我可以将asp.net MVC 5身份用户ID从string(GUID)更改为int [英] Can I change asp.net mvc 5 identity user ID from string(GUID) to int

问题描述

我想知道为什么asp.net mvc 5 Identity用户默认使用string(GUID)作为键而不是int?

I wonder why asp.net mvc 5 Identity user uses string(GUID) as key not an int by default?

有什么理由要这样做吗?我知道可以将密钥更改为int，但这完全是一种好的做法吗?

Are there any reason to do this? I know that it is possible to change the key to int, but is this change good practice at all?

此ID可能保留在cookie的某个位置，还是在OAUTH中使用，并且不建议这样做?

May be this ids are kept somewhere in the cookie, or are used in OAUTH, and it is not recommended to do this?

推荐答案

我想到的两件事是int有一个局限性，而GUID则没有，并且如果我知道我的ID是76，我可以知道至少还有75个用户的ID.多数情况下，这并没有证明是有问题的，但是我可以想象出现这种情况的情况. Cookie中不会使用用户ID(至少不会直接使用)-使用用户会话，然后通过其ID绑定到当前用户.因此，我想答案是安全性提高90％且用户ID不受限制的10％的组合.

Two things that come on top of my head are that int has a limitation where as GUID doesn't and that if I know my ID is 76, I can know the ids of at least 75 more users. This, more often doesn't prove to be problematic, but I can imagine cases where it could. Users Ids are not used (at least not directly) in cookies - user sessions are used and then bound to current users by their Id. So I guess the answer is a combination between 90% more secure and 10% unlimited user ids.

这篇关于我可以将asp.net MVC 5身份用户ID从string(GUID)更改为int的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！