如何为桌面应用程序客户端缓存登录数据 [英] How to cache login data for desktop application client
问题描述
有一个winform客户端连接到服务器,并通过提供用户名和密码进行身份验证.
There is a winform client that connects to server and gets authenticated by providing username and password.
用户第一次将其用户名/密码发送到服务器,此后,如果未注销,则无需再次进行身份验证(例如Github
客户端或Windows Live Mail
)
The user first time sends his username/password to the server, after that if didn't log out there is no need to get authenticated once more (like Github
client or Windows Live Mail
)
所以我想知道:
- 如果用户名/密码有效,则什么服务器应该返回, 真/假值或其他?
- 在下一次运行中,如何检查 如果用户上次通过身份验证并已登录?哪些值应该 我检查一下吗?考虑不允许篡改数据
- 如果我将哈希密码保存在应用设置中,如何避免被其他人窃取?
- what server should return back if username/password is valid, a true/false value or something else?
- at the next run, how can I check if user authenticated last time and is logged on? which values should I check exactly? considering not allowing data tampering
- If I save hashed password in app settings, how can I avoid stealing it by another one?
(在堆栈溢出中是否避免欣赏?))
(Is appreciating avoided here in stackoverflow? ;) )
推荐答案
如果您不希望将用户名/密码保留在应用程序中,则可以使用HMAC身份验证.您在第一次通话期间使用用户名/密码对用户进行身份验证,但是如果身份验证成功,则将返回会话密钥作为响应.您可以使用该会话密钥对其余的呼叫进行身份验证,如此处所示,
If you don't want to keep the username/password cached in the application, you can use HMAC authentication instead. You authenticate the user during the first call using the username/password, but a session key is returned as response if the authentication was successfull. You can use that session key to authenticate the rest of the calls, as it is illustrated here,
关于, 巴勃罗.
这篇关于如何为桌面应用程序客户端缓存登录数据的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!