You need to use the protection proxy design pattern to fetch resources and use authentication. Your code must access the database only when required to and authenticated. Here we look at the theory and an example of protection proxies in the C# programming language.
First, you want a class for database-related code. Let's call it DatabaseLayer.cs. This file contains a class that does all the work with the database, and sends back DataTable or DataSet objects to the rest of the program.
Interface. In this database layer file, we need an interface. An interface is a contract that will be used to "connect" the actual database-using code to the proxy class, which is called the protection proxy. The proxy implements methods. The proxy may implement a interface containing five methods, but it doesn't include the actual SQL code in its methods.
Database layer methods. The database layer implements methods. It also implements the same interface with those five methods. It has the SQL commands and actual business logic built into it.
Passwords. The proxy checks on each method call that it has the password required to access the database. Then, it forwards all method calls to its database object. In other words, the protection proxy inserts a password check before every call to the database layer. The proxy forwards method calls to its inner database object only if that check succeeds.
Here we see the interface that is shared between the database layer and proxy. This interface will be shared by the proxy and database classes. As a reminder, an interface doesn't need to use the public keyword, and must not contain implementations.
public interface IJournalData
{
void InsertNewRow(DateTime dateTime);
DataTable GetSearchResults(string queryString);
}Here we look at the actual proxy class implementation. The proxy sets between the database code itself, and the callers in the user interface. The Authenticate method here is not part of the interface above, but a special method on the proxy.
public class JournalProxy : IJournalData
{
JournalLayer _journalLayer;
string _password;
public bool Authenticate(string suppliedPassword)
{
// User sends in the password, and we make sure it is correct.
if (string.IsNullOrEmpty(suppliedPassword) ||
suppliedPassword != _password)
{
return false;
}
// Password is correct. Allocate the database layer, and
// setup the connection to the database code.
_journalLayer = new JournalLayer();
return true;
}
public void InsertNewRow(DateTime dateTime)
{
// In every method that the proxy implements from the interface,
// make sure that the user was authenticated.
if (_journalLayer == null)
{
return;
}
// Forward the call to the actual database code.
_journalLayer.InsertNewRow(dateTime);
}
public DataTable GetSearchResults(string queryString)
{
if (_journalLayer == null)
{
return null;
}
return _journalLayer.GetSearchResults(queryString);
}
}Here we use the protection proxy in the user interface code. We are using Windows Forms and this code is inside a class that implements a Form.
JournalProxy _journal = new JournalProxy();
private void PasswordEntered()
{
if (_journal.Authenticate(passwordTextBox.Text))
{
// Show something from the database.
}
else
{
textBox1.Text = "Password is incorrect";
// Use must enter a new password now.
passwordTextBox.Clear();
}
}Calling authenticate. The Authenticate method is only called when the user enters a password. You can use your database layer object, such as _journal, without even worrying about passwords. It will simply abort attempts to use the database if the password hasn't been set.
Here is the database-utilizing code. The big thing here is that we don't need to worry about passwords because the protection proxy takes care of all of that for us.
class JournalLayer : IJournalData
{
public void InsertNewRow(DateTime dateTime)
{
return;
}
public DataTable(string queryString)
{
return new DataTable();
}
}Here we consolidate all the password authentication code in one spot. You can create code that accesses the database without worrying about the password stuff at all. You add the protection proxy object as a layer between the user interface code and database logic. Some of the benefits to the proxy are also found in other uses of interfaces in the C# programming language, which are described here.
Here we saw how you use protection proxy to manage accesses to important or expensive resources. Protection proxy makes C# applications easier to develop when requiring a password for a database. Finally, there are fancy words like surrogate that you can use to describe these things. The term protected is sometimes used instead of protection.