对密码在注册表中和QUOT;秘密" [英] Keeping passwords in the registry as "secrets"
问题描述
我需要在一些地方保存我的用户名/密码(preferably注册表),所以我的.Net应用程序可以使用它们来登录到某些远程服务代表用户。我知道这是可能存储在注册表中的秘密,这意味着使用Windows域用户令牌或某事的加密值。换句话说,我不希望有处理加密自己。
I need to store my users' name/password somewhere (preferably the Registry) so my .Net application can use them to log in to some remote service on behalf of the user. I know it's possible to store values in the registry as "secrets", which means their encrypted using the Windows domain user token or something. In other words, I don't want to have to deal with the encryption myself.
要澄清:我不能存储密码的哈希值或盐他们或任何东西。这些凭证是一个第三方系统和仅办法让我能够登录到该系统上代表我的用户是勉强保持凭据并能恢复。
To clarify: I can't store hashes of the password or salt them or anything. These credentials are for a 3rd party system and the only way for me to be able to login to this system on behalf of my users is to somehow keep their credentials and be able to restore them.
所以无论如何,我依稀记得有一个在注册表中这样的地方,但细节模糊。而我需要做的是在C#中(不过,如果它是简单的注册表访问它不应该的问题)。
So anyway, I remember vaguely there's such a place in the registry, but the details are murky. And I need to do it in C# (though if it's simple registry access it shouldn't matter).
编辑:还有一件事,它应该Windows用户会话之间持续存在(IOW,如果用户后无法读取密码注销并没有帮助我)
One more thing, it should persist between Windows user sessions (IOW it doesn't help me if the password in unreadable after the user logs off and on).
推荐答案
您也许已经想到了数据保护的API。搜索MSDN或阅读一些博客,看看是否对,你会工作。
You're probably thinking of the Data Protection API. Search MSDN or read some blogs and see if that'll work for you.
这篇关于对密码在注册表中和QUOT;秘密"的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
