英文:
Why AspNetUser create a string id? Id string is method safe?
问题
可以有人解释一下吗?这是关于AspNetUser的,当我们创建一个表时,它会生成一个字符串形式的ID,但这样做好吗?从安全性的角度来看,这不是不好吗?因为如果我只想显示某个用户的内容,我需要将我的ID(整数)与ID(字符串)进行比较,我知道这很简单,也是可行的,但这种方法安全吗?
我尝试了这个,而且它有效,但我在比较一个字符串:
var userId = User.FindFirstValue(ClaimTypes.NameIdentifier);
var plans = _unitOfWork.Games.GetAll().Where(p => p.UserId.Equals(userId));
return View(plans);
英文:
can someone explain me this please? It's about AspNetUser, when we create a table, it generates an id in string, but how good is it? Isn't it bad in terms of security? Because if I want to show something only with one user, I need to compare my id (int) with id (string), I know it's simple and possible but I just need to convert the int to string, but is this method safe?
I was trying this and it worked but i'm comparing a string.
var userId = User.FindFirstValue(ClaimTypes.NameIdentifier);
var plans = _unitOfWork.Games.GetAll().Where(p => p.UserId.Equals(userId));
return View(plans);
答案1
得分: 0
AspNetUser是ASP.NET Identity的一部分,它是一个提供身份验证和授权服务的框架。AspNetUser表的Id列通常生成为字符串(GUID),以确保在所有用户中是唯一的。将用户ID作为字符串与另一个字符串值(如ClaimTypes.NameIdentifier的值)进行比较不会引发安全问题。字符串比较是检索特定用户数据的简单有效的方法。将用户ID转换为整数不会提供额外的安全性益处,但如果整数比较涉及大量操作,可能会影响性能。
参考链接:
https://learn.microsoft.com/en-us/dotnet/api/system.identitymodel.claims.claimtypes.nameidentifier?view=netframework-4.8.1
另外:
https://stackoverflow.com/questions/11938044/what-are-the-best-practices-for-using-a-guid-as-a-primary-key-specifically-rega/11938495#11938495
英文:
The AspNetUser is a part of ASP.NET Identity, which is a framework that provides authentication and authorization services. The Id column of the AspNetUser table is typically generated as a string (GUID) to ensure that it is unique across all users. Comparing the user ID as a string with another string value (such as the value from ClaimTypes.NameIdentifier) is not a security issue. The string comparison is a simple and efficient way to retrieve the data for a specific user. Converting the user ID to an integer would not provide any additional security benefits, but it may impact performance if the integer comparison involves a large number of operations.
Refrence link:
https://learn.microsoft.com/en-us/dotnet/api/system.identitymodel.claims.claimtypes.nameidentifier?view=netframework-4.8.1
Also :
https://stackoverflow.com/questions/11938044/what-are-the-best-practices-for-using-a-guid-as-a-primary-key-specifically-rega/11938495#11938495
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论