在会话cookie ASP.Net存储用户密码？ [英] ASP.Net Store User Password in Session cookie?

问题描述

我认识的会员提供存储用户名和以加密cookie的到期时间，然后使用该来验证用户仍然记录在一个会话。

I know the Membership provider stores the user name and an expiration time in an encrypted cookie and then uses that to verify the user is still logged in for a session.

这将有可能存储用户的密码本加密的cookie以及。如果是的话你将如何访问服务器端？

Would it be possible to store the users password in this encrypted cookie as well. If so how would you access it server side?

我所需要的用户名和密码可用的服务器端，因为我需要调用使用相同的凭据Web服务。有一些更好的方式来做到这一点？

I need the users username and password available server side because I need to call web services that use those same credentials. Is there some better way to do this?

推荐答案

您应当将它保存在会话状态，这永远不会离开服务器。

You should store it in session state, which never leaves the server.

您也应该尝试改变这些Web服务使用的身份验证票证而不是密码（例如，OAuth的），因为它从来没有在明文存储密码是个好主意。

You should also try to change those web services to use authentication tickets instead of passwords (eg, OAuth), because it's never a good idea to store passwords in plain text.

这篇关于在会话cookie ASP.Net存储用户密码？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！