如何通过参数从MVC Silverlight吗How to pass parameter from MVC to Silverlight

- 此内容更新于:2015-01-06
主题:

原文:

After MVC project authentication, i need a solution on how to pass parameters secure after button click

I did it bellow code

<form action="http://localhost:53988/Default.aspx" method="post" -- this is where is hosted SilverlightApp>
    <input type="hidden" name="session" value="@(Helpers.Context.CurrentSession.ID)"/>
    <input type="submit" value="RedirectToSilver" />
</form>

in Silverlight aspx page (Default.aspx) I get this parameter

<div id="silverlightControlHost">
    <object data="data:application/x-silverlight-2," type="application/x-silverlight-2" width="100%" height="100%">
          <param name="source" value="ClientBin/Client.xap?<%=AssemblyInfo.GetVersionNumber()%>" />
          <param name="minRuntimeVersion" value="4.0.50826.0" />
          <param name="initParams" value="sessionId = '<%=HttpContext.Current.Request["session"] %>'" />
          <param name="autoUpgrade" value="true" />
    </object>
</div>

and in app.xaml.cs

private void Application_Startup(object sender, StartupEventArgs e)
{
    var sessionID= string.Empty;
    if (e.InitParams.ContainsKey("sessionId"))
        sessionID= e.InitParams["sessionId"];
}

everything works but problem is that client can see sessionID and i think this is not secure

http://i.stack.imgur.com/UQY70.jpg

my goal is to get this sessionID securitly in silverlight without showing it to client? how to do it?

CodeCaster的回复:为什么是不会# 39;它是安全的吗?你# 39;重新把它从你的MVC通过明文HTTP,也需要在Silverlight。客户将能够检查会话id。

(原文:Why wouldn't it be secure? You're passing it from your MVC over plaintext HTTP anyway, and it does need to end up in Silverlight. The client will be able to inspect the session id anyway.)

www1986的回复:你可以看到图片我# 39;已经发布i.stack.imgur.com/UQY70.jpg,我不# 39;不知道它是安全的,客户可以看到会话或一些安全信息吗?

(原文:you can see image I've posted i.stack.imgur.com/UQY70.jpg, I don't know is it secure that client can see session or some secure information?)

CodeCaster的回复:客户端可以看到他们的会话id使用浏览器的cookie编辑器。

(原文:The client can see their session id using a cookie editor in their browser anyway.)

www1986的回复:这个sessionId Id(Guid)从表在SQL Server HttpContext.Current的价值。会话如果我它正确地解释道

(原文:this sessionId is Id(Guid) from table in SQL Server not value of HttpContext.Current.Session if I it explained correctly)

CodeCaster的回复:

(原文:Look; what I mean is that the Silverlight app will be making requests using that session id again, so there's little use in hiding it anyway. And you need to pass it from the web page to the Silverlight app anyway, so you cannot hide it. You can obfuscate it, for example using encryption, but your Silverlight app will then have to decrypt it in order to use it, where a user with a debugger can read the value from memory again.)