Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Safe storing of auth token using .NET

I'm currently working on desktop application which calls third party API. After authorizing against their "web service", a kind of user token is returned which should be stored locally (even if user closes application).

So I'm looking for solution to encrypt this token with user specific key. Does Windows (and .NET) provide some standard way for doing this? All I want is protect token from other users of same computer.

P.S. I can't store hash, as I need to decrypt this token at startup.

like image 729
PiRX Avatar asked Dec 15 '08 18:12

PiRX


2 Answers

Yeah. Windows does provide it. Check out DPAPI which can be accessed by .NET Framework's System.Security.Cryptography.ProtectedData class (available since v2.0) to securely store sensitive information.

like image 124
mmx Avatar answered Oct 19 '22 23:10

mmx


Yes, there are a number a built in functions for encryption in .NET, it all depends on exactly how you want to get it done.

Here is a good beginning article, that shows you some of the basic elements, classes, and methods of doing encryption in .NET

NOTE: all of the needed classes are in the System.Security.Cryptography namespace

like image 33
Mitchel Sellers Avatar answered Oct 19 '22 23:10

Mitchel Sellers