User.Identity.GetUserId() 可以被用户伪造吗?
[英]Can User.Identity.GetUserId() be faked by a user?
问题描述
Can User.Identity.GetUserId() be faked by a user? 
User.Identity.GetUserId()可以被用户伪造吗? Or is it safe to assume that it will always return an UserId for which an user exists or null?或者假设它总是返回用户存在或为空的UserId是否安全?
2 个解决方案
解决方案1
2 已采纳 2015-07-29 03:36:25
With ASP.Net Identity, those details are claims that are encrypted by the web server, and stored in a cookie.使用 ASP.Net Identity,这些详细信息是由 Web 服务器加密并存储在 cookie 中的声明。
How secure is it?它有多安全? That's something that's too broad and opinion based to get into here, but this may hold some relevance: How secure is ASP.NET Identity session cookie?这是一个过于广泛和基于意见的东西,无法进入这里,但这可能具有一定的相关性: ASP.NET Identity 会话 cookie 的安全性如何?
Suffice to say that it would not be a trivial exercise for a user to send a fake user id.可以说,用户发送假用户 ID 并非易事。
解决方案2
0 2015-07-29 02:00:11
Found something helpful related to your question.找到了与您的问题相关的有用信息。 How to get current user, and how to use User class in MVC5? 如何获取当前用户,以及如何在 MVC5 中使用 User 类?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.