How to eliminate usernames and passwords from source code in Test Automation?

Question

How to eliminate usernames and passwords from source code in Test Automation?

I write test automation and scripts that require Windows authentication to access a domain.
I do not like to store them in app.config because they are available in plain text.
I don't like the input request, because then it is no longer automated.
If I hardcode them in the assembly, they are visible from the .Net Reflector and they will be checked in the original control when I transfer the .cs files.
There is a pattern / practice that simplifies the use of customized usernames and passwords without exposing them.

This also applies to websites that have login credentials and for databases use Windows authentication or SQL Server authentication to connect.
Any advice would be greatly appreciated.

+6

security c # passwords testing credentials

Jeremy e Oct 28 '10 at 17:14

source share

3 answers

You can use Convert.ToBase64String () and Convert.FromBase64String () with hard-coded passwords to provide basic obfuscation.

If you really want something stronger, use a symmetric key algorithm such as Blowfish , but it will go too far and you still have to store the key somewhere.

+1

Frédéric hamidi Oct 28 '10 at 17:20

source share

The process that runs the tests may be as an authenticated user. Thus, you must enter the username and password when configuring the service / scheduled task / etc. Of course, if you need to enter credentials as part of the test, this will not help.

+1

Jacob Oct 28 '10 at 17:25

source share

dotalchemy · Accepted Answer · 2010-10-28T17:32:03+0000

Is it possible to use DPAPI to protect it?

There is an interesting MSDN article @ http://msdn.microsoft.com/en-us/magazine/cc164054.aspx

How to eliminate usernames and passwords from source code in Test Automation?

More articles: