在特殊的Asp.Net MVC应用程序的持续用户状态的最佳实践 [英] Best practice for persisting User State in special kind of Asp.Net Mvc application
问题描述
我将试图解释我的情况和我想做的事。没有任何困难和罕见的情况,但我找不到任何互联网相关问题或文章。
I will try to explain my situation and what I wanted to do. There is not any difficult and rare situation, but I can't find any relative questions or articles in internet.
我建立了 ASP.NET MVC 5 的Web应用程序。用户不会直接进入我的申请。用户将进入我们为 CentralInformationSystem.com 说。然后,他们必须登录到这个网站的支持方式之一。登录后,他们将看到的应用程序列表。会有这已经被允许用于签名的用户的应用程序。这其中一个应用程序将是已在 Asp.Net MVC 。
I have created a web application on ASP.NET MVC 5. Users are not going to enter my application directly. Users will enter let's say to CentralInformationSystem.com. Then they must login to this website one of supported ways. After signing in, they will see a list of applications. There will be applications which has been allowed to use for the signed user. One of this applications will be my application which has developed in Asp.Net MVC.
和主要的一点是,我们的应用程序不会在其他选项卡或当前选项卡中打开等等。我们的应用程序将在当前标签内的一个大的iframe中打开。
And the main point is that our applications will not be opened in other tabs or in current tab and so on. Our application will be opened in a big iframe inside the current tab.
和其他主要的一点是我们的应用程序和 CentralInformationSystem.com 属于其他领域。
And other main point is our applications and CentralInformationSystem.com belong to other domains.
当然,另一个问题是,我怎能现在的哪些用户已的签名吗?答案是, CentralInformationSystem.com 通过查询字符串来我们的网站发送加密数据。例如,URL会看起来像:
The other question of course is, how then I can now which user has signed in? And the answer is, CentralInformationSystem.com sends encrypted data with the query string to our web site. For example, the URL will look like that:
MyMvcApplication /首页/指数?令牌= jkndid758adsai == qwdbqwiudhqwadoqidwqq = wqdiqw
MyMvcApplication/Home/Index?Token=jkndid758adsai==qwdbqwiudhqwadoqidwqq=wqdiqw
也请记住,他们将始终发送不同的令牌。
Also keep in mind that they will always sent different tokens.
在这之后,我将解密令牌,并发现它属于哪个用户。也请记住,一个令牌可以只能使用一次。
And after that, I will decrypt token and find to which user it belongs. Also keep in mind that, one Token can be used only once.
1。什么类型的应用程序是我的应用程序?的
1. What type of application is my application?
用户将进入非常大的表格。实际上,它几乎可以把3-4小时。所以,我尝试了一些类型的向导逻辑。进入DATAS的某些部分之后,我把它们插入到数据库中,从数据库中获取标识符,并存储在某个地方,并采取用户到一个新的水平等。
User will enter very big form. It can actually take almost 3-4 hours. So, I have tried some-type of wizard logic. After entering some portion of datas, I will insert them to the database, get identifier from the database and store it somewhere and take the user to the next level and so on.
2。我想要什么来实现?的
2. What I want to achieve?
我要创建这样的逻辑是,一些标识变量的值必须存储在这样的地方从来没有,直到用户关闭浏览器或注销必须到期。我不想增加会话超时为5-6小时。
I want to create such logic that, some identifier variables values must be stored in such place that never must be expired till the user closes browser or signing out. I don't want to increase session timeout to 5-6 hours.
3。如果用户在多个选项卡中打开我的应用程序?的
3. What if user opens my application in more than one tab?
除了2我也有一个问题,即用户可以打开我的网站,里面的iframe多个选项卡。我知道,在 Asp.net 我们可以按每个标签不同会话。但是,我不希望存储在会话DATAS,因为用户可以停止20分钟,4小时后填写表格。另外,我无法使用cookie时,因为饼干都是一样的所有选项卡。
Alongside 2 I have also one problem, that user can open my website inside iframe more than one tab. I know that, in Asp.net we can differ session per each tab. But, I don't want to store datas in session, because user can stop filling forms after 20 minutes or 4 hours. Also, I cannot use cookie, because cookies will be same for all tabs.
我的另一种选择是,用加密值各方意见注入隐藏的输入。但是,我找不到如何将这些DATAS自动添加到每个意见。此外,它似乎并不把我当作最有效的方式。
My other option is, to inject hidden inputs with encrypted value to all views. But, I can't find how to automatically add these datas to each views. Also, it doesn't seem to me as most efficient way.
另一个逻辑是prevent用户在differen令牌多个选项卡中打开同一个应用程序。但是,不要怎么也做到这一点。
The other logic is to prevent user to open same application in more than one tab with differen tokens. But, don't how to achieve this also.
其他:的
Additional:
我看了几乎所有的文章和问题/解答。我知道如何使它发挥作用。但是,我想最好的办法。无论是我的方法是有效的。
I have read almost all articles and questions/answers. I know how to make it work. But, I want the best approach. Neither of my approaches are efficient.
推荐答案
使用自己由页面上的隐藏输入识别并不会过期,或者至少没有到期了很长的持久性会话的概念时间。有你的控制器,从单一的基本控制器获得并使用OnActionExecuted到会话钥匙添加到ViewBag时,结果是一个的ViewResult(你不会需要它的部分观点或JSON等)。然后每个页面可以访问ViewBag并创建隐藏的输入 - 也许你想用这个局部视图,只是包括在每一页上的部分。存储与此会话数据库相关的数据。
Use your own concept of a persistent session that is identified by a hidden input on the page and does not expire, or at least does not expire for a very long time. Have all of your controllers derive from a single base controller and use the OnActionExecuted to add the session "key" to the ViewBag when the result is a ViewResult (you won't need it for partial views or JSON, etc). Every page can then access the ViewBag and create the hidden input - probably you want to use a partial view for this and simply include the partial on every page. Store the data associated with this session in the database.
这篇关于在特殊的Asp.Net MVC应用程序的持续用户状态的最佳实践的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
