stackoom
  简体   繁体   中英

How to save an email/password combination for windows program?

 原文  2019-01-02 01:28:38       c#/ windows/ password-encryption

Question

I am creating a windows service that has to send an email out at specific intervals to various people. I am using an account on a server that I need to connect with securely.

I found this reference: https://nimblegecko.com/how-to-store-login-details-securely-in-application-config-file/ the code I was trying to implement is this: 

var configuration = ConfigurationManager.OpenExeConfiguration(Assembly.GetExecutingAssembly().Location);

configuration.AppSettings.Settings["username"].Value = EncryptString("new username", configPassword);
configuration.AppSettings.Settings["password"].Value = EncryptString("new password", configPassword);
configuration.Save();

My question is encoding the username and password as fixed text still seems to result in the same exposure as hard-coding it right?

any help would greatly be appreciated?

3 answers

solution1
 3 ACCPTED  2019-01-02 04:43:43

Uhm... Don't store in AppConfig settings.

If you cannot use a database for that (storing hashed and encrypted strings) get a new file for that, you can even protect it to allow only the service user account to read/modify it, or store it on the service profile directory (its user account profile directory)

I would do it using an ini file structure more easy to read than an xml, where each line contains something like 

var mergedCredential = string.Format("{0}|{1}", "user@here.com" , "P@ssw0rd");
User1HashedCredentials=EncryptString("new username", mergedCredential);

I used a pipe to "merge" the credential as you can prevent users to use it on username

When you decrypt you split by "|" 

var credentials = DecryptString("new username", User1HashedCredentials);
var splitted = credentials.Split('|');
Username = splitted[0]
Password = splitted[1]

An example of ini file:

[Users]

Count=5

[SendEmailSection]

User1=dsaa$#asdasd$#@rr==

User2=dggggjh7/sd$#@rr==

User3=dsaasd"/$%asdasd$#@rr==

User4=dsas/&"dasd$#@rr==

User5=dsAa&s3dasd$#@rr==

Which is easier to mantain and modify. You can even make your own specialized ini reader/writer Read sections, split by "="

solution2
 1  2019-01-02 04:55:08

I do not suggest to store credential in app.config file. if you are planned to store there then you should store with proper encryption and decryption.

for you info you can refer this link

But I would suggest you to use window credential manager to store your password for more details you can use their nuget package and their sample

Nuget

Another reference

Github

solution3
 0  2019-01-02 08:13:04

You can find it in your app's Preferences. Right click on your project. Select add. Add .settings form. Then crate a table which contains email, password etc.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to decompress zip with password in windows 8 metro program? How to authenticate the password in an email application built on windows forms? How to write a windows program that replaces password authentication on logon screen How to encrypt and save a password How to save a password properly How to save many username or password for login Application c# Windows Form LINQ extension method throwing error when I enter a email and password combination (System.InvalidOperarationException) How to save SQL server password Regex password validation combination how can i disable windows + d combination keys in windows forms
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM