AspNetUser为什么创建一个字符串id?id字符串是否安全?

huangapple go评论54阅读模式
英文:

Why AspNetUser create a string id? Id string is method safe?

问题

可以有人解释一下吗?这是关于AspNetUser的,当我们创建一个表时,它会生成一个字符串形式的ID,但这样做好吗?从安全性的角度来看,这不是不好吗?因为如果我只想显示某个用户的内容,我需要将我的ID(整数)与ID(字符串)进行比较,我知道这很简单,也是可行的,但这种方法安全吗?

我尝试了这个,而且它有效,但我在比较一个字符串:

var userId = User.FindFirstValue(ClaimTypes.NameIdentifier);
var plans = _unitOfWork.Games.GetAll().Where(p => p.UserId.Equals(userId));
return View(plans);
英文:

can someone explain me this please? It's about AspNetUser, when we create a table, it generates an id in string, but how good is it? Isn't it bad in terms of security? Because if I want to show something only with one user, I need to compare my id (int) with id (string), I know it's simple and possible but I just need to convert the int to string, but is this method safe?

I was trying this and it worked but i'm comparing a string.

var userId = User.FindFirstValue(ClaimTypes.NameIdentifier);

var plans = _unitOfWork.Games.GetAll().Where(p => p.UserId.Equals(userId));

return View(plans);

答案1

得分: 0

AspNetUser是ASP.NET Identity的一部分,它是一个提供身份验证和授权服务的框架。AspNetUser表的Id列通常生成为字符串(GUID),以确保在所有用户中是唯一的。将用户ID作为字符串与另一个字符串值(如ClaimTypes.NameIdentifier的值)进行比较不会引发安全问题。字符串比较是检索特定用户数据的简单有效的方法。将用户ID转换为整数不会提供额外的安全性益处,但如果整数比较涉及大量操作,可能会影响性能。

参考链接:
https://learn.microsoft.com/en-us/dotnet/api/system.identitymodel.claims.claimtypes.nameidentifier?view=netframework-4.8.1
另外:
https://stackoverflow.com/questions/11938044/what-are-the-best-practices-for-using-a-guid-as-a-primary-key-specifically-rega/11938495#11938495

英文:

The AspNetUser is a part of ASP.NET Identity, which is a framework that provides authentication and authorization services. The Id column of the AspNetUser table is typically generated as a string (GUID) to ensure that it is unique across all users. Comparing the user ID as a string with another string value (such as the value from ClaimTypes.NameIdentifier) is not a security issue. The string comparison is a simple and efficient way to retrieve the data for a specific user. Converting the user ID to an integer would not provide any additional security benefits, but it may impact performance if the integer comparison involves a large number of operations.

Refrence link:
https://learn.microsoft.com/en-us/dotnet/api/system.identitymodel.claims.claimtypes.nameidentifier?view=netframework-4.8.1
Also :
https://stackoverflow.com/questions/11938044/what-are-the-best-practices-for-using-a-guid-as-a-primary-key-specifically-rega/11938495#11938495

huangapple
  • 本文由 发表于 2023年2月6日 09:41:53
  • 转载请务必保留本文链接:https://go.coder-hub.com/75356691.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定