获取当前用户ID使用窗体身份验证(没有名字)? [英] Getting the current user id (not name) using forms authentication?
问题描述
问:
我在玩弄窗体身份验证和我自己的自定义成员提供。
I'm playing around with forms authentication and my own custom membership provider.
这是我所看到的,我可以通过执行获得当前FormsIdentity:
From what I see, I can get the current FormsIdentity by doing:
System.Web.Security.FormsIdentity veryFunny= (System.Web.Security.FormsIdentity)
System.Web.HttpContext.Current.User.Identity;
,我可以得到当前用户的成员这样做:
And I can get the current Membership user doing this:
var UserFromDb = System.Web.Security.Membership.GetUser();
然后我可以这样获得用户ID:
And then I can get the userid by doing this:
var MyUserId = UserFromDb.ProviderUserKey;
我觉得好笑的是,当我叫Membership.GetUser(),那么它卡列斯这种方法的成员资格提供
What I find funny is that when I call Membership.GetUser(), then it calles this method in the membership provider
public override MembershipUser GetUser(string username, bool userIsOnline)
其中查找在数据库中的用户信息。
所以我想通的是,.NET框架在内部确实
Which looks up the user information in the database.
So what I figured is that the .NET framework internally does
GetUser(System.Web.HttpContext.Current.User.Identity.Name, whatever);
这会从基于用户名数据库中的用户信息。
我觉得这是令人不安的,首先是因为它是坏的表现时,我不得不寻找一个整个用户只是为了让用户标识。
which gets the user info from the database based on the USERNAME. I find this disturbing, first because it is bad for performance when I have to lookup an entire user just to get the userid.
二,这是令人不安的是,我必须在所有查找的用户ID,因为这不是我所期望的那样。
Second, it's disturbing that i have to lookup the userid at all, because that's not what I would expect.
第三,这是令人不安的,因为用户名可以在程序的过程中被改变,这是废话,让用户不必注销并登录做到这一点。
Third, it's disturbing, because the username can be changed in the course of the program, and it's nonsense to have the user having to logout and login to do that.
现在,对我来说这样的设计听起来像废话。
但话又说回来,微软还使用应用程序名,组名和用户名作为主键,这也真的没有很大的意义。
Now, to me this design sounds like nonsense.
But then again, microsoft also uses application name, group name, and username as primary key, which also really does not make a lot of sense.
所以在这里我的问题:
是不是有办法获取用户ID就没有DB查询?
抑或是全体会员提供商的想法只是让设计打破?
So here my question:
Isn't there a way to get the user ID without a DB lookup ?
Or is the entire Membership provider idea just so broken by design ?
如果就这样破:
我看到FormsIdentity有一个叫做用户数据的字符串属性。
如果是这样,我该如何使用ASP.NET来保存用户ID在那里呢?
If it is so broken:
I saw that FormsIdentity has a string property called userdata.
If so, how can I use ASP.NET to save the userid in there ?
推荐答案
是的,人们可以从的此处。
人们可以设置用户标识的验证cookie的票务的UserData。
Yes, one can with a workaround from here.
One can set the UserId in the Auth cookie-Ticket UserData.
public class UserData
{
public string FirstName { get; set; }
public UserData()
{
FirstName = "Unknown";
}
} // End Class UserData
public void SignIn(string userName, bool createPersistentCookie)
{
if (String.IsNullOrEmpty(userName))
throw new ArgumentException("Der Wert darf nicht NULL oder leer sein.", "userName");
UserData userData = new UserData();
SetAuthCookie(userName, createPersistentCookie, userData);
//FormsAuthentication.SetAuthCookie(userName, createPersistentCookie);
}
public void SetAuthCookie(string userName, bool createPersistentCookie, UserData userData)
{
HttpCookie cookie = FormsAuthentication.GetAuthCookie(userName, createPersistentCookie);
FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(cookie.Value);
FormsAuthenticationTicket newTicket = new FormsAuthenticationTicket(
ticket.Version, ticket.Name, ticket.IssueDate, ticket.Expiration
,ticket.IsPersistent, userData.ToJSON(), ticket.CookiePath
);
string encTicket = FormsAuthentication.Encrypt(newTicket);
cookie.Value = encTicket;
System.Web.HttpContext.Current.Response.Cookies.Add(cookie);
} // End Sub SetAuthCookie
另一种可能性是只使用UserId.ToString()为名。
Another possibility is to just use the UserId.ToString() as "name".
这篇关于获取当前用户ID使用窗体身份验证(没有名字)?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
