Databases
StackOverflow2013
Postsdbo
PO
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    primarykey
    data
    text
    <p>Cross-post from <a href="https://codereview.stackexchange.com/a/7286/9510">my CodeReview answer</a>:</p> <p>I'll take a stab at answering your questions and provide some suggestions:</p> <ol> <li><p>If you have FormsAuthentication configured in <code>web.config</code>, it will automatically pull the cookie for you, so you shouldn't have to do any manual population of the FormsIdentity. This is pretty easy to test in any case.</p></li> <li><p>You probably want to override both <code>AuthorizeCore</code> and <code>OnAuthorization</code> for an effective authorization attribute. The <code>AuthorizeCore</code> method returns a boolean and is used to determine whether the user has access to a given resource. The <code>OnAuthorization</code> doesn't return and is generally used to trigger other things based on the authentication status.</p></li> <li><p>I think the session-vs-cookie question is largely preference, but I'd recommend going with the session for a few reasons. The biggest reason is that the cookie is transmitted with every request, and while right now you may only have a little bit of data in it, as time progresses who knows what you'll stuff in there. Add encryption overhead and it could get large enough to slow down requests. Storing it in the session also puts ownership of the data in your hands (versus putting it in the client's hands and relying on you to decrypt and use it). One suggestion I would make is wrapping that session access up in a static <code>UserContext</code> class, similar to <code>HttpContext</code>, so you could just make a call like <code>UserContext.Current.UserData</code>. See below for example code.</p></li> <li><p>I can't really speak to whether it is a good separation of concerns, but it looks like a good solution to me. It's not unlike other MVC authentication approaches I've seen. I'm using something very similar in my apps in fact.</p></li> </ol> <p>One last question -- why did you build and set the FormsAuthentication cookie manually instead of using <code>FormsAuthentication.SetAuthCookie</code>? Just curious.</p> <p><strong>Example code for static context class</strong></p> <pre><code>public class UserContext { private UserContext() { } public static UserContext Current { get { if (HttpContext.Current == null || HttpContext.Current.Session == null) return null; if (HttpContext.Current.Session["UserContext"] == null) BuildUserContext(); return (UserContext)HttpContext.Current.Session["UserContext"]; } } private static void BuildUserContext() { BuildUserContext(HttpContext.Current.User); } private static void BuildUserContext(IPrincipal user) { if (!user.Identity.IsAuthenticated) return; // For my application, I use DI to get a service to retrieve my domain // user by the IPrincipal var personService = DependencyResolver.Current.GetService&lt;IUserBaseService&gt;(); var person = personService.FindBy(user); if (person == null) return; var uc = new UserContext { IsAuthenticated = true }; // Here is where you would populate the user data (in my case a SiteUser object) var siteUser = new SiteUser(); // This is a call to ValueInjecter, but you could map the properties however // you wanted. You might even be able to put your object in there if it's a POCO siteUser.InjectFrom&lt;FlatLoopValueInjection&gt;(person); // Next, stick the user data into the context uc.SiteUser = siteUser; // Finally, save it into your session HttpContext.Current.Session["UserContext"] = uc; } #region Class members public bool IsAuthenticated { get; internal set; } public SiteUser SiteUser { get; internal set; } // I have this method to allow me to pull my domain object from the context. // I can't store the domain object itself because I'm using NHibernate and // its proxy setup breaks this sort of thing public UserBase GetDomainUser() { var svc = DependencyResolver.Current.GetService&lt;IUserBaseService&gt;(); return svc.FindBy(ActiveSiteUser.Id); } // I have these for some user-switching operations I support public void Refresh() { BuildUserContext(); } public void Flush() { HttpContext.Current.Session["UserContext"] = null; } #endregion } </code></pre> <p>In the past I had put properties directly on the <code>UserContext</code> class for accessing the user data I needed, but as I've used this for other, more complicated projects, I decided to move it to a <code>SiteUser</code> class:</p> <pre><code>public class SiteUser { public int Id { get; set; } public string FirstName { get; set; } public string LastName { get; set; } public string FullName { get { return FirstName + " " + LastName; } } public string AvatarUrl { get; set; } public int TimezoneUtcOffset { get; set; } // Any other data I need... } </code></pre>
    singulars
    1. This table or related slice is empty.
    1. POMVC Custom Authentication, Authorization, and Roles Implementation
      singulars
      1. PTQuestion
    1. PTAnswer
    1. USCommunity
    1. USJosh Anderson
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. POMVC Custom Authentication, Authorization, and Roles Implementation
      singulars
      1. PTQuestion
    1. This table or related slice is empty.
    1. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTUpMod
    2. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTAcceptedByOriginator
    3. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTUpMod
    1. COThank you cross-posting this answer, and thank you even more for the UserContext idea. Perhaps we could chat/email about that sometime?
      singulars
      1. PO
      1. USone.beat.consumer
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload