You are developing an ASP.NET MVC application that uses forms authentication to verify
that the user is logged in.
Authentication credentials must be encrypted and secure so no user identity is exposed.
You need to ensure that user credentials are persisted after users log on.
Where should you store the credentials? (Each correct answer presents a complete solution.
Choose all that apply.)
A.
In TempData on the server
B.
In a cookie stored in the browser
C.
In ViewData in the application
D.
In Session on the server
Can anyone please eplain?
I think correct answer is:B & D
0
0
I think it should be C, D. Anyone who can confirm?
0
0
C & D is correct
0
0
ViewData is not persistent over redirects. Thus, not correct C)
0
0
B & D would be correct. TempData and ViewData are not suitable stores for Auth.
ViewData — should be information just for the view
TempData — does not persist once read once
Session — secure, can support load balanced environments, removed once a session ends
Cookie — can be encrypted and made https only, can be easily controlled server side
0
0
B & D
0
0