I am trying to write an app, that will be scheduled to autodownload one page from a Sharepoint server every hour. It is an xml file. Everything works so far, except I do not like storing the password needed to connect to Sharepoint in plaintext in my app. Sample code here:
WebClient client = new WebClient();
String username = "myusername";
String password = "mypassword"
String filename = "C:\\Temp\\" + DateTime.Now.ToString("yyyyMMddHHmmssffff") + ".xml";
client.Credentials = new System.Net.NetworkCredential(username, password);
string credentials = Convert.ToBase64String(Encoding.ASCII.GetBytes(username + ":" + password));
client.DownloadFile("myurl", filename);
Is there a way how to make it harder to read my password if someone got the executabe file from my server and disassembled it e.g. with Reflector?
I have found this:
How to store passwords in Winforms application? but I did not really figure out how to use it in my app.
In fact you'd better not use passwords. If the service runs under the right credentials, you can use that one by using the DefaultNetworkCredentials
:
So in your sample:
client.Credentials = CredentialCache.DefaultNetworkCredentials;
This will get you the credentials of the current network user, like DOMAIN\USER
.
If you must store the password with the app, put it in the config file and then encrypt the appropriate section(s) of that using Protected Configuration.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With