C# 使用表单身份验证获取当前用户 ID(不是名称)?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/16241298/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Getting the current user id (not name) using forms authentication?
提问by Stefan Steiger
Question:
题:
I'm playing around with forms authentication and my own custom membership provider.
我正在使用表单身份验证和我自己的自定义成员资格提供程序。
From what I see, I can get the current FormsIdentity by doing:
从我所见,我可以通过执行以下操作来获取当前的 FormsIdentity:
System.Web.Security.FormsIdentity veryFunny= (System.Web.Security.FormsIdentity)
System.Web.HttpContext.Current.User.Identity;
And I can get the current Membership user doing this:
我可以让当前的会员用户这样做:
var UserFromDb = System.Web.Security.Membership.GetUser();
And then I can get the userid by doing this:
然后我可以通过这样做来获取用户 ID:
var MyUserId = UserFromDb.ProviderUserKey;
What I find funny is that when I call Membership.GetUser(), then it calles this method in the membership provider
我觉得有趣的是,当我调用 Membership.GetUser() 时,它会在成员资格提供程序中调用此方法
public override MembershipUser GetUser(string username, bool userIsOnline)
Which looks up the user information in the database.
So what I figured is that the .NET framework internally does
它在数据库中查找用户信息。
所以我认为 .NET 框架在内部是这样做的
GetUser(System.Web.HttpContext.Current.User.Identity.Name, whatever);
which gets the user info from the database based on the USERNAME. I find this disturbing, first because it is bad for performance when I have to lookup an entire user just to get the userid.
它根据 USERNAME 从数据库中获取用户信息。我觉得这令人不安,首先是因为当我必须查找整个用户来获取用户 ID 时,这对性能不利。
Second, it's disturbing that i have to lookup the userid at all, because that's not what I would expect.
其次,令人不安的是我必须查找用户 ID,因为这不是我所期望的。
Third, it's disturbing, because the username can be changed in the course of the program, and it's nonsense to have the user having to logout and login to do that.
第三,它令人不安,因为用户名可以在程序运行过程中更改,让用户必须注销和登录才能这样做是无稽之谈。
Now, to me this design sounds like nonsense.
But then again, microsoft also uses application name, group name, and username as primary key, which also really does not make a lot of sense.
现在,对我来说,这种设计听起来像是无稽之谈。
不过话说回来,微软也用应用名、组名和用户名作为主键,这也确实没有多大意义。
So here my question:
Isn't there a way to get the user ID without a DB lookup ?
Or is the entire Membership provider idea just so broken by design ?
所以在这里我的问题
是:有没有办法在没有数据库查找的情况下获取用户 ID?
还是整个会员资格提供商的想法被设计破坏了?
If it is so broken:
I saw that FormsIdentity has a string property called userdata.
If so, how can I use ASP.NET to save the userid in there ?
如果它坏了:
我看到 FormsIdentity 有一个名为 userdata 的字符串属性。如果是这样,我如何使用 ASP.NET 将用户 ID 保存在那里?
采纳答案by Stefan Steiger
Yes, one can with a workaround from here.
One can set the UserId in the Auth cookie-Ticket UserData.
是的,可以从这里解决方法。
可以在Auth cookie-Ticket UserData中设置UserId。
public class UserData
{
public string FirstName { get; set; }
public UserData()
{
FirstName = "Unknown";
}
} // End Class UserData
public void SignIn(string userName, bool createPersistentCookie)
{
if (String.IsNullOrEmpty(userName))
throw new ArgumentException("Der Wert darf nicht NULL oder leer sein.", "userName");
UserData userData = new UserData();
SetAuthCookie(userName, createPersistentCookie, userData);
//FormsAuthentication.SetAuthCookie(userName, createPersistentCookie);
}
public void SetAuthCookie(string userName, bool createPersistentCookie, UserData userData)
{
HttpCookie cookie = FormsAuthentication.GetAuthCookie(userName, createPersistentCookie);
FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(cookie.Value);
FormsAuthenticationTicket newTicket = new FormsAuthenticationTicket(
ticket.Version, ticket.Name, ticket.IssueDate, ticket.Expiration
,ticket.IsPersistent, userData.ToJSON(), ticket.CookiePath
);
string encTicket = FormsAuthentication.Encrypt(newTicket);
cookie.Value = encTicket;
System.Web.HttpContext.Current.Response.Cookies.Add(cookie);
} // End Sub SetAuthCookie
Another possibility is to just use the UserId.ToString() as "name".
另一种可能性是仅使用 UserId.ToString() 作为“名称”。
