Asp.net FormsAuthentication UserName, ID, GUID
https://stackoverflow.com/questions/8625074
-
29-03-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
We are using FormsAuthentication with custom MembershipProvider and custom RolePrivoder. For our Users we have a unique UserName, ID (mssql auto-key) and a GUID (all three unique).
I'm not sure which one to use for the Formsauthentication:
FormsAuthentication.GetAuthCookie(userName, false);
UserName, ID or GUID. Can we even store all three informations as UserData in the FormsTicket.
Per Default Asp.net takes the UserName (e.g. E-Mail adress). But I think UserName is a little bit weak if it is stored on the client. A MSSQL Auto-Key also.
So what is the securest way?
Solution
You can serialize and encrypt your UserData object to a string and use that for the cookie.
I answered a similar question about that here: Store user data in MVC 2
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
