All geek questions in one place

Best Practice for Maintaining User Identity (MVC)

I am using FormsAuthentication, but I have added a custom MemberShipProvider to check for a user user table.

All tables containing "user data" have an idUser column, so I need to maintain a user id to provide the user with data.

I used to use a session variable (ASP.NET Webform), but as I rewrite the web application in MVC, I would like to ask what is usually considered the best for this.

Is a session variable the best place to store idUser, or should I add a custom "Current.User.Identity", which in addition to the username also contains a public userId?

Or should I choose a completely different approach?

+6
source share
2 answers

I had the same question when I applied a custom membership provider for MVC. I ended up doing two things. I store the user ID in the ProviderUserKey field of the MembershipUser object. See provideruserkey . Then, to answer your question, yes, I created a custom principle from System.Web.Security.IPrincipal, although I later inherited from System.Web.Security.RolePrincipal because I need role support.

 public class MyPrincipal : RolePrincipal { public Guid Id { get; set; } public MyPrincipal(string providerName, IIdentity identity, Guid id) : base(identity) { Id = id; } }

Update: The reason I don't want to use the session in my case is because I disabled it for the application. I read that the main concept of MVC is the separation of problems, and this is closely related to how a website that is stateless works. Although I can’t remember where I read it now, when I try to remember. However, I also remember that if you can eliminate the session, you must do it. This will allow IIS to serve concurrent requests from your application, rather than waiting for one request to complete (and free a user session) before the next request can use the session and send its response. The biggest impact on this is loading page content using Ajax.

+3
source

Are your usernames unique? If so, there is no need to support UserId, as you can simply get the user by username.

My MVC projects implemented membership in much the same way as the traditional Web Forms application. I don’t think there is any reason to look at two differently if you are not trying to create a stateless REST application. How did you maintain your UserId in web forms? Session? Then use the session in MVC. There is no reason to reinvent the wheel.

Of course, if you have other reasons for the change, there are many ways to save the UserId. You can save it in UserData authentication cookie. You can also create your own authentication ticket that uses UserId as a key, not a username. You can even create a Custom Principal to store additional information.

You might want to view the form authentication configuration and advanced topics . This article describes how to save additional data (UserId) in an authentication ticket and create a user principal. Both methods would probably suit your requirements.

+3
source

Source: https://habr.com/ru/post/910545/

More articles:


All Articles