Authorization security of ASP.NET Forms authentication

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Posted by Tomi on Stack Overflow See other posts from Stack Overflow or by Tomi
Published on 2010-05-18T10:24:51Z Indexed on 2010/05/18 10:30 UTC
Read the original article Hit count: 225

Filed under:
|
|
|
|

I'm using Forms authentication in ASP.NET MVC website and I store user account login name in AuthCookie like this:

FormsAuthentication.SetAuthCookie(account.Login, false);

I want to ask if there is a possibility that user on client side will somehow manage to change his login name in AuthCookie and thus he will be for example impersonated as someone with higher privileges and authorized to do more actions than he is normally supposed to have. Also is it better to save in this cookie user account login name or user account ID number?

© Stack Overflow or respective owner

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Related posts about ASP.NET

Related posts about asp.net-mvc

Categories cloud

.NET ASP.NET iphone linux python Windows mysql android sql windows-7 html c ruby-on-rails css objective-c ubuntu networking sql-server wpf asp.net-mvc ruby database Xml apache AJAX osx security regex django Performance 12.04 windows-xp mac web-development iphone-sdk vb.net Silverlight apache2 flash server perl best-practices email installation eclipse visual-studio algorithm windows-server-2008 winforms wcf firefox bash dns /Oracle