0

I have a SQL+ASP.NET situation for which I suspect there might exists a design pattern.

I have a site where users can register and then enter their own data. The users can only see their own data and never anything else.

My question is: Is there a way to somehow simplify this process. All SQL commands clearly need to be filtered based on the user ID, and ASP Web Forms doesn't really allow this in a simple way. Is there a way to maybe produce LINQ objects or something similar that can automatically extend every SQL command sent to the SQL Server with a User ID parameter?

nidbild
  • 1
  • This is known as a *multi-tenant architecture*. I'd recommend you do some reading on the subject, starting [here](http://stackoverflow.com/q/2213006/861716) for example. – Gert Arnold Jun 25 '16 at 21:11

1 Answers1

0

Your requirement sounds like you just need global filters. The suport varies from ORM to ORM but see for example how nHibernate implements it:

http://nhibernate.info/doc/nhibernate-reference/filters.html

Filters are part of your model description and can be applied at entity level and at navigation property level. 

<class name="MyClass" ...>
   ...
   <filter name="myFilter" condition=":myFilterParam = MY_FILTERED_COLUMN"/>
</class>

You selectively enable filters in current session.

session.EnableFilter("myFilter").SetParameter("myFilterParam", "some-value");

Entity framework doesn't exactly follows the same approach, rather, you just overload your LINQ operators so that the tedious work is encapsulated once:

making a global filter for entity framework

or you use one of existing custom extensions that suport global filters

https://github.com/zzzprojects/EntityFramework-Plus/wiki/EF-Query-Filter-%7C-Entity-Framework-Dynamic-Instance-and-Global-Filters

Community
  • 1
  • 1
Wiktor Zychla
  • 47,367
  • 6
  • 74
  • 106