当用户登录时,将 UserID 保存在授权 cookie 中 FormsAuthentication 票证的 UserData 属性中:
string userData = userID.ToString();
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, user.Email,
DateTime.Now, DateTime.Now.AddMinutes(FormsAuthentication.Timeout.TotalMinutes),
createPersistentCookie, userData);
string hashedTicket = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, hashedTicket);
HttpContext.Current.Response.Cookies.Add(cookie);
您可以在 Global.asax 的 PostAuthenticateRequest 方法中读回它:
HttpCookie formsCookie = Request.Cookies[FormsAuthentication.FormsCookieName];
if (formsCookie != null)
{
FormsAuthenticationTicket auth = FormsAuthentication.Decrypt(formsCookie.Value);
Guid userID = new Guid(auth.UserData);
var principal = new CustomPrincipal(Roles.Provider.Name, new GenericIdentity(auth.Name), userID);
Context.User = Thread.CurrentPrincipal = principal;
}
请注意,在本例中,CustomPrincipal 派生自 RolePrincipal(尽管如果您不使用 Roles,我认为您需要从 GenericPrincipal 派生),并且只需添加 UserID 属性并重载构造函数。
现在,无论您在应用程序中需要 UserID,您都可以执行以下操作:
if(HttpContext.Current.Request.IsAuthenticated)
Guid userID = ((CustomPrincipal)HttpContext.Current.User).UserID;