问题描述
我使用与窗体身份验证ASP.NET框架内自定义成员资格和角色提供。这些都是伟大的工作。的作用者正在使用的cookie坚持角色,节省了一趟每个Web请求数据库。我也用的FormsAuthenticationTicket内的UserData字符串存储的用户ID。
我需要重构我DAL出Web项目到自己的项目中。该DAL对获取当前用户的ID和检查的权利角色的依赖。
如何使我的认证系统的变化,所以我可以用不Thread.CurrentPrincipal中的DAL项目引用System.Web程序?
目前的提供者框架创建RolePrincipal和FormsIdentity对象,重视它的Thread.CurrentPrincipal中。
我想到了Application_PostAuthenticateRequest活动期间创建围绕RolePrincipal一个自定义的IPrincipal包装。在这种情况下,我可以从FormsAuthenticalTicket获得用户ID并将它传递给这个新wrapperPrincipal与RolePrincipal一起。
这是一种有效的方法?我最终会通过与供应商结构搞乱造成一些问题,项目越往下?
感谢您,
基思
保护无效Application_PostAuthenticateRequest()
{
如果(Request.IsAuthenticated)
{
FormsIdentity身份=(FormsIdentity)User.Identity; 如果(身份!= NULL)
{
的FormsAuthenticationTicket票= identity.Ticket; INT ID = 1; 如果(身份!= NULL)
{
int.TryParse(identity.Ticket.UserData,掉id);
} VAR wrapperPrincipal =新WrapperPrincipal(用户,ID);
System.Threading.Thread.CurrentPrincipal = WrapperPrincipal;
}
}
}[Serializable接口]
公共类WrapperPrincipal:IPrincipal的
{
私人IPrincipal的负责人; 公共WrapperPrincipal(主要的IPrincipal,INT用户id)
{
this.principal =本金;
this.Id =用户id;
} 公众诠释标识{搞定;组; } 公共IIdentity的身份
{
{返回principal.Identity; }
} 公共BOOL IsInRole(字符串角色)
{
返回principal.IsInRole(作用);
}
}
我碰到这个问题,最近,当我试图实现自定义的主了。我没太包装器,我认为它是有效的。它可以完美地与LukeP在ASP.NET MVC - 设置自定义的IIdentity或IPrincipal的。
你不能惹任何事情,因为它仅仅是包装,你只要delegete产地主要成员,你甚至别碰它。我把它叫做聪明的解决方案。
I am using custom Membership and Role providers inside the ASP.NET framework with Forms Authentication. These are working great. The Role provider is using a cookie to persist the roles, saving a trip to the database on each web request. I am also using the UserData string inside the FormsAuthenticationTicket to store the UserId.
I need to refactor my DAL out of the web project to its own project. The DAL has a dependency on retrieving the Current user’s ID as well as checking the roles for rights.How should my Authentication system change so I can use the Thread.CurrentPrincipal without referencing System.Web in the DAL project?
Currently the Provider Framework creates a RolePrincipal and FormsIdentity object and attaches it the the Thread.CurrentPrincipal.
I thought about creating a custom IPrincipal wrapper around the RolePrincipal during the Application_PostAuthenticateRequest event. In this event I can get the UserID from the FormsAuthenticalTicket and pass it to this new wrapperPrincipal along with the RolePrincipal.
Is this a valid approach? Will I end up causing some issues farther down in the project by messing with the Provider structure?
Thank you,Keith
protected void Application_PostAuthenticateRequest()
{
if (Request.IsAuthenticated)
{
FormsIdentity identity = (FormsIdentity)User.Identity;
if (identity != null)
{
FormsAuthenticationTicket ticket = identity.Ticket;
int id = 1;
if (identity != null)
{
int.TryParse(identity.Ticket.UserData, out id);
}
var wrapperPrincipal = new WrapperPrincipal(User, id);
System.Threading.Thread.CurrentPrincipal = WrapperPrincipal;
}
}
}
[Serializable]
public class WrapperPrincipal : IPrincipal
{
private IPrincipal principal;
public WrapperPrincipal(IPrincipal principal, int userId)
{
this.principal = principal;
this.Id = userId;
}
public int Id { get; set; }
public IIdentity Identity
{
get { return principal.Identity; }
}
public bool IsInRole(string role)
{
return principal.IsInRole(role);
}
}
i came across this question recently when i was trying to implement custom principal too. I did wrapper too and i think it is valid. It works perfectly with LukeP's approach in ASP.NET MVC - Set custom IIdentity or IPrincipal.You cant mess anything because it is just wrapper, u just delegete origin principal members, you dont even touch it. I would call it clever solution.
这篇关于你可以包装RolePrincipal在自定义IPrincipal对象?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!