混合Windows身份验证与SQL Server自定义身份验证MVC3 [英] Mixing Windows Authentication with SQL Server Custom Authentication MVC3

问题描述

我想验证的基础上User.Identity.Name用户，并从样作用和最后的loggedIn日期等的SQL Server数据库中的其他细节。

登录后，我应该授权后续调用相同的用户没有击中数据库。

不过我打，并在初始登录加载用户信息和我存储在会话。

下面是我的SQL表

ApplicationUser

• 用户ID - >窗户存放在这里的身份名称映射


• 显示名称


• 角色ID


• LastLoginDate


• IsActive

登录控制器逻辑

 公众的ActionResult登录（）
{
 字符串userid = User.Identity.Name;
    用户id = userId.Substring（userId.IndexOf（@\\）+ 1）;
    VAR键=角色。 +用户id;
    VAR角色= HttpContext.Cache [关键]
    如果（角色== NULL）
    {
        用户的用户= AdminService.SelectUser（用户ID）;
        角色=新的String [] {} user.Role.RoleName;
        HttpContext.Cache.Add（键，角色，空，
            DateTime.Now.AddMinutes（HttpContext.Session.Timeout）
            Cache.NoSlidingExpiration）;        HttpContext.User中= = Thread.CurrentPrincipal中新
                    的GenericPrincipal（User.Identity，角色）;
        HttpContext.Session [与loggedInUser] =用户;
    }
}
 

此外，我有以下code授权每个requestin MVC3用户

 无效MvcApplication_PostAuthenticateRequest（对象发件人，EventArgs的发送）
{
如果（User.Identity.IsAuthenticated）
{
    字符串userid = User.Identity.Name;
    用户id = userId.Substring（userId.IndexOf（@\\）+ 1）;
    VAR键=角色。 +用户id;
    VAR角色= HttpContext.Cache [关键]
    如果（角色！= NULL）
    {
        HttpContext.Current.User =
            = Thread.CurrentPrincipal中
                新的GenericPrincipal（User.Identity，角色）;
    }
}
}
 

不过，我建议改变这个上面的逻辑，我得到的一个问题，同时访问存储在一个会话的用户对象。我不知道为什么它是这样的。

做任何一件有其他可能的code /逻辑做上述混合身份验证？

编辑：我在访问得到错误HttpContext.Session [与loggedInUser]在其他一些控制器方法

解决方案

  

因为我得到的一个问题，同时访问存储在一个会话的用户对象。

您不能存储在会话中的信息。您在缓存存放。那是你的问题。缓存是应用程序的所有用户之间共享。因此，而不是使用 HttpContext.Cache 您可以使用 HttpContext.Session 。

另外，使用会话和缓存可以存储thisinformation因为我有说明

I would like authenticate the user based on User.Identity.Name and get the other detail from SQL Server database like Role and last loggedin date, etc.

After login i should authorize the same user for subsequent calls without hitting database.

However i hit and load the user information at initial login and i stored in session.

Here is my SQL Table

ApplicationUser

• UserId -> windows identity name mapping stored here
• Display Name
• RoleId
• LastLoginDate
• IsActive

Login Controller logic

public ActionResult Login()
{
 string userId = User.Identity.Name;
    userId = userId.Substring(userId.IndexOf(@"\") + 1);
    var key = "Roles." + userId;
    var roles = HttpContext.Cache[key]
    if (roles == null)
    {
        User user = AdminService.SelectUser(userId);
        roles = new string[] { user.Role.RoleName };
        HttpContext.Cache.Add(key, roles, null,
            DateTime.Now.AddMinutes(HttpContext.Session.Timeout),
            Cache.NoSlidingExpiration);

        HttpContext.User = Thread.CurrentPrincipal = new
                    GenericPrincipal(User.Identity, roles);
        HttpContext.Session["LoggedInUser"] = user;
    }
}

Also i have the below code to authorize a user on each requestin MVC3

void MvcApplication_PostAuthenticateRequest(object sender, EventArgs e)
{
if (User.Identity.IsAuthenticated)
{
    string userId = User.Identity.Name;
    userId = userId.Substring(userId.IndexOf(@"\") + 1);
    var key = "Roles." + userId;
    var roles = HttpContext.Cache[key];
    if (roles != null)
    {
        HttpContext.Current.User =
            Thread.CurrentPrincipal =
                new GenericPrincipal(User.Identity, roles);
    }
}
}

But i advised to change this above logic, as i am getting an issue while accessing the User object stored in a session. I have no idea why it is like that.

Do any one have other possible code/logic to do the above mixed authentication?

Edit: I was getting error in accessing HttpContext.Session["LoggedInUser"] in some other controller method.

解决方案

as i am getting an issue while accessing the User object stored in a session.

You are not storing the info in a session. You are storing it in the Cache. That's your problem. The Cache is shared between all users of your application. So instead of using HttpContext.Cache you could use the HttpContext.Session.

Alternatively to using sessions and caches you could store thisinformation inside the UserData portion of the forms authentication cookie as I have illustrated in this post.

这篇关于混合Windows身份验证与SQL Server自定义身份验证MVC3的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！