Migrating from Webforms to MVC, what is the best way to store and manipulate a logged-in user’s data?

Asked

Viewed 285 times

1

For years I worked with c# systems in Webforms, however, by necessity I migrated my development goal to mobile applications with Xamarin and standards MVVM.

Now in parallel I am developing again WEB systems however, in MVC standards. But a doubt has been chasing me...

In Webforms, I have always used Session to treat the user logged in by Masterpage¹. Now on MVC, where Filters and Roles are basic items of a good project, what is the best way to store the logged user data? Because I need to upload the user data logged in the View and also need the data to save records in the database and etc.

I am currently using a filter to check the session status, and I am still fortunately/unfortunately using Session to save² your data and manipulate it, however, as everyone knows the Session’s depending on the amount of logged in users, ends up consuming many server resources.

How to do it? I maintain Session’s? Use Cookie? Tempdata? Viewbag? or other...

¹ In a Webforms application I had a class for ex: User, which contained the data of User, Name, Email, Photo etc.

I performed the checks on Masterpage’s Pageload simply using:

if(UsuarioLogado.UsuarioId < 1)
   Response.Redirect("~/Login");

² In current MVC applications, I also use a class to save user data: Below, I use a class to pass the data I consulted in the database to save in Session:

private void SessionAdd(Usuario dados)
{
    System.Web.HttpContext.Current.Session.Add("UsuarioId", dados.UsuarioId);
}

I also use a Filter IAuthorizationFilter which does the following:

public void OnAuthorization(AuthorizationContext filterContext)
        {
            if (filterContext.ActionDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true)
                || filterContext.ActionDescriptor.ControllerDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true))
            {
            return;
        }

        if (filterContext.HttpContext.Session != null && filterContext.HttpContext.Session["UsuarioId"] == null)
        {
            filterContext.HttpContext.Response.Redirect("~/Login/Acesso");
        }
    }

When I need the data to display in the View, I simply do @Session["Nome"]. My applications have been working, however, I believe that the way I handle works well only for a few logged in users, but it is not the best way for many users.

c# asp.net-mvc
  • 1

    Could you add some more information to help us? Something like what user data would you like to store? Name and ID? Are you using Identity? Could [Edit] and add how you are doing the authentication?

  • Do you already have something ready in Asp.NET MVC? Taking advantage, which version is using?

  • Yes, the applications where I work are already migrating to MVC, about 4 applications have already been fully migrated. As for the version, I’m using the 6.

1 answer

1


Responding simply based on the experience I’ve had.

I made a class/filter that takes care of the logged in users, besides validating whether or not it can access such class, this based on "roles" that I did in a generic way.

I also saved the data in a class, Id, Name and Profile so I can compare in my Filter.

public void OnAuthorization(AuthorizationContext filterContext)
{
    //Se não tiver mais session, ou não logado, redireciona para o login
    if(Logado.UsuarioId < 1)
        return filterContext.HttpContext.Response.Redirect("~/Login/Acesso");

    //Pega qual controller e action ele quer acessar
    var actionName = filterContext.ActionDescriptor.ActionName;
    var controllerName = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName;

    if(!isEnable(actionName, controllerName))
        return filterContext.HttpContext.Response.Redirect("~/Error/Permitido");
}

//Lógica para verificar se permite ou não o usuário
private bool isEnable (string action, string controller){
    return true;
}

And then I just need to change the logic of the function isEnable, putting what should be checked to inform whether or not it can access.

  • at what point and where this class is called Onauthorization ? @Thiago Araújo

Browser other questions tagged c# asp.net-mvc

You are not signed in. Login or sign up in order to post.