在应用程序中存储凭据 [英] Storing Credentials in Application
本文介绍了在应用程序中存储凭据的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我想知道在ac#应用程序中存储凭据的最佳方法。
我正在编写一些管理工具,需要存储用户名和
密码信息对于具有提升权限的域帐户。虽然我确定这不是最佳做法。我没有想出一个方法来支付这个,因为并非该应用的所有用户都拥有他们帐户的权限。
任何建议都是最受欢迎的。
谢谢
-
Adam S
解决方案
嗨Adam,
关于存储密码
的最佳实践有很多讨论。基本上,您可以使用Data Protection API(如
CryptProtectMemory和CryptProtectData)来封装明文
密码,.Net还为此提供了一些加密类。我将为您推荐以下文章:
如何在机器上存储秘密
http://pluralsight.com/wiki/default....StoreSecretsOn
AMachine
The Art&存储密码科学
http://www.codeproject .com / cs / algori ... gPasswords.asp
安全编码技术:更好的C#密码对话框
http://www.codeproject.com/csharp/passworddialog.asp
此外,MSDN包含2篇关于在Win32中处理密码
的最佳实践文章,供您参考:
密码威胁评估
http://msdn2.microsoft.com/en-us/library/ ms717800.aspx
威胁缓解技术
http://msdn2.microsoft.com/en-us/library/ms717803.aspx
希望它有所帮助。
祝你好运,
Jeffrey Tan
Microsoft Online Community支持
========================================= =========
通过电子邮件收到我的帖子通知?请参阅
http://msdn.microsoft .com / subscripti ... ult.aspx#notif
ications。
注意:MSDN托管新闻组支持服务是针对非紧急问题
如果社区或微软支持人员在1个工作日内做出初步回复是可以接受的。请注意,每个跟随
的响应可能需要大约2个工作日作为支持
专业人士与您合作可能需要进一步调查才能达到
最有效的分辨率。该产品不适用于需要紧急,实时或基于电话的交互或复杂的b $ b项目分析和转储分析问题的情况。这种性质的问题最好通过联系
Microsoft客户支持服务(CSS)处理
href =http://msdn.microsoft.com/subscriptions/support/default.aspx\"target =_ blank> http://msdn.microsoft.com/subscripti...t/default.aspx 。
======================================== ==========
此帖子按原样提供。没有保证,也没有授予任何权利。
Adam,
很简单,不做它。如果你是b $ b那么你要求一个受伤的世界。另外,老实说,我很害怕MS员工会为b $ b b提倡这样的事情。
如果有的话,你应该查询一下用户帐号/密码组合,然后
使用LoginUser API(或登录)将该用户登录,然后
冒充该用户。
-
- Nicholas Paldino [.NET / C#MVP]
- mv*@spam.guard.caspershouse.com
" Adam S" < Adam S@community.nosp 在帖子中写道
news:71 ********** ************************ @ microsof t.com ...
>我想知道在ac#应用程序中存储凭据的最佳方法。
我正在编写一些管理工具,需要存储用户名和
域名的密码信息提升权限的帐户。
我
我相信这不是一个最佳实践。我没有拿出一个方法来支付这个因为并非该应用的所有用户都拥有他们的
账户的权限。
任何最值得赞赏的建议。
谢谢
-
Adam S
您好Nicholas,
我不主张在应用程序内存中存储密码。由于亚当已经指出了自己,他知道这不是一个最佳实践。但是,
会有应用程序确实需要存储密码的情况。
根据海报的要求,我提供的最佳实践文章
处理密码。
谢谢。
祝你好运,
Jeffrey Tan
Microsoft在线社区支持
================================= =================
通过电子邮件收到我的帖子通知?请参阅
http://msdn.microsoft .com / subscripti ... ult.aspx#notif
ications。
注意:MSDN托管新闻组支持服务是针对非紧急问题
如果社区或微软支持人员在1个工作日内做出初步回复是可以接受的。请注意,每个跟随
的响应可能需要大约2个工作日作为支持
专业人士与您合作可能需要进一步调查才能达到
最有效的分辨率。该产品不适用于需要紧急,实时或基于电话的交互或复杂的b $ b项目分析和转储分析问题的情况。这种性质的问题最好通过联系
Microsoft客户支持服务(CSS)处理
href =http://msdn.microsoft.com/subscriptions/support/default.aspx\"target =_ blank> http://msdn.microsoft.com/subscripti...t/default.aspx 。
======================================== ==========
此帖子按原样提供。没有保证,也没有授予任何权利。
I would like to know the best way to store credentials in a c# application.
I am writing some administrative tools and will need to store username and
password information for a domain account with elevated privileges. While I
am sure this is not a "best practice" I have not come up with a way around
this as not all users of the app will have the permissions on their accounts.
Any advice on is most appreciated.
Thanks
--
Adam S
解决方案
Hi Adam,
There are a lot of discussion on the best practise of storing password
securely. Basically, you may use Data Protection API such as
CryptProtectMemory and CryptProtectData to encapsulate the clear text
password, .Net also provided some encryption classes for this purpose. I
would recommend the articles below for you:
"How To Store Secrets On A Machine "
http://pluralsight.com/wiki/default....StoreSecretsOn
AMachine
"The Art & Science of Storing Passwords"
http://www.codeproject.com/cs/algori...gPasswords.asp
"Secure Coding Technique: A Better C# Password Dialog Box"
http://www.codeproject.com/csharp/passworddialog.asp
Additionally, MSDN contains 2 best practise articles on handling password
in Win32, for your information:
"Password Threat Assessment"
http://msdn2.microsoft.com/en-us/library/ms717800.aspx
"Threat Mitigation Techniques"
http://msdn2.microsoft.com/en-us/library/ms717803.aspx
Hope it helps.
Best regards,
Jeffrey Tan
Microsoft Online Community Support
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.
Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscripti...t/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
Adam,
Quite simply, don''t do it. You are asking for a world of hurt if you
do. Also, to be quite honest, I''m horrified that an MS employee would
advocate such a thing.
If anything, you should query for a user account/password combo and then
use the LoginUser API (or is it Logon) to log that user in, and then
impersonate that user.
--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com
"Adam S" <Adam S@community.nospamwrote in message
news:71**********************************@microsof t.com...>I would like to know the best way to store credentials in a c# application.
I am writing some administrative tools and will need to store username and
password information for a domain account with elevated privileges. While
I
am sure this is not a "best practice" I have not come up with a way around
this as not all users of the app will have the permissions on their
accounts.
Any advice on is most appreciated.
Thanks
--
Adam S
Hi Nicholas,
I am not advocating storing password in application memory. As Adam already
pointed out himself, he knows that this is not a "best practice". However,
there will be scenario that the application really needs to store password.
Per the request of the poster, I am providing the best practise articles of
dealing with password.
Thanks.
Best regards,
Jeffrey Tan
Microsoft Online Community Support
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.
Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscripti...t/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
这篇关于在应用程序中存储凭据的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
