❔ Secure, Efficient Data Access in Hybrid Desktop/Web App
Hey yall!
I'm currently working on a hybrid web/desktop application. Is there any sort of .net mechanism/design pattern/authorization schema where an action to request data can be "approved" by the application server and allow a client to directly receive something like a result from a database query? Idea being, I'd like to improve query times on desktop clients by skipping the server-side steps of loading the query result into memory and then re-serializing over the network again. Security is a pretty big concern, and given code is running on a computer accessible by staff who could have potential malicious intentions or who leave their pc exposed to external access, having application code or even having direct DB access is a no-go.
Some more details:
The business domain requires a high degree of secure and auditing, so all the business logic and execution will be running through the application server, which will handle authentication, running queries, etc.
Because this system might have relatively high data-throughput (reporting and audit logging is critically important), I'm slightly worried that if the desktop app just queried data entirely through the server, having to serialize and de-serialize data constantly over the local network might introduce significant slowdowns. I know it's premature at this point, but I'd like to have this in the back of my head while designing so I can accommodate when necessary.
My initial thought/solution would be to have those specific queries execute using a sql data reader and "stream" the result of the query to the client, skipping serialization using something like SingnalR or a similar network stream.
If you've ran into a similar situation before, or there exisits a pattern/feature in ASP.NET already for this scenario, please let me know.
Thanks!
1 Reply
Looks like nothing has happened here. I will mark this as stale and this post will be archived until there is new activity.