[英]What is the best way to pass sensitive data from page to page in ASP.NET MVC?
I'm designing a web application that has to pass sensitive information (like the user's account number) from page to page until the user is done (the application is like a wizard), for logging purposes. 我正在设计一个Web应用程序,该应用程序必须逐页传递敏感信息(例如用户的帐号),直到完成用户操作(该应用程序就像向导一样),以进行记录。 What is the best way of storing this data so that each page in the process can get access to the data? 什么是存储此数据的最佳方法,以便过程中的每个页面都可以访问该数据? Should I be storing it in the session? 我应该将其存储在会话中吗? In the database, then delete it at the end? 在数据库中,然后将其删除? Some method I haven't thought of yet? 我还没想到的某种方法?
I personally try to avoid using the session where possible . 我个人尽量避免使用会在可能的情况 。 Here are the options that I know of when dealing with wizard type scenarios: 这是我在处理向导类型方案时了解的选项:
Option 1 选项1
Use JQuery as discussed in Nadeem Afana's blog . 使用Nadeem Afana博客中讨论的JQuery。 The pages are displayed to the user one by one but the information is not submitted until the final page. 这些页面将一一显示给用户,但是直到最后一页才提交信息。
Option 2 选项2
Is the information on every page sensitive? 每页上的信息是否敏感? Could it be structured so that the sensitive information is just asked for on the final page? 是否可以进行结构化,以便仅在最后一页上要求提供敏感信息? If so you could serialize data across the pages as discussed in Darin Dimitrovs answer and just not provide a back button on the final page. 如果是这样,您可以按照Darin Dimitrovs答案中的讨论在整个页面上序列化数据,而不必在最后一页上提供后退按钮。 Alternatively, the data that is serialized can be encrytped with ease using the same MVC Futures serialization software although i'm not sure how sensitive your information is and whether you would want to rely on this. 另外,可以使用相同的MVC Futures序列化软件轻松地加密序列化的数据,尽管我不确定您的信息有多敏感以及是否要依靠它。 The answer also mentions alternatives such as Stepy but I have no experience with this. 答案还提到了诸如Stepy之类的替代方案,但我对此没有经验。
Option 3 选项3
If the information is sensitive you could write/read the information to a database between requests. 如果信息敏感,则可以在两次请求之间将信息写入/读取到数据库中。
Option 4 选项4
Finally, if you can't use any of the above then I would use the Session or TempData (which is a wrapper around the session) but beware that with TempData, if the user refreshes the page then the information will be lost. 最后,如果您不能使用上面的任何方法,那么我将使用Session或TempData(这是围绕该会话的包装器),但是请注意,使用TempData时,如果用户刷新页面,则该信息将丢失。
Session sounds fine to me, it goes away (almost) automatically. 会话对我来说听起来不错,它(几乎)自动消失。
If you are paranoid then you can encrypt it or store it somewhere else and find it through a hash. 如果您偏执狂,则可以对其加密或将其存储在其他位置并通过哈希找到它。 This "somewhere else" is then your next point of save-enough-? 那么,这个“其他地方”就是您的下一个保存点了吗?
Just make sure it doesn't reach the web client. 只要确保它没有到达Web客户端即可。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.