Is there a file that stores important data in C# Projects?











up vote
0
down vote

favorite












According to microsoft Do not use resource files to store passwords, security-sensitive information, or private data.



Is there a file that I can securely store passwords in? I am using a third party API that requires authentication through a email and password I have setup. I don't want to hardcode the values into the login function as that would be exposed if someone were de-compile the executable.



Is there a file I can write those details in, that C# projects would encrypt for me and I would be able to access programmatically?










share|improve this question






















  • docs.microsoft.com/en-us/dotnet/api/…
    – mxmissile
    Nov 8 at 18:45






  • 1




    What application you want to use?
    – Llazar
    Nov 8 at 18:45






  • 1




    The application config file? It supports encrypted sections.
    – Amy
    Nov 8 at 18:48










  • Nothing that is stored inside the application is safe, even if it's encrypted. Since the program has to decrypt it, anyone who is interested can also do so to obtain the initial information
    – Biesi Grr
    Nov 8 at 18:54










  • I assume when you ask "is there a file" you mean some .NET facilities for storing credential information.
    – ATL_DEV
    Nov 8 at 19:03















up vote
0
down vote

favorite












According to microsoft Do not use resource files to store passwords, security-sensitive information, or private data.



Is there a file that I can securely store passwords in? I am using a third party API that requires authentication through a email and password I have setup. I don't want to hardcode the values into the login function as that would be exposed if someone were de-compile the executable.



Is there a file I can write those details in, that C# projects would encrypt for me and I would be able to access programmatically?










share|improve this question






















  • docs.microsoft.com/en-us/dotnet/api/…
    – mxmissile
    Nov 8 at 18:45






  • 1




    What application you want to use?
    – Llazar
    Nov 8 at 18:45






  • 1




    The application config file? It supports encrypted sections.
    – Amy
    Nov 8 at 18:48










  • Nothing that is stored inside the application is safe, even if it's encrypted. Since the program has to decrypt it, anyone who is interested can also do so to obtain the initial information
    – Biesi Grr
    Nov 8 at 18:54










  • I assume when you ask "is there a file" you mean some .NET facilities for storing credential information.
    – ATL_DEV
    Nov 8 at 19:03













up vote
0
down vote

favorite









up vote
0
down vote

favorite











According to microsoft Do not use resource files to store passwords, security-sensitive information, or private data.



Is there a file that I can securely store passwords in? I am using a third party API that requires authentication through a email and password I have setup. I don't want to hardcode the values into the login function as that would be exposed if someone were de-compile the executable.



Is there a file I can write those details in, that C# projects would encrypt for me and I would be able to access programmatically?










share|improve this question













According to microsoft Do not use resource files to store passwords, security-sensitive information, or private data.



Is there a file that I can securely store passwords in? I am using a third party API that requires authentication through a email and password I have setup. I don't want to hardcode the values into the login function as that would be exposed if someone were de-compile the executable.



Is there a file I can write those details in, that C# projects would encrypt for me and I would be able to access programmatically?







c# visual-studio






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Nov 8 at 18:43









Omar Martinez

517417




517417












  • docs.microsoft.com/en-us/dotnet/api/…
    – mxmissile
    Nov 8 at 18:45






  • 1




    What application you want to use?
    – Llazar
    Nov 8 at 18:45






  • 1




    The application config file? It supports encrypted sections.
    – Amy
    Nov 8 at 18:48










  • Nothing that is stored inside the application is safe, even if it's encrypted. Since the program has to decrypt it, anyone who is interested can also do so to obtain the initial information
    – Biesi Grr
    Nov 8 at 18:54










  • I assume when you ask "is there a file" you mean some .NET facilities for storing credential information.
    – ATL_DEV
    Nov 8 at 19:03


















  • docs.microsoft.com/en-us/dotnet/api/…
    – mxmissile
    Nov 8 at 18:45






  • 1




    What application you want to use?
    – Llazar
    Nov 8 at 18:45






  • 1




    The application config file? It supports encrypted sections.
    – Amy
    Nov 8 at 18:48










  • Nothing that is stored inside the application is safe, even if it's encrypted. Since the program has to decrypt it, anyone who is interested can also do so to obtain the initial information
    – Biesi Grr
    Nov 8 at 18:54










  • I assume when you ask "is there a file" you mean some .NET facilities for storing credential information.
    – ATL_DEV
    Nov 8 at 19:03
















docs.microsoft.com/en-us/dotnet/api/…
– mxmissile
Nov 8 at 18:45




docs.microsoft.com/en-us/dotnet/api/…
– mxmissile
Nov 8 at 18:45




1




1




What application you want to use?
– Llazar
Nov 8 at 18:45




What application you want to use?
– Llazar
Nov 8 at 18:45




1




1




The application config file? It supports encrypted sections.
– Amy
Nov 8 at 18:48




The application config file? It supports encrypted sections.
– Amy
Nov 8 at 18:48












Nothing that is stored inside the application is safe, even if it's encrypted. Since the program has to decrypt it, anyone who is interested can also do so to obtain the initial information
– Biesi Grr
Nov 8 at 18:54




Nothing that is stored inside the application is safe, even if it's encrypted. Since the program has to decrypt it, anyone who is interested can also do so to obtain the initial information
– Biesi Grr
Nov 8 at 18:54












I assume when you ask "is there a file" you mean some .NET facilities for storing credential information.
– ATL_DEV
Nov 8 at 19:03




I assume when you ask "is there a file" you mean some .NET facilities for storing credential information.
– ATL_DEV
Nov 8 at 19:03












2 Answers
2






active

oldest

votes

















up vote
1
down vote



accepted










You should never store any kind of credential information in a file. It's just as bad as storing them in a resource file. I suspect by file you mean a recommend storage for saving credentials. There's a Nuget library called Credential Management:



http://nuget.org/packages/CredentialManagement/



The library is just wrappers around Windows API calls for credential management. UWP applications SDK has the same library already built-in.



Here's some code on how to use the code



https://geoffhudik.com/tech/2017/09/14/console-app-credentials-and-the-windows-credential-manager/






share|improve this answer






























    up vote
    1
    down vote













    I don't think you could embed such password to third party api directly into exe application or something that you give to users and feel safe. Even encrypted config file has to be decrypted at some point.



    That said you generally create your own API on your own server and have middleware where you can have your secret keys only on your server. Because how are you going to change password if you need to change it? When you have your api middleware you can change that password and end users for your api will be able to login with whatever auth scheme you have for them. When this third party api will introduce breaking changes application that you deliver will break and you will have to update all installations, when you have middleware you can make fix in middle ware.






    share|improve this answer





















      Your Answer






      StackExchange.ifUsing("editor", function () {
      StackExchange.using("externalEditor", function () {
      StackExchange.using("snippets", function () {
      StackExchange.snippets.init();
      });
      });
      }, "code-snippets");

      StackExchange.ready(function() {
      var channelOptions = {
      tags: "".split(" "),
      id: "1"
      };
      initTagRenderer("".split(" "), "".split(" "), channelOptions);

      StackExchange.using("externalEditor", function() {
      // Have to fire editor after snippets, if snippets enabled
      if (StackExchange.settings.snippets.snippetsEnabled) {
      StackExchange.using("snippets", function() {
      createEditor();
      });
      }
      else {
      createEditor();
      }
      });

      function createEditor() {
      StackExchange.prepareEditor({
      heartbeatType: 'answer',
      convertImagesToLinks: true,
      noModals: true,
      showLowRepImageUploadWarning: true,
      reputationToPostImages: 10,
      bindNavPrevention: true,
      postfix: "",
      imageUploader: {
      brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
      contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
      allowUrls: true
      },
      onDemand: true,
      discardSelector: ".discard-answer"
      ,immediatelyShowMarkdownHelp:true
      });


      }
      });














      draft saved

      draft discarded


















      StackExchange.ready(
      function () {
      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53214209%2fis-there-a-file-that-stores-important-data-in-c-sharp-projects%23new-answer', 'question_page');
      }
      );

      Post as a guest















      Required, but never shown

























      2 Answers
      2






      active

      oldest

      votes








      2 Answers
      2






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes








      up vote
      1
      down vote



      accepted










      You should never store any kind of credential information in a file. It's just as bad as storing them in a resource file. I suspect by file you mean a recommend storage for saving credentials. There's a Nuget library called Credential Management:



      http://nuget.org/packages/CredentialManagement/



      The library is just wrappers around Windows API calls for credential management. UWP applications SDK has the same library already built-in.



      Here's some code on how to use the code



      https://geoffhudik.com/tech/2017/09/14/console-app-credentials-and-the-windows-credential-manager/






      share|improve this answer



























        up vote
        1
        down vote



        accepted










        You should never store any kind of credential information in a file. It's just as bad as storing them in a resource file. I suspect by file you mean a recommend storage for saving credentials. There's a Nuget library called Credential Management:



        http://nuget.org/packages/CredentialManagement/



        The library is just wrappers around Windows API calls for credential management. UWP applications SDK has the same library already built-in.



        Here's some code on how to use the code



        https://geoffhudik.com/tech/2017/09/14/console-app-credentials-and-the-windows-credential-manager/






        share|improve this answer

























          up vote
          1
          down vote



          accepted







          up vote
          1
          down vote



          accepted






          You should never store any kind of credential information in a file. It's just as bad as storing them in a resource file. I suspect by file you mean a recommend storage for saving credentials. There's a Nuget library called Credential Management:



          http://nuget.org/packages/CredentialManagement/



          The library is just wrappers around Windows API calls for credential management. UWP applications SDK has the same library already built-in.



          Here's some code on how to use the code



          https://geoffhudik.com/tech/2017/09/14/console-app-credentials-and-the-windows-credential-manager/






          share|improve this answer














          You should never store any kind of credential information in a file. It's just as bad as storing them in a resource file. I suspect by file you mean a recommend storage for saving credentials. There's a Nuget library called Credential Management:



          http://nuget.org/packages/CredentialManagement/



          The library is just wrappers around Windows API calls for credential management. UWP applications SDK has the same library already built-in.



          Here's some code on how to use the code



          https://geoffhudik.com/tech/2017/09/14/console-app-credentials-and-the-windows-credential-manager/







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited Nov 8 at 19:01

























          answered Nov 8 at 18:55









          ATL_DEV

          1,62742144




          1,62742144
























              up vote
              1
              down vote













              I don't think you could embed such password to third party api directly into exe application or something that you give to users and feel safe. Even encrypted config file has to be decrypted at some point.



              That said you generally create your own API on your own server and have middleware where you can have your secret keys only on your server. Because how are you going to change password if you need to change it? When you have your api middleware you can change that password and end users for your api will be able to login with whatever auth scheme you have for them. When this third party api will introduce breaking changes application that you deliver will break and you will have to update all installations, when you have middleware you can make fix in middle ware.






              share|improve this answer

























                up vote
                1
                down vote













                I don't think you could embed such password to third party api directly into exe application or something that you give to users and feel safe. Even encrypted config file has to be decrypted at some point.



                That said you generally create your own API on your own server and have middleware where you can have your secret keys only on your server. Because how are you going to change password if you need to change it? When you have your api middleware you can change that password and end users for your api will be able to login with whatever auth scheme you have for them. When this third party api will introduce breaking changes application that you deliver will break and you will have to update all installations, when you have middleware you can make fix in middle ware.






                share|improve this answer























                  up vote
                  1
                  down vote










                  up vote
                  1
                  down vote









                  I don't think you could embed such password to third party api directly into exe application or something that you give to users and feel safe. Even encrypted config file has to be decrypted at some point.



                  That said you generally create your own API on your own server and have middleware where you can have your secret keys only on your server. Because how are you going to change password if you need to change it? When you have your api middleware you can change that password and end users for your api will be able to login with whatever auth scheme you have for them. When this third party api will introduce breaking changes application that you deliver will break and you will have to update all installations, when you have middleware you can make fix in middle ware.






                  share|improve this answer












                  I don't think you could embed such password to third party api directly into exe application or something that you give to users and feel safe. Even encrypted config file has to be decrypted at some point.



                  That said you generally create your own API on your own server and have middleware where you can have your secret keys only on your server. Because how are you going to change password if you need to change it? When you have your api middleware you can change that password and end users for your api will be able to login with whatever auth scheme you have for them. When this third party api will introduce breaking changes application that you deliver will break and you will have to update all installations, when you have middleware you can make fix in middle ware.







                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered Nov 8 at 18:55









                  Mateusz

                  1,7091426




                  1,7091426






























                      draft saved

                      draft discarded




















































                      Thanks for contributing an answer to Stack Overflow!


                      • Please be sure to answer the question. Provide details and share your research!

                      But avoid



                      • Asking for help, clarification, or responding to other answers.

                      • Making statements based on opinion; back them up with references or personal experience.


                      To learn more, see our tips on writing great answers.





                      Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


                      Please pay close attention to the following guidance:


                      • Please be sure to answer the question. Provide details and share your research!

                      But avoid



                      • Asking for help, clarification, or responding to other answers.

                      • Making statements based on opinion; back them up with references or personal experience.


                      To learn more, see our tips on writing great answers.




                      draft saved


                      draft discarded














                      StackExchange.ready(
                      function () {
                      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53214209%2fis-there-a-file-that-stores-important-data-in-c-sharp-projects%23new-answer', 'question_page');
                      }
                      );

                      Post as a guest















                      Required, but never shown





















































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown

































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown







                      這個網誌中的熱門文章

                      Xamarin.form Move up view when keyboard appear

                      Post-Redirect-Get with Spring WebFlux and Thymeleaf

                      Anylogic : not able to use stopDelay()