ASP.NET Core声称可靠且安全吗?
[英]Are ASP.NET Core claims reliable and secure from tampering?
问题描述
I have several different types of users ( InternalUser , Clinician , and Patient ) that can log into my website, so, for each type of user, I've created a user class that inherits from ApplicationUser . 
我有几种不同类型的用户( InternalUser , Clinician和Patient )可以登录我的网站,因此,对于每种类型的用户,我都创建了一个继承自ApplicationUser的用户类。
If a logged-in user comes to the website's main page ( https://example.com/ ) then the MVC controller code needs to figure out which type of user it is so that it can return a redirect to the correct "main" page ( https://example.com/clinician , https://example.com/patient , etc.). 如果登录用户访问网站的主页( https://example.com/ ),那么MVC控制器代码需要确定它是哪种类型的用户,以便它可以返回重定向到正确的“主”页面( https://example.com/clinician , https://example.com/patient等)。
It seems reasonable to me to use a claim as an easy, low-cost way to discriminate the user type in the controller, without having to load the current user from the database. 使用声明作为一种简单,低成本的方法来区分控制器中的用户类型似乎是合理的,而无需从数据库加载当前用户。 When I register a user, I add a claim that represents the user "type": 当我注册用户时,我添加了一个代表用户“类型”的声明:
await _userManager.AddClaimAsync("ihi:user_type", "clinician");
Then, in the controller, I check the claim: 然后,在控制器中,我检查索赔:
[Authorize]
public IActionResult Index()
{
if (User.HasClaim("ihi:user_type", "clinician")) return Redirect("...");
if (User.HasClaim("ihi:user_type", "patient")) return Redirect("...");
if (User.HasClaim("ihi:user_type", "internal")) return Redirect("...");
throw new InternalErrorException("Logged in user is not in a recognized user role");
}
I have a couple of questions regarding this scheme: 关于这个方案,我有几个问题:
- Is this a reasonable approach? 这是一种合理的方法吗?
- This scheme (both the
[Authorize]attribute and my claims checks) relies on looking at the value of a cookie.此方案( [Authorize]属性和我的声明检查)依赖于查看cookie的值。 Is the data stored in that cookie reasonably safe from tampering?存储在该cookie中的数据是否合理安全地被篡改? (I would hope so, otherwise an attacker could modify the cookie and game the Identity system.) (我希望如此,否则攻击者可以修改cookie并游戏身份系统。)
1 个解决方案
解决方案1
3 已采纳 2018-11-03 01:14:50
Is this a reasonable approach?
Yes, that's a common approach, given that the Identity cookie has all claims inside. 是的,这是一种常见的方法,因为Identity cookie中包含所有声明。
Is the data stored in that cookie reasonably safe from tampering?
SignInAsync creates an encrypted cookie and adds it to the current response.
Under the covers, the encryption used is ASP.NET Core's Data Protection system.
As you can see here , there are lots of configurations you can do to the Data Protection system, including using certificates to create/protect the keys used to encrypt the Identity cookie, and using ephemeral keys so all cookies are forever lost upon shutting down the application. 正如您在此处所看到的,您可以对数据保护系统进行许多配置,包括使用证书创建/保护用于加密Identity cookie的密钥,以及使用临时密钥,以便在关闭时永久丢失所有cookie应用。
Overall, unless you have some high level of security needed, the default settings are more than enough. 总的来说,除非你需要一些高级别的安全性,否则默认设置就足够了。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.