Where to Store Username and Password for a C# Program


(ivan.norin) #1

Where can I safely Store passwords and usernames for my C# program?

(Yassine) #2

Yes, that’s obviously one of the biggest concerns for .NET application programmers, simply for storage you can store your password and username within a local file at the installation directory, or “Local Data” directory. Or most useful way, is to store it within your config (settings) file in your visual studio project.
The big thing you should worry about is “Obfuscation” you will have to find out a way to obfuscate your password and username, such us encryption, and i believe that’s the question you should be asking mostly!

The simplest way to store passwords within a .NET application is to store them within the config (main settings file) as ConnectionString, this will make sure that are encrypted and cannot be retrieved by 3rd party. the main limitation in this one is that your passwords are not changeable at run-time.

In case you want the ability to change your passwords at run-time, in that case i would suggest that you store your password as a string entry in your settings file, and then upon storage encrypt the password string using some encryption method.

hope that helps @ivan.norin

(Daniel) #3

I remember working on a game as administrator/developer (a rank you should take lightly, I am by no means a professional developer, not even close) and I had md5 encryption on the character files (where passwords, usernames and every other variable about a player was stored) and I found out that it’s rather easy to crack. There are actually a ton of sites who offer the service.

What kind of encryption do you recommend, and can you tell me more about it? I’d like to learn from you.

(ivan.norin) #4

I think that the basic password encryption method is RSA.