登录

时间:2017-07-20 04:15:56

标签: c# asp.net vb.net asp.net-identity

我注意到我的基于身份ASP.NET的{​​{1}} Web窗体应用程序在每个页面请求中从数据库中记录了用户数据。这是正常和设计的行为吗?出于性能原因,可能会在Session中缓存用户数据。如果我没有在母版页中添加可能导致此行为的额外代码,我已经仔细检查过。但不,我使用的是标准的Web表单模板,没有将代码添加到母版页。

在每个页面请求上执行的SQL语句:

2.2.1

更新1

由于应用程序在Azure中使用App Service和Azure SQL,因此每个页面请求后面的数据库查询证明是Application Insights,如附带的屏幕截图所示。

enter image description here

我已经开始进一步调查并将数据库移动到本地环境。 SELECT [Extent1].[Id] AS [Id], [Extent1].[Email] AS [Email], [Extent1].[EmailConfirmed] AS [EmailConfirmed], [Extent1].[PasswordHash] AS [PasswordHash], [Extent1].[SecurityStamp] AS [SecurityStamp], [Extent1].[PhoneNumber] AS [PhoneNumber], [Extent1].[PhoneNumberConfirmed] AS [PhoneNumberConfirmed], [Extent1].[TwoFactorEnabled] AS [TwoFactorEnabled], [Extent1].[LockoutEndDateUtc] AS [LockoutEndDateUtc], [Extent1].[LockoutEnabled] AS [LockoutEnabled], [Extent1].[AccessFailedCount] AS [AccessFailedCount], [Extent1].[UserName] AS [UserName] FROM [dbo].[AspNetUsers] AS [Extent1] WHERE [Extent1].[Id] = @p0 表示每个页面请求实际上有10个数据库查询。那些是SELECT SQL Server ProfilerAspNetUsersAspNetUserClaims等。其中一些是执行两次。这不依赖于母版页。不基于母版页的页面会触发与基于母版页的查询相同的10个查询。

我对默认的Visual Studio模板进行了一些修改,如下面的源代码所示。我已经仔细检查过,一旦用户登录,基于相同模板的新项目就不会触发任何数据库查询。

完成修改:

  • AspNetUserLogins类中的其他字段,通过迁移添加到数据库表
  • 几个配置参数
  • 电子邮件服务配置

源代码:

Global_asax 

ApplicationUser

启动

Public Class Global_asax
Inherits HttpApplication

Sub Application_Start(sender As Object, e As EventArgs)
    ' Fires when the application is started
    RouteConfig.RegisterRoutes(RouteTable.Routes)
    BundleConfig.RegisterBundles(BundleTable.Bundles)
End Sub
End Class

IdentityConfig.vb 

Partial Public Class Startup

' For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301883
Public Sub ConfigureAuth(app As IAppBuilder)
    'Configure the db context, user manager and signin manager to use a single instance per request
    app.CreatePerOwinContext(AddressOf ApplicationDbContext.Create)
    app.CreatePerOwinContext(Of ApplicationUserManager)(AddressOf ApplicationUserManager.Create)
    app.CreatePerOwinContext(Of ApplicationSignInManager)(AddressOf ApplicationSignInManager.Create)

    ' Enable the application to use a cookie to store information for the signed in user
    app.UseCookieAuthentication(New CookieAuthenticationOptions() With {
        .AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
        .Provider = New CookieAuthenticationProvider() With {
            .OnValidateIdentity = SecurityStampValidator.OnValidateIdentity(Of ApplicationUserManager, ApplicationUser)(
                validateInterval:=TimeSpan.FromMinutes(0),
                regenerateIdentity:=Function(manager, user) user.GenerateUserIdentityAsync(manager))},
        .LoginPath = New PathString("/Account/Login"),
        .ExpireTimeSpan = TimeSpan.FromMinutes(20),
        .SlidingExpiration = True})

    ' Use a cookie to temporarily store information about a user logging in with a third party login provider
    'app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie)

    ' Enables the application to temporarily store user information when they are verifying the second factor in the two-factor authentication process.
    'app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(5))

    ' Enables the application to remember the second login verification factor such as phone or email.
    ' Once you check this option, your second step of verification during the login process will be remembered on the device where you logged in from.
    ' This is similar to the RememberMe option when you log in.
    'app.UseTwoFactorRememberBrowserCookie(DefaultAuthenticationTypes.TwoFactorRememberBrowserCookie)

    ' Uncomment the following lines to enable logging in with third party login providers
    'app.UseMicrosoftAccountAuthentication(
    '    clientId:= "",
    '    clientSecret:= "")

    'app.UseTwitterAuthentication(
    '   consumerKey:= "",
    '   consumerSecret:= "")

    'app.UseFacebookAuthentication(
    '   appId:= "",
    '   appSecret:= "")

    'app.UseGoogleAuthentication(New GoogleOAuth2AuthenticationOptions() With {
    '   .ClientId = "",
    '   .ClientSecret = ""})
End Sub
End Class

1 个答案:

答案 0 :(得分:2)

问题与这段代码有关:

.OnValidateIdentity = SecurityStampValidator.OnValidateIdentity(Of ApplicationUserManager, 
    ApplicationUser)(validateInterval:=TimeSpan.FromMinutes(0),

尝试更大的值,例如.FromMinutes(15)

由于validateInterval为0,因此它基本上会在每次加载页面时重新验证身份信息。

相关问题
最新问题