适用于非常大的应用程序的ASP.NET自定义成员
[英]ASP.NET Custom Membership Provider for very large application
问题描述
I have to come up with a membership solution for a very large website. 
我必须为一个非常大的网站提供会员解决方案。 The site will be built using ASP.NET MVC 2 and a MS SQL2008 database. 该站点将使用ASP.NET MVC 2和MS SQL2008数据库构建。
The current Membership provider seems like a BIG overkill, there's way too much functionality. 目前的会员提供商看起来似乎有点过分,功能太多了。
All I want to store is email/password and basic profile information such as First/LastName, Phone number. 我要存储的只是电子邮件/密码和基本个人资料信息,例如First / LastName,电话号码。 I will only ever need 2 roles, administrators & users. 我只需要2个角色,管理员和用户。
What are your recommendations on this type of scenario, considering there might be millions of users registered? 考虑到可能有数百万用户注册,您对此类情景有何建议? What does StackOverflow use? StackOverflow使用什么?
I've used the existing Membership API a lot in the past and have extended it to store additional information etc. But there's tables such as 我过去经常使用现有的会员API,并将其扩展到存储其他信息等。但是有表格如
aspnet_Applications
aspnet_Paths
aspnet_SchemaVersions
aspnet_WebEvent_Events
aspnet_PersonalizationAllUsers
aspnet_PersonalizationPerUser
which are extremely redundant and I've never found use for. 这是非常多余的,我从来没有找到用途。
Edit 编辑
Just to clarify a few other redundancies after @drachenstern's answer, there are also extra columns which I have no use for in the Membership/Users table, but which would add to the payload of each select/insert statements. 为了澄清@drachenstern回答后的一些其他冗余,还有一些额外的列,我在Membership / Users表中没有用,但是会添加到每个select / insert语句的有效负载中。
- MobilePIN MobilePIN
- PasswordQuestion/PasswordAnswer (I'll do email based password recovery) PasswordQuestion / PasswordAnswer (我会做基于电子邮件的密码恢复)
- IsApproved (user will always be approved) 已批准(用户将始终获得批准)
- Comment 评论
- MobileAlias MobileAlias
- Username/LoweredUsername (or Email/LoweredEmail) [email IS the username so only need 1 of these] 用户名/ LoweredUsername (或Email / LoweredEmail) [email是用户名,因此只需要其中的1个]
Furthermore, I've heard that GUID's aren't all that fast, and would prefer to have integers instead (like Facebook does) which would also be publicly exposed. 此外,我听说GUID并不是那么快,而且更愿意使用整数(就像Facebook那样),这也是公开曝光的。
How do I go about creating my own Membership Provider , re-using some of the Membership APIs (validation, password encryption, login cookie, etc) but only with tables that meet my requirements? 我如何创建自己的成员资格提供程序 ,重新使用一些成员资格API (验证,密码加密,登录cookie等),但只能使用符合我要求的表格?
Links to articles and existing implementations are most welcome, my Google searches have returned some very basic examples. 我们非常欢迎链接到文章和现有实施,我的谷歌搜索返回了一些非常基本的例子。
Thanks in advance 提前致谢
Marko 马尔科
3 个解决方案
解决方案1
13 已采纳 2010-11-14 05:56:51
@Marko I can certainly understand that the standard membership system may contain more functionality than you need, but the truth is that it really isn't going to matter. @Marko我当然可以理解标准会员制可能包含比你需要的功能更多的功能,但事实是它确实不重要。 There are parts of the membership system that you aren't going to use just like there are parts of .Net that you aren't going to use. 您不会使用会员系统的某些部分,就像您将不会使用的部分.Net一样。 There are plenty of things that .Net can do that you are never, ever going to use, but you aren't going to go through .Net and strip out that functionality are you? 有很多东西可以做.Net可以做你永远不会使用的东西,但你不会通过.Net并删除你的功能吗? Of course not. 当然不是。 You have to focus on the things that are important to what you are trying to accomplish and work from there. 你必须把注意力集中在那些对你要完成的事情很重要的事情上。 Don't get caught up in the paralysis of analysis. 不要陷入分析的瘫痪状态。 You will waste your time, spin your wheels and not end up with anything better than what has already been created for you. 你将浪费你的时间,旋转你的车轮,而不是最终为你创造的东西。 Now Microsoft does get it wrong sometimes, but they do get a lot of things right. 现在微软有时会弄错,但他们确实做了很多事情。 You don't have to embrace everything they do to accomplish your goals - you just have to understand what is important for your needs. 您不必拥抱他们为实现目标所做的一切 - 您只需要了解对您的需求有何重要意义。
As for the Guids and ints as primary keys, let me explain something. 至于Guids和ints作为主键,让我解释一下。 There is a crucial difference between a primary key and a clustered index. 主键和聚簇索引之间存在重要差异。 You can add a primary key AND a clustered index on columns that aren't a part of the primary key! 您可以在不属于主键的列上添加主键和聚簇索引! That means that if it is more important to have your data arranged by a name (or whatever), you can customize your clustered index to reflect exactly what you need without it affecting your primary key. 这意味着,如果通过名称(或其他)排列数据更为重要,则可以自定义聚簇索引以准确反映所需内容而不会影响主键。 Let me say it another way - a primary key and a clustered index are NOT one in the same. 让我用另一种方式说 - 主键和聚簇索引不是同一个。 I wrote a blog post about how to add a clustered index and then a primary key to your tables. 我写了一篇关于如何添加聚簇索引然后将主键添加到表中的博客文章。 The clustered index will physically order the table rows the way you need them to be and the primary key will enforce the integrity that you need. 聚簇索引将按照您需要的方式对表行进行物理排序,主键将强制执行您需要的完整性。 Have a look at my blog post to see exactly how you can do it. 看看我的博客文章,看看你究竟如何做到这一点。
Here is the link - http://iamdotnetcrazy.blogspot.com/2010/09/primary-keys-do-not-or-should-not-equal.html . 这是链接 - http://iamdotnetcrazy.blogspot.com/2010/09/primary-keys-do-not-or-should-not-equal.html 。
It is really simple, you just add the clustered index FIRST and then add the primary key SECOND. 这很简单,只需添加聚簇索引FIRST,然后添加主键SECOND。 It must be done in that order or you won't be able to do it. 必须按顺序完成,否则您将无法执行此操作。 This assumes, of course, that you are using Sql Server. 当然,这假定您使用的是Sql Server。 Most people don't realize this because SQL Server will create a clustered index on your primary key by default, but all you have to do is add the clustered index first and then add the primary key and you will be good to go. 大多数人都没有意识到这一点,因为SQL Server默认会在主键上创建聚簇索引,但您只需先添加聚簇索引,然后添加主键,就可以了。 Using ints as a primary key can become VERY problematic as your database and server system scales out. 当您的数据库和服务器系统向外扩展时,使用int作为主键可能会成为非常棘手的问题。 I would suggest using Guids and adding the clustered index to reflect the way you actually need your data stored. 我建议使用Guids并添加聚集索引以反映实际需要存储数据的方式。
Now, in summary, I just want to tell you to go create something great and don't get bogged down with superficial details that aren't going to give you enough of a performance gain to actually matter. 现在,总而言之,我只想告诉你要创造一些伟大的东西,不要陷入表面细节的困扰,这些细节不会给你足够的性能提升。 Life is too short. 生命太短暂。 Also, please remember that your system can only be as fast as its slowest piece of code. 此外,请记住,您的系统只能与最慢的代码一样快。 So make sure that you look at the things that ACTUALLY DO take up a lot of time and take care of those. 因此,请务必查看实际上需要花费大量时间并处理这些事情的事情。
And one more additional thing. 还有一件事。 You can't take everything you see on the web at face value. 你不能把你在网上看到的所有东西都拿到面值。 Technology changes over time. 技术随时间而变化。 Sometimes you may view an answer to a question that someone wrote a long time ago that is no longer relevant today. 有时你可能会查看很久以前有人写过的问题的答案,这个问题今天已经不再适用了。 Also, people will answer questions and give you information without having actually tested what they are saying to see if it is true or not. 此外,人们将回答问题并向您提供信息,而无需实际测试他们所说的内容,看是否真实。 The best thing you can do for your application is to stress test it really well. 您可以为您的应用程序做的最好的事情是对它进行压力测试。 If you are using ASP.Net MVC you can do this in your tests. 如果您使用的是ASP.Net MVC,则可以在测试中执行此操作。 One thing you can do is to add a for loop that adds users to your app in your test and then test things out. 您可以做的一件事是添加一个for循环,在测试中将用户添加到您的应用程序,然后进行测试。 That is one idea. 这是一个想法。 There are other ways. 还有其他方法。 You just have to give it a little effort to design your tests well or at least well enough for your purposes. 您只需要花一点力气来设计好您的测试,或者至少为您的目的做好。
Good luck to you! 祝你好运!
解决方案2
5 2010-11-13 23:36:36
The current Membership provider seems like a BIG overkill, there's way too much functionality.
All I want to store is email/password and basic profile information such as First/LastName, Phone number.
Then just use that part. 然后只使用那部分。 It's not going to use the parts that you don't use, and you may find that you have a need for those other parts down the road. 它不会使用您不使用的部件,并且您可能会发现您需要其他部件。 The classes are already present in the .NET framework so you don't have to provide any licensing or anything. 这些类已经存在于.NET框架中,因此您无需提供任何许可或任何内容。
The size of the database is quite small, and if you do like I do, and leave aspnetdb to itself, then you're not really taking anything from your other databases. 数据库的大小非常小,如果你喜欢我,并将aspnetdb保留给自己,那么你实际上并没有从你的其他数据库中获取任何东西。
Do you have a compelling reason to use a third-party component OVER what's in the framework already? 您是否有令人信服的理由使用第三方组件已超出框架中的内容?
EDIT : 编辑 :
there are also extra columns which I have no use for in the Membership/Users table, but which would add to the payload of each select/insert statements.
MobilePIN PasswordQuestion/PasswordAnswer (I'll do email based password recovery) IsApproved (user will always be approved) Comment MobileAlias Username/LoweredUsername (or Email/LoweredEmail) [email IS the username so only need 1 of these]
This sounds like you're trying to microoptimize . 这听起来像你想microoptimize 。 Passing empty strings is virtually without cost (ok, it's there, but you have to profile to know just how much it's costing you. It won't be THAT much per user). 传递空字符串几乎没有成本(好吧,它就在那里,但是你必须要知道它花了多少钱。每个用户不会那么多)。 We already routinely don't use all these fields in our apps either, but we use the membership system with no measurable detrimental impact. 我们通常也不会在我们的应用程序中使用所有这些字段,但我们使用会员系统而没有可测量的不利影响。
Furthermore, I've heard that Guid's aren't all that fast, and would prefer to have integers instead (like Facebook does) which would also be publicly exposed.
I've heard that the cookiemonster likes cookies. 我听说过cookiemonster喜欢cookies。 Again, without profiling, you don't know if that's detrimental. 同样,如果没有剖析,你不知道这是否有害。 Usually people use GUIDs because they want it to be absolutely (well to a degree of absoluteness) unique, no matter when it's created. 通常人们使用GUID,因为他们希望它绝对(绝对程度)绝对唯一,无论何时创建。 The cost of generating it ONCE per user isn't all that heavy. 每个用户生成ONCE的成本并不是那么重。 Not when you're already creating them a new account. 不是在你已经为他们创建一个新帐户时。
Since you are absolutely set on creating a MembershipProvider from scratch, here are some references: 由于您完全从头开始创建MembershipProvider,因此以下是一些参考:
http://msdn.microsoft.com/en-us/library/system.web.security.membershipprovider.aspx http://msdn.microsoft.com/en-us/library/system.web.security.membershipprovider.aspx
http://www.4guysfromrolla.com/articles/120705-1.aspx http://www.4guysfromrolla.com/articles/120705-1.aspx
http://msdn.microsoft.com/en-us/library/f1kyba5e.aspx http://msdn.microsoft.com/en-us/library/f1kyba5e.aspx
http://www.amazon.com/ASP-NET-3-5-Unleashed-Stephen-Walther/dp/0672330113 http://www.amazon.com/ASP-NET-3-5-Unleashed-Stephen-Walther/dp/0672330113
Stephen Walther goes into detail on that in his book and it's a good reference for you to have as is. Stephen Walther在他的书中对此进行了详细介绍,这对你来说是一个很好的参考。
解决方案3
3 2010-11-14 01:07:06
My recommendation would be for you to benchmark it . 我的建议是让你对它进行基准测试 。 Add as many records as you think you will have in production and submit a similar number of requests as you would get in production and see how it performs for your environment. 添加您认为在生产中将拥有的记录数量,并提交与生产中相同数量的请求,并查看它对您的环境的性能。
My guess is that it would be OK, the overhead that you are talking about would be insignificant. 我的猜测是没关系,你所谈论的开销是微不足道的。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.