我正在调用一个服务,我需要在每次发出请求时传递用户的永久安全令牌。
为此,我已将此方法添加到我的基本控制器类:
protected UserData getUsr() { try { UserData usr = new UserData(); usr.SecurityToken = Session["secToken"].ToString(); MembershipUser mvcUser = Membership.GetUser(HttpContext.User.Identity.Name); usr.Id = (int)mvcUser.ProviderUserKey; return usr; } catch (Exception ex) { log.Debug("Could not create usr object", ex); throw new Exception("Could not authenticate"); } }这里的问题是,有时User.Identity数据会超出会话数据,导致用户看到他们登录但随后他们的请求失败时会发生奇怪的错误。
有没有更好的方法来存储此令牌/我可以存储它以便它会在User.Identity对象到期时到期吗?
此外,如果有人知道一些很好的基本理解示例/文档HttpContext和MVC授权过滤器将是伟大的。
I am calling a service, and I need to pass the user's permanent security token with every request I make.
In order to do that, I've added this method to my base controller class:
protected UserData getUsr() { try { UserData usr = new UserData(); usr.SecurityToken = Session["secToken"].ToString(); MembershipUser mvcUser = Membership.GetUser(HttpContext.User.Identity.Name); usr.Id = (int)mvcUser.ProviderUserKey; return usr; } catch (Exception ex) { log.Debug("Could not create usr object", ex); throw new Exception("Could not authenticate"); } }This issue here is that sometimes the User.Identity data out-lasts the session data, causing weird bugs to happen with the user seeing they are logged in but then their requests failing.
Is there a better way to store this token/can I store it in such a way that it will expire whenever the User.Identity object expires?
Also, if anyone knows of some good basic understanding examples/documentation for HttpContext and MVC authorize filters that would be great.
最满意答案
我会去表单身份验证cookie本身存储用户的安全令牌。 FormsAuthenticationTicket类包含UserData属性,您可以在其中包含附加信息。
UserData属性中指定的值作为身份验证票证cookie的一部分包含在内,并且与其他票证字段一样,根据表单身份验证系统的配置进行加密和验证。
这篇文章描述了如何将其他信息存储到表单身份验证cookie。
这是一篇很重要的文章,解释了将更多数据存储到表单身份验证中。 cookie以及如何阅读它。 代码是用VB编写的,格式不正确。 您必须向下滚动到第4步:在故障单中存储其他用户数据 。
该主题将为您提供如何从cookie中读取UserData的快速答案。
我会去创建一个自定义的ValueProvider就像这里描述的那样,它将从auth中读取安全令牌。 cookie和动作参数的提要。
I would go for storing the security token of the user in the forms authentication cookie itself. The FormsAuthenticationTicket class contains an UserData property where you can include your additional information.
The value specified in the UserData property is included as part of the authentication ticket cookie and, like the other ticket fields, is encrypted and validated based on the forms authentication system's configuration.
Here is an article that described how you can store additional information to the forms authentication cookie.
This is a big article that explains much about storing additional data into the forms auth. cookie and how you could read it. The code is written in VB and not well formatted. You have to scroll down to the Step 4: Storing Additional User Data in the Ticket.
This thread will give you a quick answer how you could read the UserData from the cookie.
I would go for creating a custom ValueProvider like the one described here that will read the security token from the auth. cookie and feed to the action parameters.
更多推荐
发布评论