0

can someone explain me this please? It's about AspNetUser, when we create a table, it generates an id in string, but how good is it? Isn't it bad in terms of security? Because if I want to show something only with one user, I need to compare my id (int) with id (string), I know it's simple and possible but I just need to convert the int to string, but is this method safe?

I was trying this and it worked but i'm comparing a string.

var userId = User.FindFirstValue(ClaimTypes.NameIdentifier);

var plans = _unitOfWork.Games.GetAll().Where(p => p.UserId.Equals(userId));

return View(plans);

Diogo Sousa
  • 3
  • 2

1 Answers1

0

The AspNetUser is a part of ASP.NET Identity, which is a framework that provides authentication and authorization services. The Id column of the AspNetUser table is typically generated as a string (GUID) to ensure that it is unique across all users. Comparing the user ID as a string with another string value (such as the value from ClaimTypes.NameIdentifier) is not a security issue. The string comparison is a simple and efficient way to retrieve the data for a specific user. Converting the user ID to an integer would not provide any additional security benefits, but it may impact performance if the integer comparison involves a large number of operations.

Refrence link: https://learn.microsoft.com/en-us/dotnet/api/system.identitymodel.claims.claimtypes.nameidentifier?view=netframework-4.8.1 Also : What are the best practices for using a GUID as a primary key, specifically regarding performance?

Ishwor Khatiwada
  • 174
  • 13