Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Keeping passwords in the registry as "secrets"

I need to store my users' name/password somewhere (preferably the Registry) so my .Net application can use them to log in to some remote service on behalf of the user. I know it's possible to store values in the registry as "secrets", which means their encrypted using the Windows domain user token or something. In other words, I don't want to have to deal with the encryption myself.

To clarify: I can't store hashes of the password or salt them or anything. These credentials are for a 3rd party system and the only way for me to be able to login to this system on behalf of my users is to somehow keep their credentials and be able to restore them.

So anyway, I remember vaguely there's such a place in the registry, but the details are murky. And I need to do it in C# (though if it's simple registry access it shouldn't matter).

Edit: One more thing, it should persist between Windows user sessions (IOW it doesn't help me if the password in unreadable after the user logs off and on).

like image 717
Assaf Lavie Avatar asked Mar 17 '09 17:03

Assaf Lavie


1 Answers

You're probably thinking of the Data Protection API. Search MSDN or read some blogs and see if that'll work for you.

like image 146
overslacked Avatar answered Oct 05 '22 13:10

overslacked