Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

ASP.Net MVC Store User Entity In Session

Tags:

session-variables

asp.net-mvc-3

entity-framework-4

entity

I am developing an ASP.Net MVC 3 Web application with Entity Framework 4. When a user logs into my application I would like to store their user entity (firstName, lastName etc) in a session which can then be access throughout the application.

I understand that this may not be a good idea because when the ObjectContext closes/ disposes, then the User entity is detached and the user details could be lost.

I thought another method could be, when the user logs in, assign the userID (Primary Key) to a session variable, ie:

HttpContext.Current.Session["currentUserID"] = user.userID;

Then create a class in the UserService class like so:

public static User CurrentUser
    {

        get
        {
            return Data.DBEntities.Users.Where(u => u.userID == HttpContext.Current.Session["currentUserID"]).FirstOrDefault();
        }

    }

Which should return a User Entity based on the currentUserID session variable. This isn't working for me however, I am getting a couple of errors

Cannot convert lambda expression to type 'string' because it is not a delegate type
Delegate 'System.Func<Asset.Model.User,int,bool>' does not take 1 arguments

Is this approach I am taking correct, or is there a better way?

Any feedback would be much appreciated.

like image 763
tcode Avatar asked Feb 14 '11 12:02

tcode

1 Answers

First, don't store security-sensitive information in Session. Google "ASP.NET Session hijacking" for info as to why.

That said, this code can be made to work. You just have a cast error. Also, You're not accounting for the fact that Session can and does expire during a login. You could do this:

public static User CurrentUser
{
    get
    {
        object userID = HttpContext.Current.Session["currentUserID"];
        if (userID == null)
        {
            throw new InvalidOperationException("Oops!");
        }
        return Data.DBEntities.Users.Where(u => u.userID == (int)userId ).FirstOrDefault();
    }
}

...which at least compiles, but isn't secure and sometimes throws.

It would be better to store the user ID on a custom principal, which is secure and doesn't expire.

like image 113
Craig Stuntz Avatar answered Oct 12 '22 10:10

Craig Stuntz
Sign in to Comment

Related questions

Microsoft SQL Server 2008 - 99% fragmentation on non-clustered, non-unique index
EF4 code-first vs model-first with regards to model validation
What are required assemblies for Entity Framework 4.1 and SQL Compact?
How to eager load child entities using repository pattern
Entity Framework 4 - ApplyCurrentValues<TEntity> vs. ObjectStateManager.ChangeObjectState
Entity Framework 4.1 Retrieving self referencing data
Create new EF object with foreign key reference without loading whole rereference object
Unable to refactor using LINQ to Entities and LinqKit / PredicateBuilder
Querying Many to Many and Conditional Where
Entity Framework Virtual Properties
What is the difference between these LINQ queries
Entity Framework appending '1' to property name when it matches entity name
Entity Framework 4 - Where to put "ApplyCurrentValues" Logic?
'IN' & 'NOT IN' in Linq query
Parametrized POCO Constructors with the Entity Framework
Programmatically Enabling/Disabling Entity Proxies
How do I implement a search feature with Entity Framework?
How can I detect a [NotMapped] annotation from PropertyInfo or MetaData?
EntityFramework not creating tables
Does entity framework compare assigned values with original to determine IsModified flag?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!