开发者

ASP.Net MVC Store User Entity In Session

问答 作者:

I am developing an ASP.Net MVC 3 Web application with Entity Framework 4. When a user logs into my application I would like to store their user entity (firstName, lastName etc) in a session which can then be access throughout the application.

I understand that this may not be a good idea because when the ObjectContext closes/ disposes, then the User entity is detached and the user details could be lost.

I thought another method could be, when the user logs in, assign the userID (Primary Key) to a session variable, ie:

HttpContext.Current.Session["currentUserID"] = user.userID;

Then create a class in the UserService class like so:

public static User CurrentUser
    {

        get
        {
            return Data.DBEntities.Users.Where(u => u.userID == HttpContext.Current.Session["currentUserID"]).FirstOrDefault()开发者_如何学运维;
        }

    }

Which should return a User Entity based on the currentUserID session variable. This isn't working for me however, I am getting a couple of errors

Cannot convert lambda expression to type 'string' because it is not a delegate type
Delegate 'System.Func<Asset.Model.User,int,bool>' does not take 1 arguments

Is this approach I am taking correct, or is there a better way?

Any feedback would be much appreciated.

First, don't store security-sensitive information in Session. Google "ASP.NET Session hijacking" for info as to why.

That said, this code can be made to work. You just have a cast error. Also, You're not accounting for the fact that Session can and does expire during a login. You could do this:

public static User CurrentUser
{
    get
    {
        object userID = HttpContext.Current.Session["currentUserID"];
        if (userID == null)
        {
            throw new InvalidOperationException("Oops!");
        }
        return Data.DBEntities.Users.Where(u => u.userID == (int)userId ).FirstOrDefault();
    }
}

...which at least compiles, but isn't secure and sometimes throws.

It would be better to store the user ID on a custom principal, which is secure and doesn't expire.

You can store whole entity in Session. It will be detached but it doesn't mean that it will lost values - only in case of lazy loading you will not be able to lazy load navigation properties.

In your current code try to get your currentUserId to temporary variable and use that variable in your query.

继续阅读:asp.net-mvc-3entityentity-framework-4session-variables

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9