I am trying to implement impersonation in ASP.NET. I am following this URL.
我试图在ASP.NET中实现模拟。我正在关注此网址。
Microsoft beautifully explains the process.
微软精美地解释了这个过程。
However, I am a bit skeptical about declaring the password in web.config
但是,我对在web.config中声明密码持怀疑态度
Is there any way, we can achieve impersonation without declaring password?
有什么办法,我们可以在不声明密码的情况下实现冒充吗?
Thank you
谢谢
1 个解决方案
#1
1
If you want to use user name and password for impersonation you have to store it somewhere.
如果要使用用户名和密码进行模拟,则必须将其存储在某处。
But here is a list of things you can try:
但是这里列出了你可以尝试的东西:
- Don't store credentials, but ask user to type them in. This will remove maintenance headache from you (user left company, password expired etc)
- 不要存储凭据,但要求用户输入凭据。这将消除您的维护问题(用户离开公司,密码已过期等)
- Store credentials in web config using encryption
- 使用加密将凭据存储在Web配置中
- Use Windows impersonation where currently logged in user passes a security descriptor automagically.
- 使用Windows模拟当前登录用户自动传递安全描述符。
#1
1
If you want to use user name and password for impersonation you have to store it somewhere.
如果要使用用户名和密码进行模拟,则必须将其存储在某处。
But here is a list of things you can try:
但是这里列出了你可以尝试的东西:
- Don't store credentials, but ask user to type them in. This will remove maintenance headache from you (user left company, password expired etc)
- 不要存储凭据,但要求用户输入凭据。这将消除您的维护问题(用户离开公司,密码已过期等)
- Store credentials in web config using encryption
- 使用加密将凭据存储在Web配置中
- Use Windows impersonation where currently logged in user passes a security descriptor automagically.
- 使用Windows模拟当前登录用户自动传递安全描述符。