Geek Answers Handbook

Best Custom Authentication Option Using ASP.NET MVC (Cache, Cookie ...)

I lost a bit of using authentication with MVC ...

I am looking for the best option to use on the E-Commerce website where performance is a top priority ...

The two options I'm still looking at are:

  • Create a FormsAuthenticationTicket and encrypt it in a cookie , as implemented here: Implementing cookies

  • Cache authentication data, for example:

    protected void Application_AuthenticateRequest(object sender, EventArgs e) { if (HttpContext.Current.User != null) { if (HttpContext.Current.User.Identity.IsAuthenticated) { if (HttpContext.Current.User.Identity is FormsIdentity) { // Get Forms Identity From Current User FormsIdentity id = FormsIdentity)HttpContext.Current.User.Identity; // Create a custom Principal Instance and assign to Current User (with caching) Customer principal = (Customer)HttpContext.Current.Cache.Get(id.Name); if (principal == null) { // Create and populate your Principal object with the needed data and Roles. principal = MyBusinessLayerSecurityClass.CreatePrincipal(id, id.Name); HttpContext.Current.Cache.Add( id.Name, principal, null, System.Web.Caching.Cache.NoAbsoluteExpiration, new TimeSpan(0, 30, 0), System.Web.Caching.CacheItemPriority.Default, null); } HttpContext.Current.User = principal; } } } }

Caching example here

What do you guys think?

thanks

+6
authentication c # asp.net-mvc
source share
1 answer

A more MVCish way to achieve this is to write a custom AuthorizeAttribute and accomplish this by overriding OnAuthorization instead of Application_AuthenticateRequest .

Having said that, I think your implementation is not bad. As an alternative to storing additional information in the cache, you can save it in the userData part of the userData ticket, if this information is not very large, of course. Both approaches are viable. If you decide to go with caching, I would recommend that you upload it to dedicated cache servers, and not store it in the memory of web servers.

+4
source share

More articles:


All Articles