如何在 ASP.NET Membership Cookie 中存储自定义数据

发布于 2024-09-09 08:20:55 字数 4511 浏览 6 评论 0原文

谁能给我一个关于如何在 ASP.NET 会员 cookie 中存储自定义数据的示例(或为我指明正确的方向)?

我需要向 cookie 添加一些自定义属性,例如 UserID 和 URLSlug,并且能够以与检索用户名相同的方式检索信息。

编辑:

我使用了 Code Poet 的示例并提出了以下内容。

当我在 Dim SerializedUser As String = SerializeUser(userData) 处设置断点时,userData 的值是正确的。它具有我期望它具有的所有属性。

我现在遇到的问题是,当我到达 Dim userdata As String = authTicket.UserData (断点)时,该值为 ""。我很想弄清楚我做错了什么。

这是代码。

Imports System
Imports System.Web
Imports System.Web.Security

Namespace Utilities.Authentication
    Public NotInheritable Class CustomAuthentication
        Private Sub New()
        End Sub

        Public Shared Function CreateAuthCookie(ByVal userName As String, ByVal userData As Domain.Models.UserSessionModel, ByVal persistent As Boolean) As HttpCookie

            Dim issued As DateTime = DateTime.Now
            ''# formsAuth does not expose timeout!? have to hack around the
            ''# spoiled parts and keep moving..
            Dim fooCookie As HttpCookie = FormsAuthentication.GetAuthCookie("foo", True)
            Dim formsTimeout As Integer = Convert.ToInt32((fooCookie.Expires - DateTime.Now).TotalMinutes)

            Dim expiration As DateTime = DateTime.Now.AddMinutes(formsTimeout)
            Dim cookiePath As String = FormsAuthentication.FormsCookiePath

            Dim SerializedUser As String = SerializeUser(userData)

            Dim ticket = New FormsAuthenticationTicket(0, userName, issued, expiration, True, SerializedUser, cookiePath)
            Return CreateAuthCookie(ticket, expiration, persistent)
        End Function

        Public Shared Function CreateAuthCookie(ByVal ticket As FormsAuthenticationTicket, ByVal expiration As DateTime, ByVal persistent As Boolean) As HttpCookie
            Dim creamyFilling As String = FormsAuthentication.Encrypt(ticket)
            Dim cookie = New HttpCookie(FormsAuthentication.FormsCookieName, creamyFilling) With { _
             .Domain = FormsAuthentication.CookieDomain, _
             .Path = FormsAuthentication.FormsCookiePath _
            }
            If persistent Then
                cookie.Expires = expiration
            End If

            Return cookie
        End Function


        Public Shared Function RetrieveAuthUser() As Domain.Models.UserSessionModel
            Dim cookieName As String = FormsAuthentication.FormsCookieName
            Dim authCookie As HttpCookie = HttpContext.Current.Request.Cookies(cookieName)
            Dim authTicket As FormsAuthenticationTicket = FormsAuthentication.Decrypt(authCookie.Value)
            Dim userdata As String = authTicket.UserData

            Dim usersessionmodel As New Domain.Models.UserSessionModel
            usersessionmodel = DeserializeUser(userdata)
            Return usersessionmodel
        End Function


        Private Shared Function SerializeUser(ByVal usersessionmodel As Domain.Models.UserSessionModel) As String
            Dim bf As New Runtime.Serialization.Formatters.Binary.BinaryFormatter()
            Dim mem As New IO.MemoryStream
            bf.Serialize(mem, usersessionmodel)
            Return Convert.ToBase64String(mem.ToArray())
        End Function

        Private Shared Function DeserializeUser(ByVal serializedusersessionmodel As String) As Domain.Models.UserSessionModel
            Dim bf As New Runtime.Serialization.Formatters.Binary.BinaryFormatter()
            Dim mem As New IO.MemoryStream(Convert.FromBase64String(serializedusersessionmodel))
            Return DirectCast(bf.Deserialize(mem), Domain.Models.UserSessionModel)
        End Function
    End Class
End Namespace

这就是我创造所有魔法的地方。此方法位于继承 System.Web.Mvc.Controller 的“BaseController”类中,

Protected Overrides Function CreateActionInvoker() As System.Web.Mvc.IActionInvoker

            If User.Identity.IsAuthenticated Then ''# this if statement will eventually also check to make sure that the cookie actually exists.

                Dim sessionuser As Domain.Models.UserSessionModel = New Domain.Models.UserSessionModel(OpenIdService.GetOpenId(HttpContext.User.Identity.Name).User)
                HttpContext.Response.Cookies.Add(UrbanNow.Core.Utilities.Authentication.CustomAuthentication.CreateAuthCookie(HttpContext.User.Identity.Name, sessionuser, True))
            End If
End Function

以下是我尝试检索信息的方法。

 Dim user As Domain.Models.UserSessionModel = CustomAuthentication.RetrieveAuthUser

Can anyone give me an example (or point me in the right direction) on how to store custom data in an ASP.NET Membership cookie?

I need to add some custom properties like UserID and URLSlug to the cookie and be able to retrieve the information in the same way one would retrieve the Username.

Edit:

I used Code Poet's example and came up with the following.

When I set a breakpoint at Dim SerializedUser As String = SerializeUser(userData) the value of userData is right. It has all the properties I expect it to have.

The problem I'm now running into is that when I get to Dim userdata As String = authTicket.UserData (breakpoint), the value is "". I'd love to figure out what I'm doing wrong.

Here's the code.

Imports System
Imports System.Web
Imports System.Web.Security

Namespace Utilities.Authentication
    Public NotInheritable Class CustomAuthentication
        Private Sub New()
        End Sub

        Public Shared Function CreateAuthCookie(ByVal userName As String, ByVal userData As Domain.Models.UserSessionModel, ByVal persistent As Boolean) As HttpCookie

            Dim issued As DateTime = DateTime.Now
            ''# formsAuth does not expose timeout!? have to hack around the
            ''# spoiled parts and keep moving..
            Dim fooCookie As HttpCookie = FormsAuthentication.GetAuthCookie("foo", True)
            Dim formsTimeout As Integer = Convert.ToInt32((fooCookie.Expires - DateTime.Now).TotalMinutes)

            Dim expiration As DateTime = DateTime.Now.AddMinutes(formsTimeout)
            Dim cookiePath As String = FormsAuthentication.FormsCookiePath

            Dim SerializedUser As String = SerializeUser(userData)

            Dim ticket = New FormsAuthenticationTicket(0, userName, issued, expiration, True, SerializedUser, cookiePath)
            Return CreateAuthCookie(ticket, expiration, persistent)
        End Function

        Public Shared Function CreateAuthCookie(ByVal ticket As FormsAuthenticationTicket, ByVal expiration As DateTime, ByVal persistent As Boolean) As HttpCookie
            Dim creamyFilling As String = FormsAuthentication.Encrypt(ticket)
            Dim cookie = New HttpCookie(FormsAuthentication.FormsCookieName, creamyFilling) With { _
             .Domain = FormsAuthentication.CookieDomain, _
             .Path = FormsAuthentication.FormsCookiePath _
            }
            If persistent Then
                cookie.Expires = expiration
            End If

            Return cookie
        End Function


        Public Shared Function RetrieveAuthUser() As Domain.Models.UserSessionModel
            Dim cookieName As String = FormsAuthentication.FormsCookieName
            Dim authCookie As HttpCookie = HttpContext.Current.Request.Cookies(cookieName)
            Dim authTicket As FormsAuthenticationTicket = FormsAuthentication.Decrypt(authCookie.Value)
            Dim userdata As String = authTicket.UserData

            Dim usersessionmodel As New Domain.Models.UserSessionModel
            usersessionmodel = DeserializeUser(userdata)
            Return usersessionmodel
        End Function


        Private Shared Function SerializeUser(ByVal usersessionmodel As Domain.Models.UserSessionModel) As String
            Dim bf As New Runtime.Serialization.Formatters.Binary.BinaryFormatter()
            Dim mem As New IO.MemoryStream
            bf.Serialize(mem, usersessionmodel)
            Return Convert.ToBase64String(mem.ToArray())
        End Function

        Private Shared Function DeserializeUser(ByVal serializedusersessionmodel As String) As Domain.Models.UserSessionModel
            Dim bf As New Runtime.Serialization.Formatters.Binary.BinaryFormatter()
            Dim mem As New IO.MemoryStream(Convert.FromBase64String(serializedusersessionmodel))
            Return DirectCast(bf.Deserialize(mem), Domain.Models.UserSessionModel)
        End Function
    End Class
End Namespace

Here's where I create all the magic. This method is in a "BaseController" class that inherits System.Web.Mvc.Controller

Protected Overrides Function CreateActionInvoker() As System.Web.Mvc.IActionInvoker

            If User.Identity.IsAuthenticated Then ''# this if statement will eventually also check to make sure that the cookie actually exists.

                Dim sessionuser As Domain.Models.UserSessionModel = New Domain.Models.UserSessionModel(OpenIdService.GetOpenId(HttpContext.User.Identity.Name).User)
                HttpContext.Response.Cookies.Add(UrbanNow.Core.Utilities.Authentication.CustomAuthentication.CreateAuthCookie(HttpContext.User.Identity.Name, sessionuser, True))
            End If
End Function

And here's how I try and retrieve the info.

 Dim user As Domain.Models.UserSessionModel = CustomAuthentication.RetrieveAuthUser

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

迷鸟归林 2024-09-16 08:20:55

首先,ASP.Net 会员提供商不写入任何 cookie,身份验证 cookie 是由 FormsAuthentication 写入的。

其次,为什么要干涉身份验证 cookie。您完全可以在单独的 cookie 中执行此操作。以下是您可以如何做到这一点。

将键值写入 cookie。

//create a cookie
HttpCookie myCookie = new HttpCookie("myCookie");

//Add key-values in the cookie
myCookie.Values.Add("UserId", "your-UserId");
myCookie.Values.Add("UrlSlug", "your-UrlSlug");

//set cookie expiry date-time, if required. Made it to last for next 12 hours.
myCookie.Expires = DateTime.Now.AddHours(12);

//Most important, write the cookie to client.
Response.Cookies.Add(myCookie);

从 cookie 读取键值。

//Assuming user comes back after several hours. several < 12.
//Read the cookie from Request.
HttpCookie myCookie = Request.Cookies["myCookie"];
if (myCookie == null)
{
    //No cookie found or cookie expired.
    //Handle the situation here, Redirect the user or simply return;
}

//ok - cookie is found.
//Gracefully check if the cookie has the key-value as expected.
if (!string.IsNullOrEmpty(myCookie.Values["UserId"]))
{
    string UserId= myCookie.Values["UserId"].ToString();
    //Yes UserId is found. Mission accomplished.
}

if (!string.IsNullOrEmpty(myCookie.Values["UrlSlug"]))
{
    string UrlSlug = myCookie.Values["UrlSlug"].ToString();
    //Yes key2 is found. Mission accomplished.
}

如果您确实需要打扰
身份验证 cookie,虽然不是
建议您这样做。

将键值写入 cookie。

//create a cookie
HttpCookie myCookie = FormsAuthentication.GetAuthCookie("UserName", true);

//Add key-values in the cookie
myCookie.Values.Add("UserId", "your-UserId");
myCookie.Values.Add("UrlSlug", "your-UrlSlug");

//set cookie expiry date-time, if required. Made it to last for next 12 hours.
myCookie.Expires = DateTime.Now.AddHours(12);

//Most important, write the cookie to client.
Response.Cookies.Add(myCookie);

从 cookie 读取键值。

//Assuming user comes back after several hours. several < 12.
//Read the cookie from Request.
HttpCookie myCookie = Request.Cookies[FormsAuthentication.FormsCookieName];
if (myCookie == null)
{
    //No cookie found or cookie expired.
    //Handle the situation here, Redirect the user or simply return;
}

//ok - cookie is found.
//Gracefully check if the cookie has the key-value as expected.
if (!string.IsNullOrEmpty(myCookie.Values["UserId"]))
{
    string UserId= myCookie.Values["UserId"].ToString();
    //Yes UserId is found. Mission accomplished.
}

if (!string.IsNullOrEmpty(myCookie.Values["UrlSlug"]))
{
    string UrlSlug = myCookie.Values["UrlSlug"].ToString();
    //Yes key2 is found. Mission accomplished.
}

First of all ASP.Net Membership providers don't write any cookies, Authentication cookies are written by FormsAuthentication.

And secondly, why interfere into authentication cookie at all. You can do this in a seperate cookie altogether. Here's how you can do that.

Writing the keys-values into cookie.

//create a cookie
HttpCookie myCookie = new HttpCookie("myCookie");

//Add key-values in the cookie
myCookie.Values.Add("UserId", "your-UserId");
myCookie.Values.Add("UrlSlug", "your-UrlSlug");

//set cookie expiry date-time, if required. Made it to last for next 12 hours.
myCookie.Expires = DateTime.Now.AddHours(12);

//Most important, write the cookie to client.
Response.Cookies.Add(myCookie);

Reading the keys-values from cookie.

//Assuming user comes back after several hours. several < 12.
//Read the cookie from Request.
HttpCookie myCookie = Request.Cookies["myCookie"];
if (myCookie == null)
{
    //No cookie found or cookie expired.
    //Handle the situation here, Redirect the user or simply return;
}

//ok - cookie is found.
//Gracefully check if the cookie has the key-value as expected.
if (!string.IsNullOrEmpty(myCookie.Values["UserId"]))
{
    string UserId= myCookie.Values["UserId"].ToString();
    //Yes UserId is found. Mission accomplished.
}

if (!string.IsNullOrEmpty(myCookie.Values["UrlSlug"]))
{
    string UrlSlug = myCookie.Values["UrlSlug"].ToString();
    //Yes key2 is found. Mission accomplished.
}

If at all you need to disturb the
authentication cookie, though not
advisable, This is how you may do it.

Writing the keys-values into cookie.

//create a cookie
HttpCookie myCookie = FormsAuthentication.GetAuthCookie("UserName", true);

//Add key-values in the cookie
myCookie.Values.Add("UserId", "your-UserId");
myCookie.Values.Add("UrlSlug", "your-UrlSlug");

//set cookie expiry date-time, if required. Made it to last for next 12 hours.
myCookie.Expires = DateTime.Now.AddHours(12);

//Most important, write the cookie to client.
Response.Cookies.Add(myCookie);

Reading the keys-values from cookie.

//Assuming user comes back after several hours. several < 12.
//Read the cookie from Request.
HttpCookie myCookie = Request.Cookies[FormsAuthentication.FormsCookieName];
if (myCookie == null)
{
    //No cookie found or cookie expired.
    //Handle the situation here, Redirect the user or simply return;
}

//ok - cookie is found.
//Gracefully check if the cookie has the key-value as expected.
if (!string.IsNullOrEmpty(myCookie.Values["UserId"]))
{
    string UserId= myCookie.Values["UserId"].ToString();
    //Yes UserId is found. Mission accomplished.
}

if (!string.IsNullOrEmpty(myCookie.Values["UrlSlug"]))
{
    string UrlSlug = myCookie.Values["UrlSlug"].ToString();
    //Yes key2 is found. Mission accomplished.
}
终弃我 2024-09-16 08:20:55

根据具体情况,使用单独的 cookie可能是一个可行的选择,但在我看来,这不是最佳选择,原因有几个,包括一个简单的事实:您必须管理多个 cookie 以及管理 cookie 的生命周期饼干。

将自定义信息合并到表单票证中的最可靠策略是利用票证的 userData 字段。这正是它的用途。

您可以轻松地将自定义数据存储在工单的 userData 字段中。

关于票证中存储的数据大小,需要注意一些问题,这些问题已解释 此处

这里是一个小类,可以帮助完成在表单票证中存储自定义数据的任务。

Depending on the scenario, using a separate cookie might be a viable option, but in my opinion is sub optimal for several reasons including the simple fact that you have to manage multiple cookies as well as managing the lifetime of the cookie.

The most reliable strategy for incorporating custom information into your forms ticket is to leverage the userData field of the ticket. That is exactly what it is there for.

You can easily store custom data in the userData field of the ticket.

There are a few concerns to be aware of regarding the size of the data to be stored in the ticket that are explained here

And here is a small class that can help in the task of storing custom data in your forms ticket.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文