Menu
Is there is a best practices way to store credentials in a .NET Windows application, be it be a built in API or just a recommend encryption algorithm?
Along the same lines as Tortoise SVN, Spotify and Skype.
Edit: My intention is to use a web service that returns a token from it's authentication service. The other services then accept that token as a parameter. However, the token expires after 30 minutes so storing the token itself it pointless for this task.
576
It appears that using ProtectedData (which wraps the Windows Data Protection API) is my best bet, as it has the option to encrypt based on the currently logged in user.
byte[] dataToEncrypt = new byte[] { ... };
// entropy will be combined with current user credentials
byte[] additionalEntropy = new byte { 0x1, 0x2, 0x3, 0x4 };
byte[] encryptedData = ProtectedData.Protect(
dataToEncrypt, additionalEntropy, DataProtectionScope.CurrentUser);
byte[] decryptedData = ProtectedData.Unprotect(
encryptedData, additionalEntropy, DataProtectionScope.CurrentUser);
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With