Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>FormsAuthentication for a web service method? Storing authentication credentials in a cookie? There are so many things wrong with this story. (Note: heavy obfuscation of code should be taken as a sign.)</p> <p>The intent of the code blocks, as it appears, is using the cookie framework for user identification during a method call. It assumes the user has already been authenticated and that the authentication cookie is present in all requests.</p> <hr> <p>EDIT: a bit more information on "server-side cookies" -- the references you see to System.Net.Cookie and such are .Net Framework classes for handling cookies. Cookies are client-side pieces of data that reside either in-memory for the client (usually a web browser), and/or saved as text files somewhere on the local file system of the client. Most web applications that set client-side cookies assume they are dealing with a web browser, as all the major browser providers support cookies.</p> <p>When a web browser is used to make a request to a URL, lots of information is sent in the background that is hidden from the user: IP address, the type of browser and OS, etc. Included in this list are cookies for that given URL domain (there are HTTP rules that browsers agree to). The code you're looking at are specific .Net Framework classes for dealing with those cookie values in a structured way.</p> <hr> <p>Most applications that consume web services are completely stateless -- no cookies, no sessions, nothing. While it's possible that a client to a web service may implement cookie support, assuming or requiring cookie support for a web service is folly.</p> <p>In the code scenario you've debugged to detect null values, most likely the calling application does not support cookies, effectively rendering the entire code block invalid. This is broken-by-design.</p> <p>I cannot find a sensible way of improving this code block that doesn't involve a teardown of the entire structure. Given your suggested level of familiarity, spend a little time on web security 101. Get familiar with the concepts of authentication, sessions, (and cookies, too.) You'll know you're ready to proceed as soon as you realize that security is something you don't invent yourself.</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload