRules.GetStoredProcCommand("dbo.GetAllRules");
80
81 // using(DataSet ds = dbRules.ExecuteDataSet(cmd))
82 // {
83 // return ds;
84 // }
85 //}
86
87
88 /**//// <summary>
89 /// Retrieves all rules in the database as a Collection
90 /// </summary>
91 /// <returns>An AuthorizationRuleDataCollection containing all of the rules</returns>
92 public List<AuthorizationRuleData> GetAllRulesAsCollection()
93 {
94 List<AuthorizationRuleData> rules = new List<AuthorizationRuleData>();
95
96 DbCommand cmd = dbRules.GetStoredProcCommand("dbo.GetAllRules");
97
98 using(IDataReader reader = dbRules.ExecuteReader(cmd))
99 {
100 while(reader.Read())
101 {
102 AuthorizationRuleData rule = GetRuleFromReader(reader);
103 rules.Add(rule);
104 }
105 }
106 return rules;
107 }
108
109 /**//// <summary>
110 /// Inserts a rule into the database
111 /// </summary>
112 /// <param name="name">The name of the rule</param>
113 /// <param name="expression">The expression defining the rule</param>
114 public void InsertRule(string name, string expression,string description)
115 {
116 DbCommand cmd = dbRules.GetStoredProcCommand("dbo.InsertRule");
117 dbRules.AddInParameter(cmd, "Name", DbType.String, name);
118 dbRules.AddInParameter(cmd, "Expression", DbType.String, expression);
119 dbRules.AddInParameter(cmd, "Description",DbType.String, description);
120
121 dbRules.ExecuteNonQuery(cmd);
122 }
123
124 /**//// <summary>
125 /// Saves the rule to the database
126 /// </summary>
127 /// <param name="ruleId">The Rule Id</param>
128 /// <param name="name">The name of the rule</param>
129 /// <param name="expression">The expression</param>
130 public void UpdateRuleById(int ruleId, string name, string expression)
131 {
132 DbCommand cmd = dbRules.GetStoredProcCommand("dbo.UpdateRuleById");
133 dbRules.AddInParameter(cmd, "id", DbType.Int32, ruleId);
134 dbRules.AddInParameter(cmd, "Name", DbType.String, name);
135 dbRules.AddInParameter(cmd, "Expression", DbType.String, expression);
136 //dbRules.AddInParameter(cmd, "Description", DbType.String, description);
137
138 dbRules.ExecuteNonQuery(cmd);
139 }
140
141 /**//// <summary>
142 /// Removes a rule from the database
143 /// </summary>
144 /// <param name="ruleId">The ruleid to remove</param>
145 public void DeleteRuleById(int ruleId)
146 {
147 DbCommand cmd = dbRules.GetStoredProcCommand("dbo.DeleteRuleById");
148 dbRules.AddInParameter(cmd, "id", DbType.Int32, ruleId);
149
150 dbRules.ExecuteNonQuery(cmd);
151 }
152
153
154 /**//***************** Follow Function Created by levinknight 2006.06.07 *****************/
155
156 GetAllRules#region GetAllRules
157 public string[] GetAllRules()
158 {
159 string rules = string.Empty;
160 DbCommand cmd = dbRules.GetStoredProcCommand("dbo.G