Is Request.IsLocal secure or can it be spoofed?

后端未结

关注

 4  1577

故里飘歌 2020-12-16 22:33

I have a webpage which checks for an encrypted cookie on page load to determine user identity. However, when I\'m testing the page locally on my development box, I don\'t h

4条回答

时光说笑 (楼主)

2020-12-16 23:13
You should not put this code on a production server, for the reasons mentioned in the other answers.

However, you could do
```
#if DEBUG
    if (Request.IsLocal)
    {
        FormsAuthentication.SetAuthCookie("testUser", false);
    }
    else
    {
#endif
        FormsAuthentication.SetAuthCookie(/*EncryptedCookieValue*/, false);
#if DEBUG
    }
#endif
```
On your development box, run a Debug build. In production, deploy a Release build.
0 讨论(0)

查看其它4个回答
发布评论:

提交评论
- 加载中...