开发者

Where should i store "MemberID"?

问答 作者:

In my webpage i use FormsAuthentication

FormsAuthentication.RedirectFromLoginPage(VisitorEmail, False)

Eve开发者_高级运维ry time the visitor gets authenticated via the login page, i set the

Session("MemberID") = GetMemberIDByEmail(VisitorEmail) for later processing.

Since i need both MemberID and VisitorEmail.

But something tells me that this is "out of the book" and not "by the book".

So am i doing something WRONG or BAD here?

Sorry, I'm not sure exactly what you are trying to do from your description, but there's no need to store the MemberID in session state. Whenever you need it, just call:

Membership.GetUser.ProviderUserKey

Note: Its not really considered good form to store information in Session state as this could be lost e.g. if the web server resets - which it does periodically, or if the site needs to recompile. Also, its not very scalable as each "active" user will use up memory and also if you ever need to move to a web farm session state can cause issues as it will be different on each web server.

Prob OK for a little, quick site though ;-)

It's fine to use Session to cache this type of info, but remember to reassign it when the session expires in Global.asax:

void Session_Start(object sender, EventArgs e) 
{
    if(Request.IsAuthenticated) //to make sure the user has not logged out
        Session["MemberID"] = GetMemberIDByEmail(VisitorEmail);
}

You could create a custom principal class so you can add the additional properties. Then modify your Global.asax to override Application_PostAuthenticateRequest with your code and also set Context.User = Thread.CurrentPrincipal = myPrincipal;. Best is to always set Thread.CurrentPrincipal, but normally you can also get to your own properties elsewhere in your code using the more "convenient" Page.User or Context.User.

  • Context.User vs. Thread.CurrentPrincipal / why FormsAuthentication can be subtle
  • Set custom IIdentity or IPrincipal / Store user id in Principal or Identity?

Could you not switch the two around and store the member id in the form variable (since I assume the user is able to change there email address and not there member id)...

Dim memberId as Integer = GetMemberIDByEmail(VisitorEmail)
' assuming integer here and that a result is found etc etc

' set the form authentication stuff
FormsAuthentication.RedirectFromLoginPage(memberId, False)

And then you can always look up the email address from the memberId (caching it perhaps against the member id across requests)

Public Function GetMemberEmail(Byval memberId as Integer) As String

    Dim cacheKey as String = "member-email-" & memberId
    Dim email as String
    If Cache.Item(cacheKey) is Nothing Then
        email = GetMemberEmailByID(memberId)
        Cache.Insert(cacheKey, email ...
    Else
        email = Cache.Item(cacheKey)
    End If
    return email

End Function

If you need both pieces of information, and the Id is less likely to change, it would seem the better value to be used for your forms authentication....and you can always look up the email address from the value.

继续阅读:asp.net

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9