Database design and data access layer implementation of unified identity authentication Subsystem
Shi Chunli
School of Computer and information science, Southwest Normal University, Chongqing 400715
Absrtact: Unified identity Authentication Subsystem (UIA subsystem) unified management of users and campus application Systems (member sites). Each registered Campus network user has a unified network account (username/password), users through the same username/password, you can visit all Campus Network Application System (member site), for user applications to provide unified identity authentication and single sign-on service. The main contents of this paper include the system requirement analysis, the overall design, the database design and the detailed design and realization of the data access layer.
Keywords: users, member sites, user roles
Abstract:unique Identity Authentication Subsystem (UIA) manages users and each branch application system (member site) i N Campus in unison. Each registered Campus network user has unified network accounts (user name/the password), users can visit the schools n Etwork Application System (member site) in the campus by the same user name/the password, apply to users ' application the Services that unify identity authentication and some single log-in. This is thesis main contents include system demand analyse, overall design, database design and detailed design and Realizat Ion of data access layer.
First, the introduction
For each application system inside the campus, users must register in each system, login, more trouble, but also easy to create confusion, and bring data resources to duplicate storage. Therefore, a dedicated system is needed to manage users uniformly, that is, users can use different applications only once they have to sign in. Of course, for the different application systems, for the convenience of users, but also to its logical unified management. Therefore, the development of UIA (Unified identity authentication) system is very necessary. When the application system is registered to the UIA, we call it the member site.
The unified management of users, on the one hand, to access each member site without multiple registration login, not only to bring convenience to users, but also to save resources for member sites, to avoid the decentralized management of individual member sites to bring data redundancy. On the other hand the development of new member sites (new application systems) is also facilitated.
The member site for unified management, on the one hand to the user's operation to bring convenience, that is, the user login UIA subsystem can be directly through the link to each member site access. On the other hand, for the member site only need to register in the system to give different user role types, you can control the rights of various types of users, by the system to complete the user's rights assignment. Therefore, the development of the UIA subsystem (Unified identity authentication subsystem), by the panel discussion to complete the requirements analysis and overall design (module division) part of the work, I am responsible for the database design and data access layer code writing work.
Second, demand analysis
(i) System functional requirements
UIA subsystem to achieve two major functions, one is the user and the System identity authentication, the second is the user and member sites between the rights control. Users can be granted access to a member site through the user's identity and member sites, and the user's permissions are available in the system, and the member site can gain permission to view the user's information through the identity of the system and the user's rights to the member site.
(ii) System performance requirements
The UIA subsystem will manage a huge amount of user and member site information, the performance requirements of the UIA subsystem is very high, while the performance requirements of multiple networks are very high, so the requirements of the UIA subsystem must first have a large capacity of storage equipment, while requiring a large bandwidth to ensure that a large number of users in the access will not occur network congestion.
(iii) Operating environment requirements
. NET platforms, SQL Server databases, IIS servers
(iv) Introduction to Development tools
Microsoft SQL Sever is a high-performance client/server relational database management system. There are many important new features, such as transparent distributed processing, concise management, object-oriented embedding and linking Technology (0LE) programming interfaces, and integration with the Internet, and so on, the most important reason to choose Microsoft SQL Sever is its scalability and high security. Because Microsoft SQL Sever is based on the multi-wire program parallel database kernel, it can play the advantage of additional processors, in many cases, only with a specific parallel database and operating system to obtain the support of symmetric multiprocessing technology, of course, it also has a high security, Effective protection of user data.
Third, the overall design
(i) UIA Subsystem module Division
The Unified identity authentication Subsystem (UIA) has two main function modules: Identity authentication module and Rights Management module.
The Identity authentication module manages user identity and member site identity. To provide users with the online registration function, when the user registers the necessary information (such as user name, password) that information is the only evidence of the identity of the user, the user who owns the information is the legitimate user of the UIA subsystem; The Identity authentication module also provides the online registration function to the member site, Member sites are registered with some basic information about the member site, as well as the types of roles that are defined for the user (such as normal users, advanced users, administrator users).
The Rights Management module mainly has: the member site to the user's permission control, the user to the member site's authority control, the member site to the member site's authority control. When a user requests to assign permissions to a member site, he or she is provided with some of the information that the user provides to the member site, and the member site can query the user's information and assign permissions to the user by UIA authentication. A user who has access to a permission can access the member site in some capacity after being authenticated by UIA. The rights control of a member site to a member site is primarily the invocation interface that member site controls provide to other member sites.
UIA also includes the system maintenance module and the Use Help module, the System maintenance module main function is the member site management and to the system data maintenance.
UIA also provides an SDK for use by member sites for development. When a user accesses a member site, UIA provides a function to return the user's permissions for the member site to invoke.
(b) Design ideas and structural hierarchy diagrams
1. The overall design idea of the system is described as follows:
Users can be a single sign-on, that is, the user through the identity of the UIA subsystem authentication, you can access the UIA subsystem of all the users have the rights of the member site, the user after visiting a site, do not need to pass the certification once again access to his rights of the site, Return his corresponding access rights to the member site at the same time; centralized authorization control is the user to the member site to request authorization, the user when requesting permission to the site, provide the site to see the information, that is, to the member site to request authorization; Member sites are also authorized to users, users to the site after the site can be opened for the user, Users gain access to the site, and also provide administrative capabilities for member sites, including managing their basic information and the permissions of their members, including opening permissions for users and disabling user permissions.
2. The entire system structure hierarchy relationship Description diagram:
It mainly describes the development patterns used in development:. NET tiered development, or Microsoft's recommended development approach. The main part has three layers: business logic layer, business appearance layer, database access layer. The business appearance layer mainly defines some basic operations, can call the business logic layer, can also call the database access layer and model layer, business logic layer is mainly defined some rules of operation, can call the database access layer and model layer, the database access layer is specific to the operation of the database, Can call the model layer, through this layer of call to achieve the main function of the system; WebService layer can invoke business logic layer, database access layer and model layer, WebUI is mainly provided to the user interface, reflecting the actual function of the system, can access the business appearance layer and model layer, The main function of the model layer is to implement data transfer between layers, which can be called by other layers. The use of this development is mainly conducive to the maintenance of the system and future system expansion, if a layer of problems or need to update a layer of function, only need to modify the corresponding layer, do not need to modify the other layer, so that the problem localization, easy to solve the problem.
Four, database design
UIA is a dynamic information management system must be on the basis of internet/intranet technology, based on the web to establish a client-server connection, we build the purpose of this database on the one hand, effectively and securely save the user's registration information, At the same time, the member site for the user's permission control and information inquiries, so the database system should have a high security, in addition to facilitate the new member site to join, the system must have a database of the opening function. To this end, we consider the use of Microsoft SQL Sever 2000 as a database management system, to create an easy to achieve data sharing, business processing, data analysis, data query in one and ensure data efficient security of the database system, according to the actual needs of the database content is divided into two major parts, An idiom site's basic information, including site address, site name, site is open, such as information data, the second is the user's various information data, so the database should contain four essential forms:
(i) Database Model diagram:
(ii) Design of data tables
1. Member Site Information table (tsites):
This data table is used to store basic information for a member site.
Where the Usid field is automatically generated by the system, System uniform identifier, SiteID is the member site number is the key field of the data table, by its unique flag of the member site, it is specified with 4-bit plastic representation; The URL represents the URL of the member site, sitename The web name of the site, Both are expressed in variable-length strings, but not more than 50 characters; siteenable flag bit, flag the current site is open, whether it can be accessed, with a character, when the value of "1", said that the site opened, the contrary did not open;
2. User Information table (tusers):
The data table stores the basic information of the user, as well as the information that the user needs to fill out when registering.
Where the UUID field is automatically generated by the system, UserID represents the user number, is the key field, which distinguishes different users; Nikename represents the user's nickname, expressed in a variable-length string, but not longer than 50;email represents the user's mailbox, password the user's password, The two are represented by a variable long string within 50; userenable sign bit, the sign that the user is open, that is, the registration information is effective, with a character, the value of "1" is to be true that opened, or false that is not open; In addition, in order to prevent user login password forgotten, set password prompt, Ask the way to help users find the password, question is a user registration when the password prompts the question, answer is the password prompt answer, both are variable long string, the request length within 100.
3. User role in a member site (tuserroles):
This table stores the role types that are assigned to different member sites.
Where Roleid represents the role number, is the key field of the datasheet, it uniquely flags a role, specified with 4-bit shaping, SiteID represents the member site number, rolename represents the role name, in 50-bit variable long string representation, Canadminsite flag that the role has administrative rights to the member sites that are marked by the SiteID field. If "1" indicates that the role has this permission, if "0" does not have, generally speaking, for a member site, only one role of the field value is "1", the other is "0".
4. Role types assigned to users by member sites (Troles):
Roleid represents the role number, UserID indicates that the user number is the key field of the datasheet and is represented by 4-bit reshaping, which uniquely identifies a user's role. Roleenabled indicates whether the user role is open, using a data representation, take the value of "1", indicating that the user role is open, that is, the user can currently access a member site, the contrary is not open.
(ii) The views used in the system:
Vsites: This view is created primarily to facilitate querying of user roles in member sites.
Vusers: This view is created primarily to facilitate querying of user information, including the role of users in individual member sites.
V. Detailed design of data access layer:
According to the system functional requirements and database design can be derived from the database access to the main four major parts: 1, access to the Member Site Information table (tsites), 2, access to the User Information table (tusers), 3, access to the user's role in a member site (tuserroles); 4, Access to the user-assigned permission (role) type (troles) for the member site, so we use the following four classes to implement each:
(1) public class Sites
The class contains the following functions:
public int createsite (sitedata site) adds a new member site information to the database. The parameter is a sitedata type data, Sitedata is the data type defined by the model layer, the information obtained from the database is SqlDataReader type, and it needs to be converted into the Sitedata type in the model layer to facilitate the transfer of data between the layers.
public int Updatesite (sitedata site) modifies a member site information in a database
public int removesite (System.Guid usid) deletes a user in the database whose parameters are automatically generated by the system in the datasheet when the member site is registered USID
The public sitedata getsite (system.guid usid) queries all information about the member site based on the number usid that the system automatically assigns when the member site is registered, and returns the type of sitedata in the model layer.
Public IList listsites () queries and lists all member site information, IList returned with the linked list, the data type of each item in IList Sitedata
(2) public class Users
The class contains the following functions:
public int CreateUser (UserData user) adds a new user to the database, with the argument UserData type, and the same meaning as sitedata.
public int UpdateUser (UserData user) modifies a user's information in the database.
public int Removeuser (string nickname) deletes a user in the database whose parameters are nickname in the user's information
The public UserData GetUser (string nickname) queries all information of the user based on nickname and returns the type of UserData in the model layer.
Public IList listusers () queries all user information returns the data type of each item in the ilist,ilist of the list UserData
(3) public class Userroles
The class contains the following functions:
private int Getroleid (string role,int SiteID) Gets the role number whose parameters are SiteID of a member site and a role name.
public int adduserrole (userroledata userrole) Add user Role
public int removeuserrole (Userroledata userrole) deletes a user role
Public userroledata getuserrole (int userid,int SiteID) Gets the user's role in a member site
Public IList listallusersinsite (system.guid usid) queries all member sites
(4) public class Userrolerules
The class contains the following functions:
public bool Requestrole (string nickname,string role,system.guid usid) Request User Role
public bool Enableuserrole (string Nickname,system.guid usid) Open User Role
public bool Disableuserrole (string nickname,system.guid usid) disabling user roles
public bool Removerole (string nickname,system.guid usid) Delete User role
public bool IsInRole (string nickname,string role,system.guid Usid) Determines whether a user has a permission
public bool Isroleenabled (string nickname,string role,system.guid Usid) determines whether the user role is opened
(5) Daconfig
In order to simplify the parameters of database access to the above classes, special Daconfig is added. This class reads the database connection string from the configuration file, that is, the location of the database server in the UIA subsystem, the name of the database, the username, and the password, which are encapsulated directly to provide to other classes when accessing the database (preparing parameters for function calls in the data access layer), Simplifies data access code in other classes.
Vi. Summary:
Through the efforts of the members of the group, the system is basically formed to achieve the expected function. Through this graduation design, I am right. NET technology has a certain understanding, in the database design has accumulated valuable experience. As the development process continues to deepen, I have a more profound understanding of software development, hands-on ability has been very good exercise. In the rich knowledge and accumulation of experience, my ability to work in unity and cooperation in the group members of the continuous exchanges have been improved. All of these will greatly benefit me in my study work in the future. However, due to limited personal ability, time is short, the system still has deficiencies, please teachers to give valuable advice.
Vii.. Thanks:
The graduation project can be successfully completed without our guidance teacher Shanchun teacher guidance and help, Lucengon teacher, Chen Wu teacher, Shao teacher, Li Yungang teacher in this process also gave a great help, to their help express heartfelt thanks. There is also a strong support from all members of the panel, and I would like to express my heartfelt thanks to them.
The main reference documents:
[1] where Jocheti. NET Data Services C # advanced programming. Tsinghua University Press
[2] Wen Yu and so on. C # Programming technology. People's post and telecommunications press
[3] Flash siqing. SQL Sever 2000 database management system. Beijing Hope Electronic Publishing house
Appendix:
With the data access layer part of the source code
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.