Saving user credentials in a Windows application

Question

Saving user credentials in a Windows application

Is there a way to store credentials in a .NET Windows application with best practice, be it a built-in API or just the recommended encryption algorithm?

On the same lines as Tortoise SVN, Spotify and Skype.

Edit: My intention is to use a web service that returns a token from an authentication service. Other services then take this token as a parameter. However, the token expires after 30 minutes, so for storing the token itself, this is pointless for this task.

+6

security authentication windows .net

Richard Szalay Aug 7 '09 at 7:13

source share

3 answers

Best practice is never to store credentials, only Kerberos tokens ... unfortunately, not every resource allows this authentication.

0

Pontus gagge Aug 7 '09 at 7:15

source share

In MSDN there are many recommendations re passwords. You will need to find a managed shell for CryptProtectData

0

Chris becke Aug 7 '09 at 7:44

source share

Richard Szalay · Accepted Answer · 2009-08-07T07:22:40+0000

It seems like using ProtectedData (which wraps the Windows Security API data ) is my best bet as it has the ability to encrypt based on the current user.

byte[] dataToEncrypt = new byte[] { ... }; // entropy will be combined with current user credentials byte[] additionalEntropy = new byte { 0x1, 0x2, 0x3, 0x4 }; byte[] encryptedData = ProtectedData.Protect( dataToEncrypt, additionalEntropy, DataProtectionScope.CurrentUser); byte[] decryptedData = ProtectedData.Unprotect( encryptedData, additionalEntropy, DataProtectionScope.CurrentUser);

Saving user credentials in a Windows application

More articles: