Where should you store the credentials?

You are developing an ASP.NET MVC application that uses forms authentication to verify that the user is
logged in.
Authentication credentials must be encrypted and secure so no user identity is exposed.
You need to ensure that user credentials are persisted after users log on.
Where should you store the credentials? (Each correct answer presents a complete solution. Choose all that
apply.)

You are developing an ASP.NET MVC application that uses forms authentication to verify that the user is
logged in.
Authentication credentials must be encrypted and secure so no user identity is exposed.
You need to ensure that user credentials are persisted after users log on.
Where should you store the credentials? (Each correct answer presents a complete solution. Choose all that
apply.)

A.
In Session on the server

B.
In a cookie stored in the browser

C.
In ViewData in the application

D.
In TempData on the server

Explanation:
Server sessions and cookies can both be configured to secure and they both persist after the users log on.
Incorrect:
Not C: ViewData’s life only lasts during current http request.
Not D: TempData is a bucket where you can dump data that is only needed for the following request. That is,
anything you put into TempData is discardedafter the next request completes.



Leave a Reply 2

Your email address will not be published. Required fields are marked *


Abdo

Abdo

But cookies are not secured !!

Mkool

Mkool

The answer is correct:
* Session: secure, can support load balanced environments, removed once a session ends
* Cookie: can be encrypted and made https only, can be easily controlled server side