C
C
CJDmitry2016-12-03 06:06:07
ASP.NET
CJDmitry, 2016-12-03 06:06:07

ASP .Net MVC own authorization system without Identity?

How safe and whether it is generally possible to use this approach instead of the tricky ASP.NET Identity:
Upon successful registration, the user's data is stored not only in the database, but also in a static class. If login/registration failed, then ApplicationUser remains null

public static class AppUser
    {
        /// <summary>
        /// Информация о текущем пользователе
        /// </summary>
        public static Site1.Models.User ApplicationUser = null;
    }

Accordingly, the user remains authorized for the entire life cycle of the application.
The model contains all the user data, which can be easily obtained in the code without accessing the database every time.
Of course, you can develop various methods of protection.

Answer the question

In order to leave comments, you need to log in

1 answer(s)
E
Eugene, 2016-12-03
@cjdmitri

The life cycle of static variables is determined by the application life cycle - this is already one minus. When you restart your application, you will need to restore them. In the case of storing identification data in Session, or in Db, you control this moment by defining the life cycle of this data.
Static variables are only available on one server. If your application is hosted on multiple machines, then certain variables on one server are not accessible from another.
Static variables are available to everyone, i.e. are global within the App Domain. I think that also says a lot. I'll have to make crutches, I'm afraid to imagine what, by access to them; somehow parallel client requests. While Session has Session concurrency
In general, if we talk about the Session mechanism, then I will say that these are understandable and widespread practices for storing identification data. I think this approach is quite applicable for most applied tasks. If more security is required, then we are already looking towards the Server-side for storing state, for example, in a database.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question