Asp.NET中持久性安全信息的合适选项
[英]Suitable option for Persist Security info in Asp.NET
问题描述
From the starting of asp.net projects, I am using below connectionstring 
从asp.net项目的开始,我正在使用以下connectionstring
Data Source=Server; Initial Catalog=Database; User Id=sa; Password=123456; Persist Security=true;
Many times, I feel confuse by using Persist Security . 很多时候,我使用Persist Security感到困惑。 I read that if I set it to true, windows will remember password and if I set it to false then It won't return credentials. 我读到如果将其设置为true,则Windows将记住密码;如果将其设置为false,则它将不返回凭据。
What is the best suitable option to use Persist Security , specially for e-commerce type website ? 特别是针对电子商务类型的网站,使用Persist Security的最佳选择是什么? Is there any another best way to define User Id and Password ? 还有其他最佳方法来定义User Id和Password吗?
1 个解决方案
解决方案1
0 2016-01-24 04:48:39
Typically, if you have a user id and password, you don't need Persist Security . 通常,如果您具有用户ID和密码,则不需要Persist Security 。
What's a good way to define these credentials? 定义这些凭据的好方法是什么? If you're in a cloud hosting scenario like Azure, don't define these in the web.config, but rather define the connection string in the Azure portal. 如果您处于Azure之类的云托管方案中,请不要在web.config中定义它们,而应在Azure门户中定义连接字符串。 This keeps the production credentials out of version control, and may also protect enterprise credentials from developers. 这使生产凭据不受版本控制,并且还可以保护企业凭据免受开发人员的侵害。
If you're in a more traditional hosting environment, and your database and website are on the same virtual machine, you may be able to use a trusted connection (windows login account), avoiding the credentials in the web.config all together. 如果您使用的是传统托管环境,并且数据库和网站位于同一台虚拟机上,则可以使用受信任的连接(Windows登录帐户),而不必一起使用web.config中的凭据。
Look to connectionstrings.com for building connection strings to SQL Server (and other databases) in various forms. 查找connectionstrings.com ,以各种形式构建到SQL Server(和其他数据库)的连接字符串。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.