password protection

[cmrchs]

Hi,

when specifying NetWorkCredentials before accessing a WebService, how can I prevent having to hard-code the password ?

example :
// CMyCalculator represents the proxy
CMyCalculator calc = new CMyCalculator();
calc.Credentials = new NetworkCredential("user1", "mypwd");

How is this info sent over the wire anyway ? as plain text ???

if so, how can I hide that sensitive info ?

thanks
Chris


**********************************************************************
Sent via Fuzzy Software @ http://www.fuzzysoftware.com/
Comprehensive, categorised, searchable collection of links to ASP & ASP.NET resources...

 

[Richard Blewett [DevelopMentor]]

You could store the password encrypted in AppSettings in the config file or the registry. As far as the network transmission of the password goes, it will go in the clear. If you want to secure a webservice without using ws-security (for which you'll need the WSE2 toolkit) then you need to use SSL (HTTPS)

Regards

Richard Blewett - DevelopMentor
http://staff.develop.com/richardb/weblog

nntp://news.microsoft.com/microsoft.public.dotnet.languages.csharp/<[email protected]>

Hi,

when specifying NetWorkCredentials before accessing a WebService, how can I prevent having to hard-code the password ?

example :
// CMyCalculator represents the proxy
CMyCalculator calc = new CMyCalculator();
calc.Credentials = new NetworkCredential("user1", "mypwd");

How is this info sent over the wire anyway ? as plain text ???

if so, how can I hide that sensitive info ?

thanks
Chris


**********************************************************************
Sent via Fuzzy Software @ http://www.fuzzysoftware.com/
Comprehensive, categorised, searchable collection of links to ASP & ASP.NET resources...

---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.770 / Virus Database: 517 - Release Date: 27/09/2004



[microsoft.public.dotnet.languages.csharp]