Question

我正在处理WCF应用程序，我想在其中将文件存储在用户特定的文件夹中。为了获得当前登录的用户，我正在使用：

var identityName = Thread.CurrentPrincipal.Identity.Name;

我想了解与此相关的任何安全威胁。

这是我的参考代码：

             private static string GetDirectoryPath()
                    {
                        var start = DateTime.Now;
                        LoggerWrapper.CMLogger.LogMessage("AssetController.GetDirectoryPath: START...", LoggerWrapper.CMLogger.CMLogLevel.Debug);
                        try
                        {
                            var directoryPathAppSetting =
                                System.Configuration.ConfigurationManager.AppSettings["ExportProjectPath"];
                            //Get Current User 
                            var identityName = Thread.CurrentPrincipal.Identity.Name;
                            var currentUser = identityName.Split(SplitDirectoryPath).Last().ToString();
                            var directoryPath = string.Format(directoryPathAppSetting, currentUser);

                            LoggerWrapper.CMLogger.LogMessage("AssetController.GetDirectoryPath END:", LoggerWrapper.CMLogger.CMLogLevel.Debug);
                            return directoryPath;
                        }

与Thread.CurrentPrincipal.Identity.Name相关的安全风险

0 个答案: