I am writing my first ASP.NET Web API application. I am familiar with other web application frameworks (mostly Symfony, but also Django, and to a lesser extent RoR).
我正在写我的第一个ASP。净Web API的应用程序。我熟悉其他的web应用程序框架(主要是Symfony,但也包括Django,以及较小的RoR)。
I am struggling a bit, to understand the sequence of events that occur after a request is sent from a browser/front end client, to the web server.
为了理解从浏览器/前端客户端发送请求到web服务器之后发生的事件的顺序,我有点吃力。
I am writing a multi tenanted application, which uses a DB backend. I am using ADO and raw SQL to access the database, I also need to store a lot of information, per user, so that basically, I create (or fetch from cache), a preloaded context, for the user.
我正在编写一个多租户应用程序,它使用DB后端。我使用ADO和原始SQL来访问数据库,我还需要存储大量的信息,每个用户,所以基本上,我创建(或从缓存获取),一个预先加载的上下文,为用户。
here is some pseudo-code, that illustrates, what I'm trying to achieve, in ASP.NET.
这里有一些伪代码,说明了我在ASP.NET中试图实现的目标。
namespace myApp.Controllers
{
public class FoobarController : ApiController
{
public Response doLogin(request)
{
var ctx = myApplicationContext.getInstance();
var user = ctx.getUser();
if (!user.isLoggedOn())
{
username = request.getParameter('username');
password= request.getParameter('password');
dbManager = ctx.getDbInstance();
resp = dbManager.internalLogin(username, password);
// Load permissions etc for current user, from db
// Store user info in cache ..
}
}
public Response ActionOne(request)
{
ctx = myApplicationContext.getInstance();
user = ctx.getUser();
if (user.hasPermission('xxx'))
{
}
}
}
}
My question, is, how do I implement this kind of functionality:
我的问题是,我如何实现这种功能:
Namely:
即:
-
Create an application context, in which I can populate with context sensitive information like a database connection, mailer configuration, object factories, miscellaneous state information etc.
创建一个应用程序上下文,我可以在其中填充上下文敏感信息,如数据库连接、邮件发送器配置、对象工厂、杂项状态信息等。
-
Access a user object (which I can add user credentials, permissions etc to)
访问用户对象(我可以向其添加用户凭证、权限等)
-
Have access to session variables etc?
访问会话变量等等?
Notes
笔记
- I will be deploying the web app on Linux, and I will be using Apache as the web server.
- 我将在Linux上部署web应用程序,我将使用Apache作为web服务器。
- For the purpose of this project, I don't want to use any Microsoft technology like Azure, Windows Authentications etc (other than C# and ASP.Net)
- 对于这个项目,我不想使用任何Microsoft技术,比如Azure、Windows身份验证等等(除了c#和ASP.Net)
- I want to use a raw database connection, not using Entity Manager (legacy application port)
- 我希望使用原始数据库连接,而不是使用实体管理器(遗留应用程序端口)
1 个解决方案
#1
5
I am struggling a bit, to understand the sequence of events that occur after a request is sent from a browser/front end client, to the web server.
为了理解从浏览器/前端客户端发送请求到web服务器之后发生的事件的顺序,我有点吃力。
For this I would say this PDF Poster gives best pictorial representation of request processing in ASP.NET WebAPI.
为此,我想说这个PDF海报提供了ASP中请求处理的最佳图像表示。净之前。
My question, is, how do I implement this kind of functionality:
我的问题是,我如何实现这种功能:
Namely:
即:
Create an application context, in which I can populate with context sensitive information like a database connection, mailer configuration, object factories, miscellaneous state information etc.
创建一个应用程序上下文,我可以在其中填充上下文敏感信息,如数据库连接、邮件发送器配置、对象工厂、杂项状态信息等。
Access a user object (which I can add user credentials, permissions etc to)
访问用户对象(我可以向其添加用户凭证、权限等)
Have access to session variables etc?
访问会话变量等等?
For this I would say, WebAPIs are designed to be stateless and so, best approach is to create a persistent session (Say in database) and use an identifier for session (like session key or token) for each request to identify a user and fetch his session variables / context informations.
对此,我要说,webapi被设计成无状态的,因此,最好的方法是创建一个持久会话(比如在数据库中),并为每个请求使用会话标识符(如会话密钥或令牌)来标识用户并获取其会话变量/上下文信息。
Now, for implementing the kind of functionality you have asked for in your example, that would be attained by a combination of Authentication Filters and Authorization Filters(More details on implementing them here) .
现在,为了实现您在示例中所要求的功能,可以通过身份验证过滤器和授权过滤器(关于实现它们的更多细节在这里)的组合来实现。
Each request in WebAPI is first processed by handlers and then before execution of requested action, filters are applied. For your example Authentication filters will hold the DoLogin function and user.hasPermission logic will reside in Authorization filters and only action logic will reside in the Action(function) in controller.
WebAPI中的每个请求首先由处理程序处理,然后在执行请求的操作之前应用过滤器。对于示例,身份验证过滤器将保存DoLogin函数和用户。hasPermission逻辑将驻留在授权过滤器中,只有action逻辑将驻留在controller中的action(函数)中。
#1
5
I am struggling a bit, to understand the sequence of events that occur after a request is sent from a browser/front end client, to the web server.
为了理解从浏览器/前端客户端发送请求到web服务器之后发生的事件的顺序,我有点吃力。
For this I would say this PDF Poster gives best pictorial representation of request processing in ASP.NET WebAPI.
为此,我想说这个PDF海报提供了ASP中请求处理的最佳图像表示。净之前。
My question, is, how do I implement this kind of functionality:
我的问题是,我如何实现这种功能:
Namely:
即:
Create an application context, in which I can populate with context sensitive information like a database connection, mailer configuration, object factories, miscellaneous state information etc.
创建一个应用程序上下文,我可以在其中填充上下文敏感信息,如数据库连接、邮件发送器配置、对象工厂、杂项状态信息等。
Access a user object (which I can add user credentials, permissions etc to)
访问用户对象(我可以向其添加用户凭证、权限等)
Have access to session variables etc?
访问会话变量等等?
For this I would say, WebAPIs are designed to be stateless and so, best approach is to create a persistent session (Say in database) and use an identifier for session (like session key or token) for each request to identify a user and fetch his session variables / context informations.
对此,我要说,webapi被设计成无状态的,因此,最好的方法是创建一个持久会话(比如在数据库中),并为每个请求使用会话标识符(如会话密钥或令牌)来标识用户并获取其会话变量/上下文信息。
Now, for implementing the kind of functionality you have asked for in your example, that would be attained by a combination of Authentication Filters and Authorization Filters(More details on implementing them here) .
现在,为了实现您在示例中所要求的功能,可以通过身份验证过滤器和授权过滤器(关于实现它们的更多细节在这里)的组合来实现。
Each request in WebAPI is first processed by handlers and then before execution of requested action, filters are applied. For your example Authentication filters will hold the DoLogin function and user.hasPermission logic will reside in Authorization filters and only action logic will reside in the Action(function) in controller.
WebAPI中的每个请求首先由处理程序处理,然后在执行请求的操作之前应用过滤器。对于示例,身份验证过滤器将保存DoLogin函数和用户。hasPermission逻辑将驻留在授权过滤器中,只有action逻辑将驻留在controller中的action(函数)中。