开发者

Preferred method for persist session token on the server with RIA Services?

I'm using an AuthenticationService derived from AuthenticationBase in the standard business application template for RIA Services and using Forms authentication. I have my own CustomPrincipal that is created by my security infrastructure that I assign to Thread.CurrentPrincipal, so that it can be used by other service calls:


protected override bool ValidateUser(string userName, string password)
{
    try
    {
        using (LoginService service = new LoginService())
        {
            SessionInfo info = service.Login(userName, password);
            Thread.CurrentPrincipal = info.User;
            SessionCache.Instance.Save(info);
        }
     }
     catch (Exception e)
     {
        return false;
     }   
}

I've discovered, however, when other (non-authentication) RIA services are called, the Thread.CurrentPrincipal is reset to a GenericPrincipal object, so upon initialization of the other services, I override the Initialize() method of the domain service 开发者_StackOverflow中文版and set Thread.CurrentPrincipal by looking up the login in a session cache:


public override void Initialize(DomainServiceContext context)
{
    base.Initialize(context);
    if (context.User.Identity.IsAuthenticated)
    {
        SessionInfo info = SessionCache.Instance.FindByUsername(context.User.Identity.Name);
        Thread.CurrentPrincipal = info.User;
    }
}

Right now this lookup is being done by Username, because it is easily accessible in the GenericPrincipal, but I'd prefer that I could do the lookup via a session token. Is there a method with RIA services to easily persist a session token on the server during the lifetime of the session? I know I could put this session token in a cookie in the browser to persist it, but it seems like there should be a simpler method to persist a session token across the lifetime of the session. Perhaps the cookie method is the best way to do this, but I just wanted to confirm.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜