两人在MVC一步验证? [英] Two step authentication in MVC?
问题描述
我们已经有一个自定义的表单验证视图/控制器的MVC应用程序。控制器将核实的事情,然后做一个FormsAuthentication.RedirectFromLoginPage电话。
We have an MVC app which has a custom forms authentication view/controller. The controller will verify things and then do a FormsAuthentication.RedirectFromLoginPage call.
目前在Global.asax这一点上,我们会收到从那里我们会得到他们的Context.User信息Application_OnAuthenticateRequest电话,拨打另一个电话,收集有关该帐户,然后再把他们Context.User&放存储信息; System.Threading.Thread.CurrentPrincipal。我们也做的这些信息一点点的缓存,因为在我们的系统中检索我们需要的是昂贵导致缓存失效和放大器;这一信息重新检索。
At this point in the Global.asax we'll receive a Application_OnAuthenticateRequest call from where we'll get their Context.User information and make another call to gather information relevant to this account which we then store in their Context.User & System.Threading.Thread.CurrentPrincipal. We also do a little caching of this information since in our system retrieving what we need is expensive which leads to cache invalidation & re-retrieval of this information.
看来在这一点上,我们已经有了这些分离成单独的呼叫有点奇怪。我几乎想知道如果登录控制器不应该被收集的信息作为其认证检查的一部分,并存储起来。那么Application_OnAuthenticateRequest只能担心如果缓存需要被无效和用户的详细信息重新检索。
It seems a bit odd at this point that we've got these separated into separate calls. I'm almost wondering if the Login controller shouldn't be gathering the details as part of its authentication check and storing them. Then the Application_OnAuthenticateRequest can only worry about if the cache needs to be invalidated and the users details re-retrieved.
或许有处理这种一些其他的方式,我甚至不知道..?
Or maybe there is some other way of handling this I don't even know about..?
推荐答案
您可以做你的MVC想要通过利用 RedirectToRouteResult 和自定义缓存更新 ActionFilter 。这就是所谓的PRG(后重定向-GET)模式。你实际上已经这样做了,但它变得有点困惑,因为你正在做的是做事情的经典ASP.NET方式做事的方式MVC之间的交叉。没有什么不对您最初的方法(前提是它工作正常),而是做了同样的事情,并有它是如何工作中的事情你可以做类似的方案更多的控制和了解:
You can do what you want in MVC by leveraging RedirectToRouteResult and a custom cache updating ActionFilter. This is called the PRG (Post-Redirect-Get) pattern. You are actually already doing this, but it gets a little confused, because what you are doing is a cross between the classic ASP.NET way of doing things and the MVC way of doing things. There's nothing wrong with your initial approach (provided it is working correctly), but to do the same sort of thing and have more control and understanding of how it works in the scheme of things you could do something like:
public class AuthenticationController :Controller
{
[HttpPost]
public RedirectToRouteResult Login(string username, string password)
{
//authenticate user
//store authentication info in TempData like
bool authenticated = true|false; // do your testing
if(authenticated)
{
TempData["MustUpdateCache"] = true | false;
return RedirectToAction("LoginSuccess", new{userId = membershipUser.UserId});
}
else
{
TempData["MustUpdateCache"] = true | false;
return RedirectToAction("Login");
}
}
[HttpGet, UpdateCache]
public ActionResult LoginSuccess(Guid userId, string url)
{
HttpContext.User = LoadUser(userId);
return View();
}
[HttpGet, UpdateCache]
public ViewResult Login()
{
return View();
}
}
public class UpdateCacheAttribute:ActionFilterAttribute
{
public override void OnResultExecuting(ResultExecutingContext filterContext)
{
var tempData = filterContext.Controller.TempData;
if (tempData.ContainsKey("MustUpdateCache") && (bool)tempData["MustUpdateCache"])
{
UpdateCache(filterContext);
}
}
void UpdateCache(ControllerContext controllerContext)
{
//update your cache here
}
}
这篇关于两人在MVC一步验证?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
