ASP.Net分阶段升级网站
[英]ASP.Net Upgrading a Web Site in a phased approach
问题描述
Simply I want to move development to .Net Core and Angular. 
我只是想将开发转移到.Net Core和Angular。
We have a legacy web site project written in C# ASP.Net application, functionally it meets the business needs, performance is good and it runs on the latest technologies. 我们有一个用C#ASP.Net应用程序编写的旧网站项目,在功能上它可以满足业务需求,性能良好,并且可以在最新技术上运行。 That said it is difficult to work with it, making changes takes time , it really needs an overhaul in the business layer , DAL needs to move to (EF) and want to move to a new GUI framework. 那就是说很难使用它,进行更改需要时间,它确实需要对业务层进行大修,DAL需要迁移到(EF)并想迁移到新的GUI框架。 These changes are all to improve quality, developer productivity, ultimately accelerate releases. 这些变化都是为了提高质量,提高开发人员的生产力,并最终加速发布。
We have set of new features that need to be implemented, they are almost standalone "bolt-ons", ideal to develop as a separate site, but we need to use existing login details and session details, to make the user experience seamless. 我们具有一组需要实现的新功能,它们几乎是独立的“螺栓连接”,非常适合作为单独的站点进行开发,但是我们需要使用现有的登录详细信息和会话详细信息,以实现无缝的用户体验。 The goal is write new functionality in the "new world" and then re-write legacy pages in chunks. 目标是在“新世界”中编写新功能,然后按块重新编写旧页面。
This must be a common and obvious problem but research on how to achieve this have been fruitless. 这肯定是一个普遍且显而易见的问题,但是如何实现这一目标的研究却没有成果。
The question really is how to dynamically share session data between sites. 问题实际上是如何在站点之间动态共享会话数据。
1 个解决方案
解决方案1
1 2018-08-14 17:13:27
It sounds like you're currently keeping your session in data in memory. 听起来您当前正在将会话保存在内存中的数据中。 The standard way to get around this is to move your session state out of memory and into something like SQL Server, MongoDB, Redis, etc so that both applications can access the shared state. 解决此问题的标准方法是将会话状态移出内存,并移至SQL Server,MongoDB,Redis等中,以便两个应用程序都可以访问共享状态。
Update 更新
Now we're getting to the crux of the problem. 现在,我们要解决问题的症结所在。 If you're depending on data that's stored in fields / hidden fields, you might already have a security problem (it's hard to say without knowing more about your implementation). 如果您依赖于存储在字段/隐藏字段中的数据,则可能已经存在安全性问题(很难在不了解实现的情况下很难说)。
I'm guessing that the question you're trying to ask is, "How do I securely navigate from the legacy system to the new system (and vice-versa)". 我猜想您要问的问题是:“如何安全地从旧系统导航到新系统(反之亦然)”。 There are a couple of possible strategies here: 这里有两种可能的策略:
- The first solution that comes to mind is an SSO (Single Sign On) approach. 我想到的第一个解决方案是SSO(单一登录)方法。 This is where you pass an opaque token from one system to the other that identifies the current user. 在这里,您可以从一个系统向另一个系统传递不透明令牌,以标识当前用户。
- If you've able to serve the old/new applications from the same hostname you can use cookies to to store a user token of some sort. 如果您能够使用相同的主机名提供旧/新应用程序的服务,则可以使用Cookie来存储某种形式的用户令牌。
Notes: 笔记:
- Don't pass something like a plain text user id being passed in the url. 请勿传递类似在网址中传递的纯文本用户ID的信息。
- The SSO token should be something completely separate from the user id (could be a guid that refers to a record in a shared database for example). SSO令牌应该与用户ID完全分开(例如,可以是引用共享数据库中记录的GUID)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.