VSIX的凭据存储位置-Visual Studio 2017扩展 [英] Where to store credentials for VSIX - Visual Studio 2017 Extension
问题描述
上下文:
我正在编写Visual Studio 2017的VSIX扩展程序,该扩展程序需要连接到需要用户身份验证的REST API.
我决定使用VSPackage为我的扩展程序提供服务.
Context:
I'm writing VSIX Extension for Visual Studio 2017 which needs connection to REST API that requires user authentication.
I decide to use VSPackage to provide service for my extension.
为了能够连接和验证用户,我想将用户凭据存储在某个地方,它既可以是用户名和密码,也可以是OAuth令牌-没关系.
To be able to connect and authenticate users I would like to store somewhere user credentials, it could be either username and password or OAuth token - doesn't matter.
问题:
为VSIX存储凭据信息的最佳位置是什么?
要求:
- 凭据不应存储为纯文本
- 不应存储在文本文件中
- 应按用户存储
(我们可以拥有一个以上的Windows用户,一个Windows用户=一个VS用户) - 应该在所有正在运行的Visual Studio实例中提供
- 应与VS2017(15.0+)社区,专业版和企业版一起使用
- Credentials should not be stored as plain text
- Should not be stored in text file
- Should be stored per user
(We can have more then one windows user, One Windows User = One VS User) - Should be available in all running instances of Visual Studio
- Should work with VS2017 (15.0+) Community, Pro and Enterprise
就目前而言,我来看看 UserSettings 范围内的> WritableSettingsStore ,但是它以纯文本格式存储在注册表中,我不想实现我的最重要的是自己的安全性
As for now I've take a look at WritableSettingsStore in UserSettings scope in VS but it was stored in registry by plain text and I would not want to implement my own security on top of that
I've tried also to find more information about IVsCredentialStorageService but it is poorly documented and lack of information about how to use it properly and if it is per user or per system.
推荐答案
您可以使用Windows凭据存储,允许您以安全的方式为每个用户存储:
You can use the Windows Credentials Store, allows you to store in a secure manner per user: https://www.nuget.org/packages/CredentialManagement/
这篇关于VSIX的凭据存储位置-Visual Studio 2017扩展的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
