Where should you store the credentials?

You are developing an ASP.NET MVC application that uses forms authentication to verify
that the user is logged in.
Authentication credentials must be encrypted and secure so no user identity is exposed.
You need to ensure that user credentials are persisted after users log on.
Where should you store the credentials? (Each correct answer presents a complete solution.
Choose all that apply.)

You are developing an ASP.NET MVC application that uses forms authentication to verify
that the user is logged in.
Authentication credentials must be encrypted and secure so no user identity is exposed.
You need to ensure that user credentials are persisted after users log on.
Where should you store the credentials? (Each correct answer presents a complete solution.
Choose all that apply.)

A.
In TempData on the server

B.
In a cookie stored in the browser

C.
In ViewData in the application

D.
In Session on the server

Show Hint

Leave a Reply 6

Your email address will not be published. Required fields are marked *

Umer

Umer

Can anyone please eplain?
I think correct answer is:B & D

Reply

vbfghgbe

vbfghgbe

I think it should be C, D. Anyone who can confirm?

Reply

abc

abc

C & D is correct

Reply

Bogdan

Bogdan

ViewData is not persistent over redirects. Thus, not correct C)

Reply

FigArt

FigArt

B & D would be correct. TempData and ViewData are not suitable stores for Auth.

ViewData — should be information just for the view
TempData — does not persist once read once

Session — secure, can support load balanced environments, removed once a session ends
Cookie — can be encrypted and made https only, can be easily controlled server side

Reply