在ASP.NET中模拟而不声明密码
[英]Impersonation in ASP.NET without declaring password
问题描述
I am trying to implement impersonation in ASP.NET. 
我正在尝试在ASP.NET中实现模拟。 I am following this URL . 我正在关注此URL 。
Microsoft beautifully explains the process. Microsoft很好地解释了该过程。
However, I am a bit skeptical about declaring the password in web.config 但是,我对在web.config中声明密码有些怀疑
Is there any way, we can achieve impersonation without declaring password? 有什么方法可以在不声明密码的情况下实现模拟?
Thank you 谢谢
1 个解决方案
解决方案1
1 已采纳 2013-07-17 14:49:30
If you want to use user name and password for impersonation you have to store it somewhere. 如果要使用用户名和密码进行模拟,则必须将其存储在某处。
But here is a list of things you can try: 但是,您可以尝试以下操作:
- Don't store credentials, but ask user to type them in. This will remove maintenance headache from you (user left company, password expired etc) 不要存储凭据,而是要求用户输入凭据。这将减轻您的维护麻烦(用户离开公司,密码过期等)
- Store credentials in web config using encryption 使用加密将凭据存储在Web配置中
- Use Windows impersonation where currently logged in user passes a security descriptor automagically. 在当前登录的用户自动通过安全描述符的地方使用Windows模拟。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.