如何使用 Windows 身份验证自动维护已通过 IIS 7.0 身份验证的用户表
我想建立和维护一个用户表。所有访问 ASP.NET MVC 站点的用户都通过 Windows 身份验证进行身份验证,因此他们必然拥有唯一的用户名。我正在从以下位置获取用户名:
System.Web.HttpContext.Current.User.Identity.Name
我觉得我可以采取两种方式。
- 每当访问用户表或引用用户表的任何表时,我都可以添加用户(如果不存在)。我担心如果不检查用户的存在,这可能很容易出错。
- 每当用户访问网站上的任何页面时,请检查该用户是否存在于数据库中,如果不存在,则添加该用户。这可能会产生很大的开销,因为每次页面更改都会进行检查。
我想听听其中哪一个是更好的解决方案以及如何实施它们。
I want to build and maintain a table of users. All users that access the ASP.NET MVC site are authenticated via Windows Authentication so they're bound to have a unique username. I'm grabbing the user name from:
System.Web.HttpContext.Current.User.Identity.Name
I feel like I could go two ways with this.
- Anytime the user table or any tables that references the user table are accessed, I could add the user if it doesn't exist. I'm worried this might be very error prone if user's existance isn't checked.
- Anytime the user visits any page on the site, check if that user exists in the db and if they don't exist, add the user. This may have a lot of overhead as it'll be checked every page change.
I'd like to hear which of these is the better solution and also how to implement them.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我认为更好的方法是类似于选项二的方法。
每当用户访问页面时,请检查会话变量以查看是否根据数据库检查了该用户。如果会话变量不存在,请检查该用户是否存在于数据库中,如有必要,将用户添加到表中,然后设置会话变量。
这样您就不必在每个请求上都访问数据库。
I think a better way would be something similar to the option two.
Anytime a user visits a page, check a session variable to see if that user was checked against the DB. If the session variable is not there, check if that user exists in the DB, add the user to your table if necessary, then set the session variable.
That way you don't have to hit the DB on every request.