I write test automation and scripts that require windows authentication to the domain to access.
I don't like keeping them in the app.config because they are available in plain text.
I don't like prompting for input because then it isn't automated anymore.
If I hard code them in the assembly they are visible from .Net Reflector and they get checked into source control when I commit the .cs files.
Is there a pattern / practice that makes it easy to use configured usernames and passwords without exposing them.
This also applies to web sites that have credentials to log in and databases the use either windows authentication or sql server authentication to connect.
Any advice would be greatly appreciated.
Couldn't you use DPAPI to protect it?
There's an interesting MSDN article @ http://msdn.microsoft.com/en-us/magazine/cc164054.aspx
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With