3

In my webpage i use FormsAuthentication

FormsAuthentication.RedirectFromLoginPage(VisitorEmail, False)

Every time the visitor gets authenticated via the login page, i set the

Session("MemberID") = GetMemberIDByEmail(VisitorEmail) for later processing.

Since i need both MemberID and VisitorEmail.

But something tells me that this is "out of the book" and not "by the book".

So am i doing something WRONG or BAD here?

OrElse
  • 9,709
  • 39
  • 140
  • 253
  • 1
    I am not sure that this is not "by the book" or anything. If you need both ID and Email, you need both, and you need to keep it somewhere, with all the costs associated with it. You probably should rethink your logic to see if you can do away with just the email -- since both are unique and a direct one-one mapping, in theory you should only need to keep one. – Stephen Chung Apr 18 '11 at 08:47

4 Answers4

4

Sorry, I'm not sure exactly what you are trying to do from your description, but there's no need to store the MemberID in session state. Whenever you need it, just call:

Membership.GetUser.ProviderUserKey

Note: Its not really considered good form to store information in Session state as this could be lost e.g. if the web server resets - which it does periodically, or if the site needs to recompile. Also, its not very scalable as each "active" user will use up memory and also if you ever need to move to a web farm session state can cause issues as it will be different on each web server.

Prob OK for a little, quick site though ;-)

PapillonUK
  • 642
  • 8
  • 20
  • 1
    What? It's fine to use the session. That's what it's there for. If you're using a web farm, just configure your session states to be stored in SQL Server instead of using the default InProc session management. That will fix the compile problems, too, if you are worried about them. [See here for a howTo.](http://support.microsoft.com/kb/317604) – Katie Kilian Apr 19 '11 at 04:15
  • I should add, as far as the original question goes, Membership.GetUser.ProviderUserKey is what I'd do, too. ;) – Katie Kilian Apr 19 '11 at 04:17
  • Thanks Charlie - yep, maybe I was being a little over cautious about using session state. It's fine for transient data I guess, and yes shoving it in the DB is a possibility - but it's nice if you can just avoid it which I think is possible in this case (praps just my own bitter experience!) – PapillonUK Apr 21 '11 at 00:04
3

It's fine to use Session to cache this type of info, but remember to reassign it when the session expires in Global.asax:

void Session_Start(object sender, EventArgs e) 
{
    if(Request.IsAuthenticated) //to make sure the user has not logged out
        Session["MemberID"] = GetMemberIDByEmail(VisitorEmail);
}
jazzcat
  • 4,351
  • 5
  • 36
  • 37
1

You could create a custom principal class so you can add the additional properties. Then modify your Global.asax to override Application_PostAuthenticateRequest with your code and also set Context.User = Thread.CurrentPrincipal = myPrincipal;. Best is to always set Thread.CurrentPrincipal, but normally you can also get to your own properties elsewhere in your code using the more "convenient" Page.User or Context.User.

Community
  • 1
  • 1
mousio
  • 10,079
  • 4
  • 34
  • 43
0

Could you not switch the two around and store the member id in the form variable (since I assume the user is able to change there email address and not there member id)...

Dim memberId as Integer = GetMemberIDByEmail(VisitorEmail)
' assuming integer here and that a result is found etc etc

' set the form authentication stuff
FormsAuthentication.RedirectFromLoginPage(memberId, False)

And then you can always look up the email address from the memberId (caching it perhaps against the member id across requests)

Public Function GetMemberEmail(Byval memberId as Integer) As String

    Dim cacheKey as String = "member-email-" & memberId
    Dim email as String
    If Cache.Item(cacheKey) is Nothing Then
        email = GetMemberEmailByID(memberId)
        Cache.Insert(cacheKey, email ...
    Else
        email = Cache.Item(cacheKey)
    End If
    return email

End Function

If you need both pieces of information, and the Id is less likely to change, it would seem the better value to be used for your forms authentication....and you can always look up the email address from the value.

davidsleeps
  • 9,393
  • 11
  • 59
  • 73