大家对使用内置的 ASP Membership Profile 和 Forms 来检索 Web 应用程序的用户 ID 有什么想法。我知道它使访问用户 GUID 变得非常容易,但是每次从 SQL 服务器中检索该值是一个实用、快速的选项吗?
将它存储在一个cookie中会更好,如果该cookie失败,然后从数据库中检索?人们对此有何看法?
问问题
115 次
3 回答
0
Well I was just leaving this as a comment because I think your question is going to be flagged as too general but my comment is getting to long so here is an answer instead:
You concerns are a none issue in this day and age. I have never even used ASP.NET membership before but I intend to for a current project of mine even though I have a custom built light weight membership library that is mature and I have used for years, why? Because the ASP.NET membership is already in the project when I created it so it will be quicker to setup than importing my custom library and making tweaks and changes. Also, using ASP.NET Membership has Anti-forgery token for AJAX requests which is more advanced stuff than my library has for added security.
Passing GUIDS around is a non issue because even in lower bandwidth scenarios it is just not a big deal and obviously, in this day and age of cheap hardware, the increased memory and database storage compared to using an int, for example as an id, is just not even worth thinking about except on the level of conserving energy (server consumption, bandwidth consumption all eats a little energy right?)
The only problem with a guid is that it is less human readable and slightly more time consuming to copy and paste to query the database for a specific user to get information about the user or debug in sql server management studio but you get used to it in about 20 minutes. As far as guid type and passing guids around, it is just as easy as managing integers in C#.
So to sum, it is a non issue unless you our an ultimate tree hugger trying to give a couple minutes of extra heat to your great great great great great great grandchildren right before the next ice age.
于 2013-11-06T07:20:26.600 回答
0
每次从 SQL 服务器中检索该值是一个实用、快速的选择吗?
不,在任何项目中使用它都太慢了,这就是为什么它在过去八年左右的时间里一直是 ASP.NET 的一部分,并被用于大量的 Intranet 和 Internet 应用程序。
您是否有任何实际问题,然后对其进行基准测试。这取决于您的站点、数据库和服务器架构。如果性能确实成为问题,您可以在其之上构建一个自定义提供程序来实现缓存。Cookie 与此无关。
于 2013-11-06T07:41:28.120 回答
0
这真的取决于你的需求。
对于非常基本的方法,您可以只使用FormsAuthentification和How to implement
基本上它只是说 if(isAuthenticated) SetAuthCookie和注销使用SignOut
如果您的需求比这大一点,请查看MembershipReboot
并在此处查找有关为什么不使用MembershipProvider的一些背景知识
于 2013-11-06T07:34:00.083 回答