我开始建立，用户需要以获得访问不同的模块进行验证的Web应用程序。

I'm start building a web application where the user needs to authenticate in order to get access to different modules.

我一直在使用ASP.NET MVC的过去和它使用FormsAuthentication和服务器会话所以我没有做往返到数据库，以获取用户角色或任何其它用户相关的数据是很容易每次我访问一个Web方法。

I have been working with ASP.NET MVC in the past and it was quite easy using FormsAuthentication and Server Sessions so I don't have to do roundtrips to the database in order to get the user roles or any other user related data everytime I access a web method.

我一直在读， AngularJS 将不是这样所以不会有任何服务器会话等。所以...

What I have been reading, AngularJS won't work that way so there won't be any Server Session, etc.. So...

在情况下，我需要我每次访问一个Web方法的时间来验证用户身份，我需要消耗数据库或有，我可以学到什么好的做法？

In case I need to verify user identity every time I access a web method do I need to consume database or there is any good practice that I can learn of?

我知道有方法来存储状态数据在客户端但如何能影响一个web应用程序的性能？

I know there are ways to store state data in client side but how that can affect the performance of a web application?

我已经看到，当用户登录到应用程序的最佳方式是将令牌发送到客户端，然后强制AngularJS来发送令牌，每次一个Web方法被访问......但对于发送给客户端用户的sessionId（来自数据库），然后在每一个Web方法发送消费的，然后创建一个过滤器，你检查的SessionID存在于数据库中，以便用户识别验证？

I have seen that when a user login to an application the best way is to send a Token to the client and then force AngularJS to send that Token everytime a web method is accessed... but what about sending to the client the user sessionId (from database) and then on every web method consumption sending that and then create a filter where you check that the sessionId exists in the database so the user identify is validated?

鸭preciate的任何意见或建议。

Appreciate any advice or recommendations.

感谢。

推荐答案

我对认证的看法是，你不需要把AngularJS进入画面，直到用户进行身份验证。您可以使用简单的登录页面，验证用户，然后重定向他有Angularjs您的应用程序页面。看看我的老的回答更多细节How在角JS应用来处理身份验证

My take on authentication is that you do not need to bring AngularJS into picture till the user is authenticated. You use simple login page and authenticate user and then redirect him to your app page that has Angularjs. Look at my old answer for more details How to handle authentication in Angular JS application

让我尝试解决您的问题。

Let me try to address your concerns.

在情况下，我需要我每次访问一个网页的时间来验证用户身份  方法做我需要消耗数据库，或者有什么好的做法  我可以学习的？

In case I need to verify user identity every time I access a web method do I need to consume database or there is any good practice that I can learn of?

一旦被认证的那部分是由服务器和浏览器cookie的照顾，你不需要做任何事情。如何标准的MVC网站的作品。

Once you have been authenticated that part is taken care by server and browser cookies, you don't need to do anything. How standard MVC site works.

我知道有很多方法可以存储在客户端，但怎么说状态数据  可以影响一个web应用程序的性能？

I know there are ways to store state data in client side but how that can affect the performance of a web application?

由于AngularJS是一个SPA，没有页面刷新。保存在 $ rootScope 或使用服务的数据是有直到有刷新页面。因为有涉及往返较少的性能会更好。

Since AngularJS is a SPA, there is no page refresh. Data stored at $rootScope or using service are there till one refreshes the page. Performance would be better as there are less round trips involved.

我已经看到，当用户登录到应用程序的最佳方式是  到一个令牌发送到客户端，然后强制AngularJS来发送  令牌每次Web方法被访问......但对于发送给  客户端用户的sessionId（来自数据库），然后每一个网络上  食用方法是发送，然后创建一个过滤器，你在哪里  检查的sessionId存在于数据库中，以便用户识别  验证？

I have seen that when a user login to an application the best way is to send a Token to the client and then force AngularJS to send that Token everytime a web method is accessed... but what about sending to the client the user sessionId (from database) and then on every web method consumption sending that and then create a filter where you check that the sessionId exists in the database so the user identify is validated?

这是标准形式验证和透明的开发商，无论是需要传统的MVC应用程序来完成身份验证将在这里工作。你不必担心sessionids，令牌等获取客户端上的用户身份，你可以写与方法，如的getUser A angularjs服务来获得当前登录的用户。但我提醒你相关决定授权仍应在服务器上完成。

This is standard form authentication, and transparent to developer, whatever was required to be done in traditional MVC app for authentication would work here. You don't have to worry about sessionids, tokens etc. To get users identity on the client, you can write a angularjs service with methods such as getUser to get the current logged in user. But i warn you that the authorization related decision should still be done on server.