Asp.net FormsAuthentication UserName, ID, GUID
-
28-04-2021 - |
Question
We are using FormsAuthentication with custom MembershipProvider and custom RolePrivoder. For our Users we have a unique UserName, ID (mssql auto-key) and a GUID (all three unique).
I'm not sure which one to use for the Formsauthentication:
FormsAuthentication.GetAuthCookie(userName, false);
UserName, ID or GUID. Can we even store all three informations as UserData in the FormsTicket.
Per Default Asp.net takes the UserName (e.g. E-Mail adress). But I think UserName is a little bit weak if it is stored on the client. A MSSQL Auto-Key also.
So what is the securest way?
La solution
You can serialize and encrypt your UserData object to a string and use that for the cookie.
I answered a similar question about that here: Store user data in MVC 2
Licencié sous: CC-BY-SA avec attribution
Non affilié à StackOverflow