MVC4简单成员资格何时会发生自动登录?
[英]MVC4 Simple Membership When Does Automatic Login Occur?
问题描述
I've got an application that's using the MVC4 Simple Membership provider. 
我有一个使用MVC4简单成员资格提供程序的应用程序。 I've added some code to the Login method that sets up some session information I need to deal with some security things. 我已经在Login方法中添加了一些代码,该代码设置了一些会话信息,这些信息是我处理某些安全事务所需的。
If I close the browser and come back to it, MVC still shows me logged in in the top left corner and the User.Username properties are still filled out, but the extra stuff I put in there, obviously, isn't. 如果我关闭浏览器并返回浏览器,MVC仍会显示我已在左上角登录,并且仍然填写了User.Username属性,但显然我没有放进去。
When or where does this "authentication" take place? 此“身份验证”何时或何地进行? I tried checking the request and user objects in the Application_Start in Global.asax, but they're still null when that runs. 我尝试在Global.asax的Application_Start中检查请求和用户对象,但运行时它们仍然为null。
Is there somewhere else in that authentication pipeline that I can override or call my method to extract the things I need that would be more appropriate? 在身份验证管道中是否还有其他地方可以覆盖或调用我的方法来提取我需要的东西,这会更合适?
Thanks! 谢谢!
1 个解决方案
解决方案1
1 已采纳 2013-07-13 18:05:44
"Remember me" functionality has nothing to do with Simple Membership, or any membership. “记住我”功能与简单会员资格或任何会员资格无关。 And no actual "login" occurs when using it. 使用它时,没有实际的“登录”发生。 It's a persistent cookie that is placed on the users system, and that cookie is read when a page is loaded. 它是放置在用户系统上的持久性cookie,并且在加载页面时会读取该cookie。 If it contains the correctly encrypted data, then the user is considered authenticated without having to go through Membership validation again. 如果它包含正确加密的数据,则认为用户已通过身份验证,而无需再次进行成员资格验证。
What you need to do depends on how you are doing it. 您需要做什么取决于您的工作方式。 If you're storing data in the session, this is bad regardless, because the session can be reset at any time, and session is not connected to authentication. 如果将数据存储在会话中,那么这很不好,因为可以随时重置会话,并且会话未连接到身份验证。 What you need to do, is check to see if the data you need is in the session, and if not, rebuild it. 您需要做的就是检查所需的数据是否在会话中,如果没有,请重新构建它。 This way it works when you come back later, or if your session is reset. 这样一来,当您稍后再回来时,或者如果您的会话被重置,它就可以工作。
Session probably shouldn't be used anyways, because it doesn't scale well. 无论如何都不应使用会话,因为它的伸缩性不好。 A better choice would be to hook into the OnAuthorization method of the Controller class and do what you need there, that way it's done on every page request regardless of what the session may or may not be. 更好的选择是挂接到Controller类的OnAuthorization方法并在那里执行您需要的操作,这样就可以在每个页面请求上完成该操作,而不管会话可能与否。
Another option is to create a custom AuthorizationFilter. 另一种选择是创建自定义AuthorizationFilter。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.