开发者

ASP.Net MVC Store User Entity In Session

开发者 https://www.devze.com 2023-02-10 14:37 出处:网络
I am developing an ASP.Net MVC 3 Web application with Entity Framework 4. When a user logs into my application I would like to store their user entity (firstName, lastName etc) in a session which can

I am developing an ASP.Net MVC 3 Web application with Entity Framework 4. When a user logs into my application I would like to store their user entity (firstName, lastName etc) in a session which can then be access throughout the application.

I understand that this may not be a good idea because when the ObjectContext closes/ disposes, then the User entity is detached and the user details could be lost.

I thought another method could be, when the user logs in, assign the userID (Primary Key) to a session variable, ie:

HttpContext.Current.Session["currentUserID"] = user.userID;

Then create a class in the UserService class like so:

public static User CurrentUser
    {

        get
        {
            return Data.DBEntities.Users.Where(u => u.userID == HttpContext.Current.Session["currentUserID"]).FirstOrDefault()开发者_如何学运维;
        }

    }

Which should return a User Entity based on the currentUserID session variable. This isn't working for me however, I am getting a couple of errors

Cannot convert lambda expression to type 'string' because it is not a delegate type
Delegate 'System.Func<Asset.Model.User,int,bool>' does not take 1 arguments

Is this approach I am taking correct, or is there a better way?

Any feedback would be much appreciated.


First, don't store security-sensitive information in Session. Google "ASP.NET Session hijacking" for info as to why.

That said, this code can be made to work. You just have a cast error. Also, You're not accounting for the fact that Session can and does expire during a login. You could do this:

public static User CurrentUser
{
    get
    {
        object userID = HttpContext.Current.Session["currentUserID"];
        if (userID == null)
        {
            throw new InvalidOperationException("Oops!");
        }
        return Data.DBEntities.Users.Where(u => u.userID == (int)userId ).FirstOrDefault();
    }
}

...which at least compiles, but isn't secure and sometimes throws.

It would be better to store the user ID on a custom principal, which is secure and doesn't expire.


You can store whole entity in Session. It will be detached but it doesn't mean that it will lost values - only in case of lazy loading you will not be able to lazy load navigation properties.

In your current code try to get your currentUserId to temporary variable and use that variable in your query.

0

精彩评论

暂无评论...
验证码 换一张
取 消