Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Does the original data type of the username string in a call to FormsAuthentication.SetAuthCookie(...) make any difference with regards to security or code maintainability?
As I understand it, the cookie is encrypted and used to identify a user on each request. I’m curious whether it should affect the design of the primary key on my Users table in my database, eg. Guid vs int or a unique username string.
FormsAuthentication.SetAuthCookie has no knowledge of your key. It expects a Username, which is the lingua franca for most all interop between the ASP.Net providers.
So, No, your key could be a 10mb blob and you would still pass the Username, which is typically a human readable string, to FormsAuthentication.SetAuthCookie.
What I am getting at is that the UserId is not stored in the auth ticket so the data type or size of the UserId has no effect on the auth ticket cookie.