Reputation: 255005
Authenticating model - best practices
I come into ASP.NET from php so the reason why i ask my question is because it's totally different nature of how application works and handles requests.
well, i have an exists table with user creditians, such as: id, login, password (sha hashed), email, phone, room
i have built custom membership provider so it can handle my own database authentication schema.
and now i'm confused, because User.Identity.Name contains only user's login, but not the complete object (i'm using linq2sql to communicate with database and i need in it's User object to work).
at php applications i just store user object at some static method at Auth class (or some another), but here at ASP.NET MVC i cannot do this, because static member is shared across all requests and permanent, and not lives within only current request (as it was at php).
so my question is: how and where should i retrieve and store linq2sql user object to work with it within current and only current request? (after request processed successfully i expect it will be disposed from memory and on next request will be created again).
or i'm following totally wrong way?
Upvotes: 0
Views: 112
Answers (2)
Reputation:
I'd suggest creating a custom IPrincipal and IIdentity classes which also can interact with your membership provider and set those on the Thread. That way identity travels with execution, which is how it normally works.
This article over at MSDN describes the process fairly well.
Upvotes: 0
Reputation: 12211
If you've implemented the MembershipProvider then you know that it has a GetUser method, that gets a MembershipUser object based on a username.
In any page in your project, if you run Membership.GetUser() it will run the GetUser(username) method in the currently enabled authentication provider. In a simple basic solution this call will go to the db and get the user details every time you access it.
What I've done in my project is store the current user in the Session variable. This way the current browser session for this user will store the user object. It's simple, and it's good, because ASP.NET authentication is based on the current session.
One thing to note - every time the user logs out you should clear that session variable. In my case I use Session.Abandon() just to make sure. Other than that - this is the approach I've used so far and it works great!
Upvotes: 1
Related Questions
- Better way for authentication in asp.net mvc
- Authentication and Authorization in MVC
- Authentication in MVC 3: Which way to roll
- Forms or Basic Authentication
- MVC: proper authentication
- MVC authentication and authorization
- best practice for accessing authentication/authorization info from within model/ViewModel?
- How to handle authentication/authorisation in a web application
- How should I do authentication in a ASP.Net MVC site?
- How should I handle Authorization/Authentication in my Asp.net MVC app?