在特殊类型的 Asp.Net Mvc 应用程序中持久化用户状态的最佳实践 [英] Best practice for persisting User State in special kind of Asp.Net Mvc application
问题描述
我会尽量解释我的情况和我想做什么.没有任何困难和罕见的情况,但我在互联网上找不到任何相关问题或文章.
I will try to explain my situation and what I wanted to do. There is not any difficult and rare situation, but I can't find any relative questions or articles in internet.
我在 ASP.NET MVC 5 上创建了一个 Web 应用程序.用户不会直接进入我的应用程序.用户将进入 CentralInformationSystem.com.然后他们必须以一种受支持的方式登录该网站.登录后,他们将看到一个应用程序列表.将有已允许签名用户使用的应用程序.其中一个应用程序将是我在 Asp.Net MVC 中开发的应用程序.
I have created a web application on ASP.NET MVC 5. Users are not going to enter my application directly. Users will enter let's say to CentralInformationSystem.com. Then they must login to this website one of supported ways. After signing in, they will see a list of applications. There will be applications which has been allowed to use for the signed user. One of this applications will be my application which has developed in Asp.Net MVC.
重点是我们的应用程序不会在其他标签页或当前标签页等中打开.我们的应用程序将在当前选项卡内的一个大 iframe 中打开.
And the main point is that our applications will not be opened in other tabs or in current tab and so on. Our application will be opened in a big iframe inside the current tab.
另一个重点是我们的应用程序和CentralInformationSystem.com属于其他域.
And other main point is our applications and CentralInformationSystem.com belong to other domains.
当然,另一个问题是,我现在如何才能哪个用户已经登录?答案是,CentralInformationSystem.com 将带有查询字符串的加密数据发送到我们的网站.例如,URL 将如下所示:
The other question of course is, how then I can now which user has signed in? And the answer is, CentralInformationSystem.com sends encrypted data with the query string to our web site. For example, the URL will look like that:
MyMvcApplication/Home/Index?Token=jkndid758adsai==qwdbqwiudhqwadoqidwqq=wqdiqw
MyMvcApplication/Home/Index?Token=jkndid758adsai==qwdbqwiudhqwadoqidwqq=wqdiqw
还要记住,他们总是会发送不同的令牌.
Also keep in mind that they will always sent different tokens.
然后,我将解密令牌并找到它属于哪个用户.还要记住,一个 Token 只能使用一次.
And after that, I will decrypt token and find to which user it belongs. Also keep in mind that, one Token can be used only once.
1.我的应用程序是什么类型的应用程序?
用户将输入非常大的表单.实际上可能需要将近 3-4 个小时.所以,我尝试了某种类型的向导逻辑.输入部分数据后,我将它们插入到数据库中,从数据库中获取标识符并将其存储在某个地方,然后将用户带到下一个级别等等.
User will enter very big form. It can actually take almost 3-4 hours. So, I have tried some-type of wizard logic. After entering some portion of datas, I will insert them to the database, get identifier from the database and store it somewhere and take the user to the next level and so on.
2.我想达到什么目标?
我想创建这样的逻辑,某些标识符变量值必须存储在永远不会过期的地方,直到用户关闭浏览器或退出.我不想将会话超时增加到 5-6 小时.
I want to create such logic that, some identifier variables values must be stored in such place that never must be expired till the user closes browser or signing out. I don't want to increase session timeout to 5-6 hours.
3.如果用户在多个标签页中打开我的应用程序怎么办?
除了 2 我还有一个问题,即用户可以在 iframe 中打开我的网站多个选项卡.我知道,在 Asp.net 中,我们可以为每个选项卡设置不同的会话.但是,我不想在会话中存储数据,因为用户可以在 20 分钟或 4 小时后停止填写表单.另外,我不能使用 cookie,因为所有标签的 cookie 都是相同的.
Alongside 2 I have also one problem, that user can open my website inside iframe more than one tab. I know that, in Asp.net we can differ session per each tab. But, I don't want to store datas in session, because user can stop filling forms after 20 minutes or 4 hours. Also, I cannot use cookie, because cookies will be same for all tabs.
我的另一个选择是,向所有视图注入带有加密值的隐藏输入.但是,我找不到如何将这些数据自动添加到每个视图中.此外,在我看来这不是最有效的方式.
My other option is, to inject hidden inputs with encrypted value to all views. But, I can't find how to automatically add these datas to each views. Also, it doesn't seem to me as most efficient way.
另一种逻辑是防止用户使用不同的令牌在多个选项卡中打开同一个应用程序.但是,不知道如何实现这一点.
The other logic is to prevent user to open same application in more than one tab with differen tokens. But, don't how to achieve this also.
附加:
我已经阅读了几乎所有的文章和问题/答案.我知道如何让它发挥作用.但是,我想要最好的方法.我的两种方法都没有效率.
I have read almost all articles and questions/answers. I know how to make it work. But, I want the best approach. Neither of my approaches are efficient.
推荐答案
使用您自己的持久会话概念,持久会话由页面上的隐藏输入标识并且不会过期,或者至少不会过期很长时间时间.让所有控制器都派生自一个基本控制器,并在结果是 ViewResult 时使用 OnActionExecuted 将会话键"添加到 ViewBag(部分视图或 JSON 等不需要它).然后每个页面都可以访问 ViewBag 并创建隐藏的输入 - 可能您想为此使用局部视图并简单地在每个页面上包含局部视图.将与此会话关联的数据存储在数据库中.
Use your own concept of a persistent session that is identified by a hidden input on the page and does not expire, or at least does not expire for a very long time. Have all of your controllers derive from a single base controller and use the OnActionExecuted to add the session "key" to the ViewBag when the result is a ViewResult (you won't need it for partial views or JSON, etc). Every page can then access the ViewBag and create the hidden input - probably you want to use a partial view for this and simply include the partial on every page. Store the data associated with this session in the database.
这篇关于在特殊类型的 Asp.Net Mvc 应用程序中持久化用户状态的最佳实践的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
