开发者

asp.net unique link generator

In an email, I want my users to be able to click a link to confirm an interview schedule. How do I dynamically create these urls?

I am thinking of using a query string and I don't want them to have to login every time. So ideally, I'd like this query 开发者_开发百科string to contain credentials, and a date and time. Of course, I'd like this to be encrypted in some simple way.

example: invitation.aspx?qs=24lkl254524j2re2wtl5y6.

Any suggestions?


You can always use a Guid, using the NewGuid method.

Personally I would strip out the curly braces and dashes before using it on a link.


While you could use a GUID and maybe relate it to your user in your database, you would need to create some business logic around how that GUID is excepted by your application. For example you might say UserA has a GUID, if that GUID is used in the next 15 minutes let UserA log in automatically but after 15 minutes force the user to use a username and password.

Similarly you could make a query string, something like u=UserA&time=1347&date=01282001 and then run it through a hash of some sort. When it comes back in, unhash it (so you couldn't use MD5), check the time stamp and see how long it has been since that timestamp was created. If it is within an acceptable time frame, let the user enter, if not force them to use a username and password. This would not require you to relate anything with your user in your database, so may be a more simple solution compared to a GUID.


In case some programmers came across this page.

In this article: http://www.ietf.org/rfc/rfc4122.txt

Do not assume that UUIDs are hard to guess; THEY SHOULD NOT BE USED AS SECURITY CAPABILITIES (identifiers whose mere possession grants
access), for example. A predictable random number source will
exacerbate the situation.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜