问题
I wonder why asp.net mvc 5 Identity user uses string(GUID) as key not an int by default?
Are there any reason to do this? I know that it is possible to change the key to int, but is this change good practice at all?
May be this ids are kept somewhere in the cookie, or are used in OAUTH, and it is not recommended to do this?
回答1:
Two things that come on top of my head are that int has a limitation where as GUID doesn't and that if I know my ID is 76, I can know the ids of at least 75 more users. This, more often doesn't prove to be problematic, but I can imagine cases where it could. Users Ids are not used (at least not directly) in cookies - user sessions are used and then bound to current users by their Id. So I guess the answer is a combination between 90% more secure and 10% unlimited user ids.
回答2:
Might be a bit late, but I just wrote an answer on exactly this - what to modify in the default ASP.NET 4.6 template to change user pk to a different type (int, in my case)
Change User Id type to int in ASP.NET Identity in VS2015
来源:https://stackoverflow.com/questions/30402816/can-i-change-asp-net-mvc-5-identity-user-id-from-stringguid-to-int