如何在MVC中永久保留已登录的用户? [英] How do I persist logged in user in MVC?

问题描述

我正在建立我的第一个MVC网站，我刚刚实现了一个安全控制器和视图.

I'm setting up my first MVC site and I just implemented a security controller and views.

但是，我不了解的是如何在控制器之间持久保存已登录的用户数据.

However what I don't understand is how I can persist the logged in user data across my controllers.

例如，用户使用电子邮件/密码登录.然后，我可以验证电子邮件和密码是否匹配，然后执行以下操作:

For example the user logs in with email/password. I can then verify that the email and passwords match and I do the following:

FormsAuthentication.SetAuthCookie(userLogin.UserName, false);
return View("../Home/Index");

例如，现在我要在索引"视图中显示仅用户可以看到的数据.

Now say for example I want in the Index view to present data that only a user can see.

我有一个表格设置，但是它是基于user_id的.

I have a table setup but it's based on the user_id.

我可以在他们登录时保存user_id还是我已经可以使用某些东西来访问他们的电子邮件(用户)?(然后，如有必要，我可以通过电子邮件查找ID)

Can I either save the user_id when they login or is there something already available to me to access their email(user)? (I could then look up the id via the email if necessary)

我的MVC已设置为进行表单身份验证:

My MVC is setup for Forms authentication:

<authentication mode="Forms">
  <forms loginUrl="~/Security/Login" timeout="2880" />
</authentication>

然后我用"[Authorize]"注解装饰了控制器.

and I decorated the controllers with the "[Authorize]" annotation.

推荐答案

FormsAuthentication.SetAuthCookie(userLogin.UserName, false);

上面的代码只是在cookie中设置身份验证票证.

Above code just sets authentication ticket inside cookie.

经过身份验证的用户发送请求后，您仍然需要从cookie中检索身份验证票证，并创建一个Principal对象.

Once authenticated user sends a request, you still need to retrieve auth ticket from cookie, and create a Principal object.

void Application_AuthenticateRequest(object sender, EventArgs e)
{
   HttpCookie decryptedCookie = 
      Context.Request.Cookies[FormsAuthentication.FormsCookieName];

   FormsAuthenticationTicket ticket = 
      FormsAuthentication.Decrypt(decryptedCookie.Value);

   var identity = new GenericIdentity(ticket.Name);
   var principal = new GenericPrincipal(identity, null);

   HttpContext.Current.User = principal;
   Thread.CurrentPrincipal =HttpContext.Current.User;
}

用法

if (User.Identity.IsAuthenticated) {
   var username = User.Identity.Name;
}

这篇关于如何在MVC中永久保留已登录的用户?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！