保存身份验证令牌的最佳方法? [英] Best way to save authentication token?

问题描述

我一直致力于在 c# 中实现 api.实施进展顺利，但我确实遇到了一个问题.

I've been working on implementing an api in c#. The implementation is going well, but I did come across a concern.

当我的图书馆针对 api 进行了授权时，我有一个 auth_token，我将其用于对 Web 服务的后续查询.

When my library has authorized against the api I have a auth_token which I use for consequent queries to the webservice.

令牌需要在程序运行之间保留，因为它对用户保持不变(尽管我会在应用程序启动时检查它是否仍然有效).

The token needs to be kept between program runs as it stays the same for the user (although I do check if it is still valid when the application starts).

出于测试目的，我基本上只是将令牌保存到保存在应用程序根目录中的文本文件中.

For testing purposes I basically just save the token into a text file which is kept in the root directory of the app.

这很好用，但这是最好的方法吗?

This works fine, but is this the best way?

不确定用户是否会喜欢它被保存在一个明文文件中(即使它在他自己的电脑上).

Not sure the user will appreciate that it gets saved in a cleartext file (even if it is on his own pc).

那么，像这样保存令牌的一般做法是什么?

So, what is general practice for saving tokens like this?

推荐答案

我会使用 Windows 数据保护 关于如何使用它，有许多示例来自 C#.它使用用户特定的密钥来加密数据.只有用户自己才能解密.还要确保服务器和客户端之间传输的数据安全.

I would use the Windows Data Protection There are numerous examples around on how to use it from C#. It uses a user specific key to encrypt the data. Only the user themselves can decrypt it. Also be sure to secure the data during transmission between the server and the client.

这篇关于保存身份验证令牌的最佳方法?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！