堆栈内存溢出
  简体   繁体   English

在会话.NET中存储纯文本密码

[英]Storing plain text password in session .NET

 原文  2014-02-18 04:49:24       c#/ .net/ session/ passwords

问题描述

I'm working on a .net application that uses wsdl to connect to another service (the service is SpiraTest). 我正在使用wsdl连接到另一个服务(该服务是SpiraTest)的.net应用程序。 I need to call authentication method in every request. 我需要在每个请求中调用身份验证方法。 The problem is that the service only provides a method to authenticate with a username and a plain-text password. 问题在于该服务仅提供一种使用用户名和纯文本密码进行身份验证的方法。

What would be a good way to save the username and plain password? 保存用户名和普通密码的好方法是什么? I'm considering putting them in a session if I don't better options? 如果我没有更好的选择,我正在考虑将它们放在会议上吗?

Users log in with the credentials to use the app and I use the same credentials to contact the remote service. 用户使用凭据登录即可使用该应用程序,而我使用相同的凭据来联系远程服务。 User log on only once, but every time they navigate through pages that need data from remote service, I need to authenticate using the credentials that user gave when logging in. 用户仅登录一次,但是每次他们浏览需要远程服务数据的页面时,我都需要使用用户登录时提供的凭据进行身份验证。

2 个解决方案

解决方案1
 0  2014-02-18 05:45:03

Session consume more memory in server side and it is not good solution for your Task. 会话在服务器端消耗了更多的内存,对于您的任务而言,这不是一个好的解决方案。 What I suugest that Form authentication in asp.net. 我在asp.net中建议进行表单身份验证。 It create a cookie based on the credentials you have passed for authentication and it will be kept on browser until you log off from your App http://www.codeproject.com/Articles/13872/Form-authentication-and-authorization-in-ASP-NET I hope it may solve your problem 它会根据您通过的身份验证凭据创建一个cookie,它将一直保存在浏览器中,直到您从应用程序http://www.codeproject.com/Articles/13872/Form-authentication-and-authorization-in中注销为止-ASP-NET我希望它可以解决您的问题

解决方案2
 -1 已采纳  2014-02-18 04:53:15

I'm not familiar with ASP.NET sessions, but I'm assuming they're similar to PHP sessions. 我不熟悉ASP.NET会话,但是我假设它们类似于PHP会话。 In that case, the actual session data is kept in a file on the server . 在这种情况下,实际的会话数据将保存在服务器上的文件中 If you're just trying to keep your users from seeing this password, I think that keeping them in the session would be sufficient. 如果您只是想让您的用户看不到该密码,那么我认为将他们保留在会话中就足够了。

However, you haven't told us exactly how this username and password come to exist and are used. 但是,您尚未确切告诉我们该用户名和密码是如何存在和使用的。 If you have just one username / password that your application uses to make requests to the web service, there is no point in keeping them in the session at all - simply store them in a global config. 如果您应用程序只使用一个用户名/密码来向Web服务发出请求,那么根本就没有必要将它们保留在会话中-只需将它们存储在全局配置中即可。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在Session ASP .NET MVC中存储密码,如纯文本 - Store password like a plain text in Session ASP .NET MVC 将纯文本密码迁移到asp.net Identity 2.1 - Migrating plain-text password to asp.net Identity 2.1 在SQL中最终需要以纯文本格式存储密码的最佳方法是什么? - What would be the best way of storing a password in SQL that needs to eventually be in plain text? NetworkCredentials以纯文本形式公开密码 - NetworkCredentials exposes password in plain text 会话安全存储登录名和密码哈希吗? - Is storing login and password hash in session secure? 储存密码的最佳方法(无数据库或纯文本)? - Best way to store password (no database or plain text)? 在asp.net会话中存储不同的数据类型 - Storing different datatypes in the asp.net session 存储字典 <String, String> 在Session(.NET)中 - Storing Dictionary<String, String> in Session (.NET) 在ASP.NET页中存储会话变量? - Storing session variables in ASP.NET page? SHA1纯文本? C#.NET - SHA1 Plain text? C#.NET
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM