Storing a password in an encrypted cookie?

I know it is not best practice to store a password in a cookie, even if the data is encrypted.

However, I have a web application that needs to be able to search against 开发者_运维百科Active Directory and, as far as I can tell, it requires that the user first binds using their credentials. This means that for each search request, I need to pass the user name and password to the DirectoryEntry constructor.

Given these constraints, is there an alternaive to storing the password in a (secure) cookie?

In absence of something better (e.g. getting a service account), the solution that I'm contemplating is either to store the credentials in an encrypted cookie or cache the DirectorySearcher object.

Thanks

You could store the credentials server-side, generate a unique identifier for them, and store this identifier in a cookie. You can make the identifier expire if needed.

Store the password in a Session Variable, this variable will expires if alive beyond the SessionTimeOut period.