c# - Authentication encryption or server side verification -
i have set of public apis take in id , parameters. clients (could browsers or mobile phones), each having own int
ids, can interact these public apis. of course, don't want situation client changes id , send request screwing things other people thus, when authentication takes place, guid
sent client authentication token. subsequent request must include authentication token. on server, end in db match guid
id. if match, process can go forward otherwise unauthorizedaccessexception thrown. works fine , dandy.
but of course, problem every operation db up. did caching caching authentication token has own issues (tears tears).
one other way encrypt , pass in query string. when request comes in, have decrypt string see if it's valid. there no free lunch there.
asp.net sets encrypted cookie authentication. view state encrypts things in hidden field. encrypted cookie doesn't work me since i'm passing around json/soap (some clients send json send xml).
if read above, thank , forward input! otherwise , others, the question is , there "best-practice" around dilemma?
Comments
Post a Comment