MVC保存会话令牌 [英] MVC save a token in session

问题描述

我调用一个服务，我需要通过用户​​的永久安全令牌与我做每一个要求。

I am calling a service, and I need to pass the user's permanent security token with every request I make.

在为了做到这一点，我已经添加了这个方法我的基础类：

In order to do that, I've added this method to my base controller class:

protected UserData getUsr()
{
        try
        {
            UserData usr = new UserData();
            usr.SecurityToken = Session["secToken"].ToString();

            MembershipUser mvcUser = Membership.GetUser(HttpContext.User.Identity.Name);
            usr.Id = (int)mvcUser.ProviderUserKey;

            return usr;
        }
        catch (Exception ex)
        {
            log.Debug("Could not create usr object", ex);
            throw new Exception("Could not authenticate");
        }
    }

下面这个问题是，有时User.Identity数据出持续的会话数据，从而导致莫名其妙的错误与用户看到他们登录但他们的请求失败的情况发生。

This issue here is that sometimes the User.Identity data out-lasts the session data, causing weird bugs to happen with the user seeing they are logged in but then their requests failing.

有没有更好的方式来存储此令牌/可以在我店以这样的方式，每当User.Identity对象过期会失效？

Is there a better way to store this token/can I store it in such a way that it will expire whenever the User.Identity object expires?

此外，如果任何人的HttpContext和MVC授权过滤器的一些良好的基本理解的例子/文档的知道，这将是巨大的。

Also, if anyone knows of some good basic understanding examples/documentation for HttpContext and MVC authorize filters that would be great.

推荐答案

我会去存储在窗体身份验证cookie自身的用户的安全令牌。在的FormsAuthenticationTicket 类包含的UserData 属性，你可以包括你更多的信息。

I would go for storing the security token of the user in the forms authentication cookie itself. The FormsAuthenticationTicket class contains an UserData property where you can include your additional information.

在的UserData 属性指定的值是作为的一部分
  认证券cookie并像其他票领域，是
  加密和基于验证窗体身份验证系统
  配置。

The value specified in the UserData property is included as part of the authentication ticket cookie and, like the other ticket fields, is encrypted and validated based on the forms authentication system's configuration.

下面是描述的文章你怎么可以存储更多的信息向窗体身份验证cookie。

Here is an article that described how you can store additional information to the forms authentication cookie.

<一个href=\"http://www.asp.net/web-forms/tutorials/security/introduction/forms-authentication-configuration-and-advanced-topics-vb\"相对=nofollow>这是一个很大的文章，解释太多有关存储的其他数据到窗体身份验证。饼干，以及如何你可以读它。在code是用VB写和格式不正确。你必须向下滚动到的第四步：在机票附加存储用户数据的

This is a big article that explains much about storing additional data into the forms auth. cookie and how you could read it. The code is written in VB and not well formatted. You have to scroll down to the Step 4: Storing Additional User Data in the Ticket.

这<一个href=\"http://stackoverflow.com/questions/6059972/formsauthentication-userdata-lost-but-in-cookie\">thread会给你一个快速的解答你怎么可以从cookie阅读的UserData 。

This thread will give you a quick answer how you could read the UserData from the cookie.

我会去创建一个自定义 ValueProvider 像描述的的这里将读取从身份验证的安全令牌。饼干和饲料的动作参数。

I would go for creating a custom ValueProvider like the one described here that will read the security token from the auth. cookie and feed to the action parameters.

这篇关于MVC保存会话令牌的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！