ASP.NET MVC 3使用认证 [英] ASP.NET MVC 3 using Authentication
问题描述
如何节省使用FormsAuthentication的东西吗?我不想通过网址来存储用户标识。
How can I save something using FormsAuthentication? I don't want to store UserId through URL's.
例如,现在我有这个code:
For example, now I have this code:
//UserController class:
[HttpPost]
public ActionResult LogOn(LogOnModel model, string returnUrl)
{
if (ModelState.IsValid)
{
if (repository.ValidateUser(model.Login, model.Password))
{
FormsAuthentication.SetAuthCookie(model.Login, model.RememberMe);
if (Url.IsLocalUrl(returnUrl))
{
return Redirect(returnUrl);
}
else
{
return RedirectToAction("Project", "Index");
}
}
else
{
ModelState.AddModelError("", "Incorrect name or password.");
}
}
return View(model);
}
ProjectController 类:
public ViewResult Index()
{
return View(repository.GetUserProjects(
this.ControllerContext.HttpContext.User.Identity.Name));
}
ProjectRepository :
ProjectsContext context = new ProjectsContext();
UsersContext uCnt = new UsersContext();
public IEnumerable<Project> GetUserProjects(String username)
{
if (String.IsNullOrEmpty(username))
throw new ArgumentNullException("username", "Login is empty");
return this.uCnt.Users
.FirstOrDefault(u => u.Login == username)
.Projects
.ToList();
}
ProjectController和ProjectRepository不样子好code ...也许有人可以给提醒,如何存储用户名不使用的URL?要做到这一点最好的办法就是节省autorisation的ID,我想。我没有发现任何User.Identity属性来做到这一点...
ProjectController and ProjectRepository don't looks like good code... Maybe someone can give advise, how to store UserID without using URL's? Best way to do this is save IDs on autorisation, I think. I don't found any properties in User.Identity to do this...
我乞求宽恕,但我忘了说,我使用MVC-3的Razor视图。
并且用户ID是不是一个字符串(User.Identity.Name是一个字符串),它可以GUID或也许我自己的对象...
I beg a pardon, but I forgot to say that I'm using MVC-3 with Razor view. And that UserId is not a string (User.Identity.Name is a string) it could be GUID or maybe my own object...
推荐答案
保存在FormsAuthentication票证的财产的UserData用户ID在授权cookie,当用户登录:
Save the UserID in the UserData property of the FormsAuthentication ticket in the authorization cookie when the user logs on:
string userData = userID.ToString();
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, user.Email,
DateTime.Now, DateTime.Now.AddMinutes(FormsAuthentication.Timeout.TotalMinutes),
createPersistentCookie, userData);
string hashedTicket = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, hashedTicket);
HttpContext.Current.Response.Cookies.Add(cookie);
您可以读回在Global.asax中PostAuthenticateRequest方式:
You can read it back in the PostAuthenticateRequest method in Global.asax:
HttpCookie formsCookie = Request.Cookies[FormsAuthentication.FormsCookieName];
if (formsCookie != null)
{
FormsAuthenticationTicket auth = FormsAuthentication.Decrypt(formsCookie.Value);
Guid userID = new Guid(auth.UserData);
var principal = new CustomPrincipal(Roles.Provider.Name, new GenericIdentity(auth.Name), userID);
Context.User = Thread.CurrentPrincipal = principal;
}
请注意,在这种情况下,从CustomPrincipal派生RolePrincipal(虽然如果你不使用的角色,我想你需要从的GenericPrincipal派生),并简单地增加了UserID属性和过载的构造。
Note that in this case, CustomPrincipal derives from RolePrincipal (although if you're not using Roles, I think you need to derive from GenericPrincipal), and simply adds the UserID property and overloads the constructor.
现在,只要您需要用户ID在你的应用程序,你可以这样做:
Now, wherever you need the UserID in your app, you can do this:
if(HttpContext.Current.Request.IsAuthenticated)
Guid userID = ((CustomPrincipal)HttpContext.Current.User).UserID;
这篇关于ASP.NET MVC 3使用认证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
