How to organize access to the database/folders through the service by access ID?

E

Ertdf2018-04-02 23:31:13

Database

Ertdf, 2018-04-02 23:31:13

Good day to all!
Description:
There was an application in C # and working with a MySQL database through Connector.NET (objects MySqlConnection, MySqlCommand, MySqlDataReade, MySqlDataAdapter, etc.). The work with the database was carried out on the local host. In general, the application is designed to automate the work of the clinic.
Now the task is:
1) to divide the application into several, i.e. one application for patients, other applications for employees (meaning client applications);
2) transfer the database to the PostgreSQL DBMS, which will now be on the remote machine;
3) provide access to some files on the server, both to patients (for downloading) and employees (for downloading/modifying/uploading);
In principle, I could do all these 3 points, but I think it's clumsy. For example, point 3 I managed to do via SSH. But it wouldn’t be right to let both patients and employees into the server under different OS users via SSH, even with limited rights? (Or not?)
What is the problem:
I would like to implement something like a distributed system, so that there is some a separate service for accessing directories and a separate service for accessing the database, which would analyze a certain identifier for access and connect / not connect to the host / database, respectively, under a specific user. It turns out that we still need some kind of server that would issue these access identifiers (for patients based on a special number, and for an employee from a login and password).
I read that it is better not to store the connection string in the application (as it was in the old one), but it is better to organize it through services. In general, with this approach, the system seems more logical, modular and safe. And in general somehow it would be desirable to solve a question with privileges.
Questions:
1) How to implement everything that I wrote? What to use? Please point me to the right path!
2) Do they do this at all? How is it generally organized by such systems that I wrote?
3) If they do this, then how to make a server that would distribute these identifiers (tokens or or access keys), what to write on?
Forgive me for so much text, and if I wrote complete nonsense, I had never done anything like this before.

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

D

Denis, 2018-04-12
@den_labs

>>2) transfer the database to the PostgreSQL DBMS, which will now be on the remote machine;
Make a Web Api service (maybe more than one) that will run on a remote machine and work with PostgreSQL. It will also respond to requests from applications (for patients, for employees).
>>1) split the application into several, i.e. one application for patients, for others
it can even remain one application, just at the level of rights hide extra tabs / controls for the user
>> 3) provide access to some files on the server, both for patients (for downloading) and employees
When logging in Web Api service twitches in the application, which issues rights (+ some token) to this user and then when calling Web Api methods, you need to use this token and rights
On C# (Web Api, Dapper) all this can be implemented.