Reputation: 5543
Storing a password in an encrypted cookie?
I know it is not best practice to store a password in a cookie, even if the data is encrypted.
However, I have a web application that needs to be able to search against Active Directory and, as far as I can tell, it requires that the user first binds using their credentials. This means that for each search request, I need to pass the user name and password to the DirectoryEntry constructor.
Given these constraints, is there an alternaive to storing the password in a (secure) cookie?
In absence of something better (e.g. getting a service account), the solution that I'm contemplating is either to store the credentials in an encrypted cookie or cache the DirectorySearcher object.
Thanks
Upvotes: 2
Views: 692
Answers (2)
Reputation: 4395
Store the password in a Session Variable, this variable will expires if alive beyond the SessionTimeOut period.
Upvotes: 1
Reputation: 37975
You could store the credentials server-side, generate a unique identifier for them, and store this identifier in a cookie. You can make the identifier expire if needed.
Upvotes: 4
Related Questions
- Is it secure to store passwords in cookies?
- How to store Encrypted Password in cookies in C#?
- Cookie Decryption
- Secure Cookies in ASP.NET
- Secure Authentication cookie Asp.Net
- Encrypting cookies
- Encrypt cookies in ASP.NET
- Secure password hashing with salt, but what about storing it in local cookies?
- ASP.NET MVC4 Remember login password using cookies - Secure way?
- Encrypting/decrypting cookies in .NET 2.0 (C#)