最佳做法，以保持一个用户ID（MVC） [英] Best practice to maintain a user id (MVC)

问题描述

我使用FormsAuthentication，但我已经添加了一个自定义的MembershipProvider验证对一个自定义的用户表。

I use FormsAuthentication, but I've added a custom MemberShipProvider to validate against a custom User Table.

包含用户数据的所有表有一个ID用户列，所以我需要为了保持用户ID，以present与他的数据的用户。

All tables containing "user data" have a idUser column, so I need to maintain the user id in order to present the user with his data.

previously我使用一个会话变量（ASP.NET网络表单），但我重写web应用到MVC，我想请教一下通常被认为是造成这种情况的最好的方法。

Previously I've used a session variable (ASP.NET Webform), but as I am rewriting the webapplication to MVC, I'd like to ask what is generally considered as the best approach for this.

时的会话变量仍持有ID用户的最佳场所，或者我应该添加自定义Current.User.Identity，这除了用户名还持有大众用户id？

Is session variable still the best place to hold the idUser, or should I add a custom "Current.User.Identity" which in addition to username also holds a public userId ??

或者我应该选择一个完全地不同的做法？

Or should I choose a completly different approach?

推荐答案

我有同样的问题，当我实施了MVC的自定义成员提供。最后我做了两件事。我存储用户的ID在的MembershipUser 对象的 ProviderUserKey 字段。见<一href=\"http://msdn.microsoft.com/en-us/library/system.web.security.membershipuser.provideruserkey.aspx\"相对=nofollow> provideruserkey 。然后回答你的问题，是我创建从System.Web.Security.IPrincipal定制的校长，虽然我后来从继承 System.Web.Security.RolePrincipal ，而不是因为我想对于角色的支持。

I had the same question when I implemented a custom membership provider for MVC. I ended up doing two things. I store the user's Id in the ProviderUserKey field of the MembershipUser object. See provideruserkey. Then to answer your question, yes I created a custom principal from System.Web.Security.IPrincipal, though I later inherited from System.Web.Security.RolePrincipal instead since I wanted support for Roles.

public class MyPrincipal : RolePrincipal
{
    public Guid Id { get; set; }

    public MyPrincipal(string providerName, IIdentity identity, Guid id) : base(identity)
    {
        Id = id;
    }
}

更新：我不想在我的情况下使用会话的原因是因为我已经停用​​了该应用程序。我读过MVC背后的核心理念是关注的分离，这是密切模型在网络的工作方式，这是无状态的。虽然我不记得在那里我读到现在，我试图记住。不过，我还记得读，如果你能消除会话时应该这样做。它将允许IIS来提供从应用中的并发请求，而不是等待一个请求完成（并释放该用户的会话）的下一个请求可以使用会话，并发送它的响应之前。其中最大的影响就是使用Ajax加载页面内容。

Update: The reason I didn't want to use session in my case is because I've disabled it for the app. I've read that the core concept behind MVC is that separation of concerns, and that is closely models the way the web works, which is stateless. Though I can't remember where I read that now that I try to remember. However I do remember also reading that if you can eliminate the session you should do so. It will allow IIS to serve up simultaneous requests from your app rather than having to wait for one request to finish (and release the user's session) before the next request can use the session and send it's response. The biggest impact of which is loading page content using Ajax.

这篇关于最佳做法，以保持一个用户ID（MVC）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！