PasswordBox和MVVM [英] PasswordBox and MVVM
问题描述
我们有以下情形:
- MVVM用户界面中,用户可以在把他的密码(实际上是
PasswordBox) - 服务器即应做一些工作
- 服务器连接到一些数据库,需要鉴别
和我已经看过这个的>问题
And I already read this Question on PasswordBox in MVVM
但对如何做没有答案!仅仅过很多从来没有做到这一点。
But there is no answer on how to do! Just lots over "never ever do that".
什么是来回传送密码的正确方法?
如何解决安全问题?
What is the correct way of passing a password around? How to resolve the security issues?
有是绑定到<$没有正确的方法C $ C> PasswordBox 和
密码不得存储在某个地方,好吗。
There is no proper way of Binding to the PasswordBox and
the Password shall not be stored somewhere, okay.
那么,什么是的MVVM方式做这样的事情?
So, what is the MVVM way of doing such things?
即使格局被打破,有没有达到这样的事情的好办法?
Even if the pattern is broken, is there a good way to achieve such things?
在 Func键<的思想;串> 来检索它,但没有绑定这个
会得到一个烂摊子......
Thought of a Func<string> to retrieve it, but without Binding this
will get a mess...
更新
同为初始化从(希望加密的)密码存储的PasswordBox。
是不是打破MVVM模式?用户不希望输入密码$ B $他每次启动该应用程序或要与我相信数据库工作的时间B。
Update Same for initialising the PasswordBox from a (hopefully encrypted) password store. Isn't that breaking the MVVM pattern? The User does not want to enter the password each time he starts the application or wants to work with the database I believe.
推荐答案
个人而言,我只是通过整个 PasswordBox 控制我的LoginCommand
Personally I just pass the entire PasswordBox control to my LoginCommand
我知道它打破MVVM因为现在视图模型层涉及一个特定的视图对象,但我认为这是确定这种特殊情况下
I know it breaks MVVM because the ViewModel layer now references a View-specific object, but I think in this specific case it's OK.
所以我可能XAML看起来像这样的:
So I might have XAML that looks like this:
<Button Content="Login"
Command="{Binding LoginCommad}"
CommandParameter="{Binding ElementName=MyPasswordBox}" />
和一个 LoginCommand ,做这样的事情
private void Login(object obj)
{
PasswordBox pwBox = obj as PasswordBox;
SomeBlackBoxClass.ValidatePassword(UserName, pwBox.Password);
}
我想你也可以在值运行某种加密算法和比较该值的散列用户的密码太
I suppose you could also run some kind of encryption algorithm on the value and compare the hash of that value to the hash of the user's password too
private void Login(object obj)
{
PasswordBox pwBox = obj as PasswordBox;
var encryptedPassword = SomeLibrary.EncryptValue(pwBox.Password, someKey);
if (encryptedPassword == User.EncryptedPassword)
// Success
}
我在 PasswordBox 控制或安全方面的专家,但我知道你不希望被存储用户的密码纯文本在存储器中的任何应用程序中的
I'm no expert on the PasswordBox control or security, but I do know that you don't want to be storing the user's password in plain text anywhere in memory within your application
(从技术上讲,它存储为纯文本 PasswordBox.Password - 你可以使用像史努比的,如果你想验证这一点 - 但通常是PasswordBox不存在比它更长需要用户登录,而实际的密码,是由用户,这可能会或可能不正确。按键记录软件可以让你同样的信息输入的只是文本。)
(Technically, it's stored as plain text in PasswordBox.Password - you can use something like Snoop to verify this if you want - however typically the PasswordBox doesn't exist for longer than it takes the user to login, and the actual "password" is just text entered by the user, which may or may not be correct. A keylogger could get you the same information.)
这篇关于PasswordBox和MVVM的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
