Is there a file that stores important data in C# Projects?
up vote
0
down vote
favorite
According to microsoft Do not use resource files to store passwords, security-sensitive information, or private data.
Is there a file that I can securely store passwords in? I am using a third party API that requires authentication through a email and password I have setup. I don't want to hardcode the values into the login function as that would be exposed if someone were de-compile the executable.
Is there a file I can write those details in, that C# projects would encrypt for me and I would be able to access programmatically?
c# visual-studio
|
show 2 more comments
up vote
0
down vote
favorite
According to microsoft Do not use resource files to store passwords, security-sensitive information, or private data.
Is there a file that I can securely store passwords in? I am using a third party API that requires authentication through a email and password I have setup. I don't want to hardcode the values into the login function as that would be exposed if someone were de-compile the executable.
Is there a file I can write those details in, that C# projects would encrypt for me and I would be able to access programmatically?
c# visual-studio
docs.microsoft.com/en-us/dotnet/api/…
– mxmissile
Nov 8 at 18:45
1
What application you want to use?
– Llazar
Nov 8 at 18:45
1
The application config file? It supports encrypted sections.
– Amy
Nov 8 at 18:48
Nothing that is stored inside the application is safe, even if it's encrypted. Since the program has to decrypt it, anyone who is interested can also do so to obtain the initial information
– Biesi Grr
Nov 8 at 18:54
I assume when you ask "is there a file" you mean some .NET facilities for storing credential information.
– ATL_DEV
Nov 8 at 19:03
|
show 2 more comments
up vote
0
down vote
favorite
up vote
0
down vote
favorite
According to microsoft Do not use resource files to store passwords, security-sensitive information, or private data.
Is there a file that I can securely store passwords in? I am using a third party API that requires authentication through a email and password I have setup. I don't want to hardcode the values into the login function as that would be exposed if someone were de-compile the executable.
Is there a file I can write those details in, that C# projects would encrypt for me and I would be able to access programmatically?
c# visual-studio
According to microsoft Do not use resource files to store passwords, security-sensitive information, or private data.
Is there a file that I can securely store passwords in? I am using a third party API that requires authentication through a email and password I have setup. I don't want to hardcode the values into the login function as that would be exposed if someone were de-compile the executable.
Is there a file I can write those details in, that C# projects would encrypt for me and I would be able to access programmatically?
c# visual-studio
c# visual-studio
asked Nov 8 at 18:43
Omar Martinez
517417
517417
docs.microsoft.com/en-us/dotnet/api/…
– mxmissile
Nov 8 at 18:45
1
What application you want to use?
– Llazar
Nov 8 at 18:45
1
The application config file? It supports encrypted sections.
– Amy
Nov 8 at 18:48
Nothing that is stored inside the application is safe, even if it's encrypted. Since the program has to decrypt it, anyone who is interested can also do so to obtain the initial information
– Biesi Grr
Nov 8 at 18:54
I assume when you ask "is there a file" you mean some .NET facilities for storing credential information.
– ATL_DEV
Nov 8 at 19:03
|
show 2 more comments
docs.microsoft.com/en-us/dotnet/api/…
– mxmissile
Nov 8 at 18:45
1
What application you want to use?
– Llazar
Nov 8 at 18:45
1
The application config file? It supports encrypted sections.
– Amy
Nov 8 at 18:48
Nothing that is stored inside the application is safe, even if it's encrypted. Since the program has to decrypt it, anyone who is interested can also do so to obtain the initial information
– Biesi Grr
Nov 8 at 18:54
I assume when you ask "is there a file" you mean some .NET facilities for storing credential information.
– ATL_DEV
Nov 8 at 19:03
docs.microsoft.com/en-us/dotnet/api/…
– mxmissile
Nov 8 at 18:45
docs.microsoft.com/en-us/dotnet/api/…
– mxmissile
Nov 8 at 18:45
1
1
What application you want to use?
– Llazar
Nov 8 at 18:45
What application you want to use?
– Llazar
Nov 8 at 18:45
1
1
The application config file? It supports encrypted sections.
– Amy
Nov 8 at 18:48
The application config file? It supports encrypted sections.
– Amy
Nov 8 at 18:48
Nothing that is stored inside the application is safe, even if it's encrypted. Since the program has to decrypt it, anyone who is interested can also do so to obtain the initial information
– Biesi Grr
Nov 8 at 18:54
Nothing that is stored inside the application is safe, even if it's encrypted. Since the program has to decrypt it, anyone who is interested can also do so to obtain the initial information
– Biesi Grr
Nov 8 at 18:54
I assume when you ask "is there a file" you mean some .NET facilities for storing credential information.
– ATL_DEV
Nov 8 at 19:03
I assume when you ask "is there a file" you mean some .NET facilities for storing credential information.
– ATL_DEV
Nov 8 at 19:03
|
show 2 more comments
2 Answers
2
active
oldest
votes
up vote
1
down vote
accepted
You should never store any kind of credential information in a file. It's just as bad as storing them in a resource file. I suspect by file you mean a recommend storage for saving credentials. There's a Nuget library called Credential Management:
http://nuget.org/packages/CredentialManagement/
The library is just wrappers around Windows API calls for credential management. UWP applications SDK has the same library already built-in.
Here's some code on how to use the code
https://geoffhudik.com/tech/2017/09/14/console-app-credentials-and-the-windows-credential-manager/
add a comment |
up vote
1
down vote
I don't think you could embed such password to third party api directly into exe application or something that you give to users and feel safe. Even encrypted config file has to be decrypted at some point.
That said you generally create your own API on your own server and have middleware where you can have your secret keys only on your server. Because how are you going to change password if you need to change it? When you have your api middleware you can change that password and end users for your api will be able to login with whatever auth scheme you have for them. When this third party api will introduce breaking changes application that you deliver will break and you will have to update all installations, when you have middleware you can make fix in middle ware.
add a comment |
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
1
down vote
accepted
You should never store any kind of credential information in a file. It's just as bad as storing them in a resource file. I suspect by file you mean a recommend storage for saving credentials. There's a Nuget library called Credential Management:
http://nuget.org/packages/CredentialManagement/
The library is just wrappers around Windows API calls for credential management. UWP applications SDK has the same library already built-in.
Here's some code on how to use the code
https://geoffhudik.com/tech/2017/09/14/console-app-credentials-and-the-windows-credential-manager/
add a comment |
up vote
1
down vote
accepted
You should never store any kind of credential information in a file. It's just as bad as storing them in a resource file. I suspect by file you mean a recommend storage for saving credentials. There's a Nuget library called Credential Management:
http://nuget.org/packages/CredentialManagement/
The library is just wrappers around Windows API calls for credential management. UWP applications SDK has the same library already built-in.
Here's some code on how to use the code
https://geoffhudik.com/tech/2017/09/14/console-app-credentials-and-the-windows-credential-manager/
add a comment |
up vote
1
down vote
accepted
up vote
1
down vote
accepted
You should never store any kind of credential information in a file. It's just as bad as storing them in a resource file. I suspect by file you mean a recommend storage for saving credentials. There's a Nuget library called Credential Management:
http://nuget.org/packages/CredentialManagement/
The library is just wrappers around Windows API calls for credential management. UWP applications SDK has the same library already built-in.
Here's some code on how to use the code
https://geoffhudik.com/tech/2017/09/14/console-app-credentials-and-the-windows-credential-manager/
You should never store any kind of credential information in a file. It's just as bad as storing them in a resource file. I suspect by file you mean a recommend storage for saving credentials. There's a Nuget library called Credential Management:
http://nuget.org/packages/CredentialManagement/
The library is just wrappers around Windows API calls for credential management. UWP applications SDK has the same library already built-in.
Here's some code on how to use the code
https://geoffhudik.com/tech/2017/09/14/console-app-credentials-and-the-windows-credential-manager/
edited Nov 8 at 19:01
answered Nov 8 at 18:55
ATL_DEV
1,62742144
1,62742144
add a comment |
add a comment |
up vote
1
down vote
I don't think you could embed such password to third party api directly into exe application or something that you give to users and feel safe. Even encrypted config file has to be decrypted at some point.
That said you generally create your own API on your own server and have middleware where you can have your secret keys only on your server. Because how are you going to change password if you need to change it? When you have your api middleware you can change that password and end users for your api will be able to login with whatever auth scheme you have for them. When this third party api will introduce breaking changes application that you deliver will break and you will have to update all installations, when you have middleware you can make fix in middle ware.
add a comment |
up vote
1
down vote
I don't think you could embed such password to third party api directly into exe application or something that you give to users and feel safe. Even encrypted config file has to be decrypted at some point.
That said you generally create your own API on your own server and have middleware where you can have your secret keys only on your server. Because how are you going to change password if you need to change it? When you have your api middleware you can change that password and end users for your api will be able to login with whatever auth scheme you have for them. When this third party api will introduce breaking changes application that you deliver will break and you will have to update all installations, when you have middleware you can make fix in middle ware.
add a comment |
up vote
1
down vote
up vote
1
down vote
I don't think you could embed such password to third party api directly into exe application or something that you give to users and feel safe. Even encrypted config file has to be decrypted at some point.
That said you generally create your own API on your own server and have middleware where you can have your secret keys only on your server. Because how are you going to change password if you need to change it? When you have your api middleware you can change that password and end users for your api will be able to login with whatever auth scheme you have for them. When this third party api will introduce breaking changes application that you deliver will break and you will have to update all installations, when you have middleware you can make fix in middle ware.
I don't think you could embed such password to third party api directly into exe application or something that you give to users and feel safe. Even encrypted config file has to be decrypted at some point.
That said you generally create your own API on your own server and have middleware where you can have your secret keys only on your server. Because how are you going to change password if you need to change it? When you have your api middleware you can change that password and end users for your api will be able to login with whatever auth scheme you have for them. When this third party api will introduce breaking changes application that you deliver will break and you will have to update all installations, when you have middleware you can make fix in middle ware.
answered Nov 8 at 18:55
Mateusz
1,7091426
1,7091426
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53214209%2fis-there-a-file-that-stores-important-data-in-c-sharp-projects%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
docs.microsoft.com/en-us/dotnet/api/…
– mxmissile
Nov 8 at 18:45
1
What application you want to use?
– Llazar
Nov 8 at 18:45
1
The application config file? It supports encrypted sections.
– Amy
Nov 8 at 18:48
Nothing that is stored inside the application is safe, even if it's encrypted. Since the program has to decrypt it, anyone who is interested can also do so to obtain the initial information
– Biesi Grr
Nov 8 at 18:54
I assume when you ask "is there a file" you mean some .NET facilities for storing credential information.
– ATL_DEV
Nov 8 at 19:03