Storing Credentials in Application

[Guest]

I would like to know the best way to store credentials in a c# application.
I am writing some administrative tools and will need to store username and
password information for a domain account with elevated privileges. While I
am sure this is not a "best practice" I have not come up with a way around
this as not all users of the app will have the permissions on their accounts.
Any advice on is most appreciated.

Thanks

 

[Jeffrey Tan[MSFT]]

Hi Adam,

There are a lot of discussion on the best practise of storing password
securely. Basically, you may use Data Protection API such as
CryptProtectMemory and CryptProtectData to encapsulate the clear text
password, .Net also provided some encryption classes for this purpose. I
would recommend the articles below for you:
"How To Store Secrets On A Machine "
http://pluralsight.com/wiki/default.aspx/Keith.GuideBook.HowToStoreSecretsOn
AMachine
"The Art & Science of Storing Passwords"
http://www.codeproject.com/cs/algorithms/StoringPasswords.asp
"Secure Coding Technique: A Better C# Password Dialog Box"
http://www.codeproject.com/csharp/passworddialog.asp

Additionally, MSDN contains 2 best practise articles on handling password
in Win32, for your information:
"Password Threat Assessment"
http://msdn2.microsoft.com/en-us/library/ms717800.aspx
"Threat Mitigation Techniques"
http://msdn2.microsoft.com/en-us/library/ms717803.aspx

Hope it helps.

Best regards,
Jeffrey Tan
Microsoft Online Community Support
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Nicholas Paldino [.NET/C# MVP]]

Adam,

Quite simply, don't do it. You are asking for a world of hurt if you
do. Also, to be quite honest, I'm horrified that an MS employee would
advocate such a thing.

If anything, you should query for a user account/password combo and then
use the LoginUser API (or is it Logon) to log that user in, and then
impersonate that user.

 

[Jeffrey Tan[MSFT]]

Hi Nicholas,

I am not advocating storing password in application memory. As Adam already
pointed out himself, he knows that this is not a "best practice". However,
there will be scenario that the application really needs to store password.
Per the request of the poster, I am providing the best practise articles of
dealing with password.

Thanks.

Best regards,
Jeffrey Tan
Microsoft Online Community Support
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Christof Nordiek]

Adam,

Quite simply, don't do it. You are asking for a world of hurt if you
do. Also, to be quite honest, I'm horrified that an MS employee would
advocate such a thing.

If anything, you should query for a user account/password combo and
then use the LoginUser API (or is it Logon) to log that user in, and then
impersonate that user.

The scenario of the OP seems to be, that the user shouldn't know the login.
from OP: "not all users of the app will have the permissions on their
accounts."

Christof

 

[Paul Hadfield]

If it is a network application, could you not centralise the
"Administrative" tools in an internal web service or installed component?
Then there is no need to store the password as the centralised component
would be installed to run under the correct credentials.

 

[Guest]

Nick,

Your recommendation would be to store the username and password in a
database? I guess I am trying to figure out how that is going to help me out
in this scenario. Can you offer any additional info?

Thanks

--
Adam S

Adam,

Quite simply, don't do it. You are asking for a world of hurt if you
do. Also, to be quite honest, I'm horrified that an MS employee would
advocate such a thing.

If anything, you should query for a user account/password combo and then
use the LoginUser API (or is it Logon) to log that user in, and then
impersonate that user.


--
- Nicholas Paldino [.NET/C# MVP]
- (e-mail address removed)

I would like to know the best way to store credentials in a c# application.
I am writing some administrative tools and will need to store username and
password information for a domain account with elevated privileges. While
I
am sure this is not a "best practice" I have not come up with a way around
this as not all users of the app will have the permissions on their
accounts.
Any advice on is most appreciated.

Thanks

 

[Nicholas Paldino [.NET/C# MVP]]

I get that, but I can't even begin to tell you what a monumentally bad
idea that is. If a user doesn't have permission to perform an action, there
is a very good reason for it, and if they need to perform an action, they
should know the credentials of an account which can perform it, or they
should be given rights to do it.

 

[Nicholas Paldino [.NET/C# MVP]]

No, I'm saying that you really should get your permissions set up
correctly and not embed username and password information in your app. The
fact of the matter is that if you embed this information in your app, then
the likelihood of that information being extracted and users increases.
Better that you don't give them that opportunity.


--
- Nicholas Paldino [.NET/C# MVP]
- (e-mail address removed)

Nick,

Your recommendation would be to store the username and password in a
database? I guess I am trying to figure out how that is going to help me
out
in this scenario. Can you offer any additional info?

Thanks

--
Adam S

Adam,

Quite simply, don't do it. You are asking for a world of hurt if you
do. Also, to be quite honest, I'm horrified that an MS employee would
advocate such a thing.

If anything, you should query for a user account/password combo and
then
use the LoginUser API (or is it Logon) to log that user in, and then
impersonate that user.


--
- Nicholas Paldino [.NET/C# MVP]
- (e-mail address removed)

I would like to know the best way to store credentials in a c#
application.
I am writing some administrative tools and will need to store username
and
password information for a domain account with elevated privileges.
While
I
am sure this is not a "best practice" I have not come up with a way
around
this as not all users of the app will have the permissions on their
accounts.
Any advice on is most appreciated.

Thanks

 

[Christof Nordiek]

I get that, but I can't even begin to tell you what a monumentally bad
idea that is. If a user doesn't have permission to perform an action,
there is a very good reason for it, and if they need to perform an action,
they should know the credentials of an account which can perform it, or
they should be given rights to do it.

But when I start a service, the service may run under a service account and
may have permissions that the I don't have.

Another example would be a server application like a web application on ISS.
The web application can, on behalf of the user, can do things, the user
wouldn't be able directly.

Maybe this is a solution for the OP also: Make a Webservice or a
WindowsService and then configure it, to use an account with the aproppriate
permissions.

BTW How does the Service Console store credentials?

Christof

 

[Nicholas Paldino [.NET/C# MVP]]

Right, but those programs are running under a set of user credentials,
the credentials are not embedded anywhere in those apps. This user is
suggesting embedding the credentials in his application somehow.

 

[Christof Nordiek]

Right, but those programs are running under a set of user credentials,
the credentials are not embedded anywhere in those apps. This user is
suggesting embedding the credentials in his application somehow.

I suppose he only wants a the programm to use credentials, not given to him
by the user.
Surely someone has to provide the credentials, (or the programm has to be
the system itself). ;-)
But this could be done by an administrator e.g. while installation, or it
could be done "by the programmer", so that the credentials are really stored
inside the app (in its binaries). The last surely is best practice, as the
OP itself says.

Christof

 

[Moty Michaely]

Hi,

I would agree with Nich. It's a bad idea!

But, I my self had to use crypto providers to store SQL server
credentials (I used ProtectSection of configuration manager) in cases
Windows NT authentication can't be used.

Anyhow, I think it's a bad idea and if you can, don't do it! =)

Moty

 

[Jeffrey Tan[MSFT]]

Hi Adam,

How about this issue now? Do all the replies make sense to you? If you
still need any help or have any concern, please feel free to feedback,
thanks.

Best regards,
Jeffrey Tan
Microsoft Online Community Support
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.