在没有声明密码的情况下在ASP.NET中进行模拟

时间:2022-05-01 08:02:07

I am trying to implement impersonation in ASP.NET. I am following this URL.

我试图在ASP.NET中实现模拟。我正在关注此网址。

Microsoft beautifully explains the process.

微软精美地解释了这个过程。

However, I am a bit skeptical about declaring the password in web.config

但是,我对在web.config中声明密码持怀疑态度

Is there any way, we can achieve impersonation without declaring password?

有什么办法,我们可以在不声明密码的情况下实现冒充吗?

Thank you

谢谢

1 个解决方案

#1


1  

If you want to use user name and password for impersonation you have to store it somewhere.

如果要使用用户名和密码进行模拟,则必须将其存储在某处。

But here is a list of things you can try:

但是这里列出了你可以尝试的东西:

  • Don't store credentials, but ask user to type them in. This will remove maintenance headache from you (user left company, password expired etc)
  • 不要存储凭据,但要求用户输入凭据。这将消除您的维护问题(用户离开公司,密码已过期等)
  • Store credentials in web config using encryption
  • 使用加密将凭据存储在Web配置中
  • Use Windows impersonation where currently logged in user passes a security descriptor automagically.
  • 使用Windows模拟当前登录用户自动传递安全描述符。

#1


1  

If you want to use user name and password for impersonation you have to store it somewhere.

如果要使用用户名和密码进行模拟,则必须将其存储在某处。

But here is a list of things you can try:

但是这里列出了你可以尝试的东西:

  • Don't store credentials, but ask user to type them in. This will remove maintenance headache from you (user left company, password expired etc)
  • 不要存储凭据,但要求用户输入凭据。这将消除您的维护问题(用户离开公司,密码已过期等)
  • Store credentials in web config using encryption
  • 使用加密将凭据存储在Web配置中
  • Use Windows impersonation where currently logged in user passes a security descriptor automagically.
  • 使用Windows模拟当前登录用户自动传递安全描述符。