Saving user credentials in a Windows application

2020-07-06 20:58发布

Is there is a best practices way to store credentials in a .NET Windows application, be it be a built in API or just a recommend encryption algorithm?

Along the same lines as Tortoise SVN, Spotify and Skype.

Edit: My intention is to use a web service that returns a token from it's authentication service. The other services then accept that token as a parameter. However, the token expires after 30 minutes so storing the token itself it pointless for this task.

标签： .net windows security authentication

3条回答

乱世女痞

2楼-- · 2020-07-06 21:18

It appears that using ProtectedData (which wraps the Windows Data Protection API) is my best bet, as it has the option to encrypt based on the currently logged in user.

byte[] dataToEncrypt = new byte[] { ... };

// entropy will be combined with current user credentials
byte[] additionalEntropy = new byte { 0x1, 0x2, 0x3, 0x4 };

byte[] encryptedData = ProtectedData.Protect(
    dataToEncrypt, additionalEntropy, DataProtectionScope.CurrentUser);

byte[] decryptedData = ProtectedData.Unprotect(
    encryptedData, additionalEntropy, DataProtectionScope.CurrentUser);

0人赞添加讨论(0) 举报

Lonely孤独者°

3楼-- · 2020-07-06 21:32

There are a whole lot of recomendations re passwords in MSDN. You're going to need to find a managed wrapper for CryptProtectData

0人赞添加讨论(0) 举报

够拽才男人

4楼-- · 2020-07-06 21:34

Best practice is never to store credentials, only Kerberos tokens... unfortunately, not every resource allows such authentication.

0人赞添加讨论(0) 举报

Saving user credentials in a Windows application

采纳回答

编辑标签

举报内容

检举类型

检举原因

检举说明(必填)

打开微信“扫一扫”，打开网页后点击屏幕右上角分享按钮

付费偷看金额在0.1-10元之间