多个独立数据库事务的并发问题？

Question

您将如何使用以下代码解决并发问题？在此示例中，我们想知道为什么用户身份验证失败。问题是这段代码对数据库进行了两次单独的调用，但我们希望整个方法发生在概念事务中。具体来说，我们对isolation 感兴趣。在我们确定身份验证失败的原因之前，我们不希望在执行此方法期间的并发写入影响我们的读取。

我想到了几个解决方案：Thread Locking、TransactionScope 和 Optimistic Locking。我真的很喜欢乐观锁定的想法，因为我认为冲突可能很少见，但是 .NET 中没有内置的东西可以做到这一点，对吧？

另外 - 在这种情况下，这真的值得关注吗？什么时候考虑这样的并发问题很重要，什么时候不重要？在实施解决方案时需要考虑什么？表现？锁定的持续时间？发生冲突的可能性有多大？

编辑：在查看了 Aristos 的回答后，我认为我真正想要的是 Authenticate 方法的某种“snapshot”隔离级别。

public MembershipStatus Authenticate(string username, string password)
    {
        MembershipUser user = Membership.GetUser(username);
        if (user == null)
        {
            // user did not exist as of Membership.GetUser
            return MembershipStatus.InvalidUsername;
        }

        if (user.IsLockedOut)
        {
            // user was locked out as of Membership.GetUser
            return MembershipStatus.AccountLockedOut;
        }

        if (Membership.ValidateUser(username, password))
        {
            // user was valid as of Membership.ValidateUser
            return MembershipStatus.Valid;
        }

        // user was not valid as of Membership.ValidateUser BUT we don't really
        // know why because we don't have ISOLATION.  The user's status may have changed
        // between the call to Membership.GetUser and Membership.ValidateUser.
        return MembershipStatus.InvalidPassword;
    }

Answer 1

根据我对here 和here 的阅读，似乎System.Transactions.TransactionScope 包装了您的整个方法应该自动将您的数据库调用加入到一个公共事务中，从而在整个事务中实现事务安全整个交易范围。

你会想做这样的事情：

public MembershipStatus Authenticate(string username, string password)
{
    using (TransactionScope scope = new TransactionScope(TransactionScopeOption.Required, new TransactionOptions { IsolationLevel = IsolationLevel.Snapshot }))
    {
    MembershipUser user = Membership.GetUser(username);
        if (user == null)
        {
            // user did not exist as of Membership.GetUser
            return MembershipStatus.InvalidUsername;
        }

        if (user.IsLockedOut)
        {
            // user was locked out as of Membership.GetUser
            return MembershipStatus.AccountLockedOut;
        }

        if (Membership.ValidateUser(username, password))
        {
            // user was valid as of Membership.ValidateUser
            return MembershipStatus.Valid;
        }

        // user was not valid as of Membership.ValidateUser BUT we don't really
        // know why because we don't have ISOLATION.  The user's status may have changed
        // between the call to Membership.GetUser and Membership.ValidateUser.
        return MembershipStatus.InvalidPassword;
    }
}

Answer 2

我将使用mutex 名称作为锁定参数，因此只有同一个用户可以锁定一段时间。这对我来说对一台计算机来说更安全，因为使用互斥锁我可以从不同的池或网络调用中捕获所有可能的线程。

public MembershipStatus AuthenticateLock(string username, string password)
{
    if(string.IsNullOrEmpty(username))
      return MembershipStatus.InvalidUsername;

    // TODO: Here you must check and clear for non valid characters on mutex name
    using (var mutex = new Mutex (false, username))
    {
         // possible lock and wait, more than 16 seconds and the user can go...
         mutex.WaitOne (TimeSpan.FromSeconds(16), false);

         // here I call your function anyway ! and what ever done...
         //  at least I get a result
         return Authenticate(username, password)
    }
}

更多 cmets：Membership.ValidateUser 和 Membership.GetUser 都调用数据库。

但是如果您对进行此调用并影响此参数的页面使用标准的 asp.net 会话，那么页面都准备好锁定另一个，所以我认为那里没有机会需要这个互斥调用。因为会话的锁足以同步这部分。我提醒一下，会话正在为所有用户从头到尾锁定页面。

关于会话锁定： Replacing ASP.Net's session entirely

jQuery Ajax calls to web service seem to be synchronous