.net - Securely Storing A Password Locally That Is Used For Web Service?
Apr 27, 2011
I have an application that authenticates against a third party web service by sending a username and password. At the moment I'm typing the password on a winform each time I start the application - but I need it to login automatically.
I'd like to store the username/password somewhat more securely than
Dim username as String = "username"
Dim password as String = "password"
I understand that I probably won't stop a determined hacker with access to my source code, but storing them as plaintext feels wrong. I've found some similar questions on here but none that provide me with an answer I can use.
Edit: The web service isn't mine, it's an API that requires me to login to use.
I am creating a VB.NET application for a Calculus class as a little side-project. It requires user profiles that are saved locally in the program's main files. I am using 2 separate classes to access the user profiles right now.
The first class is called Config and it is used to manipulate the basic config file which contains lesson document paths, settings, and user profile names.
The second class is called User and it is used to load up user profiles from a profile directory where user data is saved in separate text files.
The Config class retrieves the user names, and user profile text file paths. This text file path is then handed off to a User object that can then load up and interpret the file.
how should I format the config file and user files so they are secure enough that someone can not easily retrieve or manipulate data?
Here is a sample of how I am reading the text files:
Dim userList() As String = {Nothing} If My.Computer.FileSystem.FileExists(configPath + "config.cfg") Then Using MyReader As New Microsoft.VisualBasic.FileIO.TextFieldParser(configPath + "config.cfg")
[Code]....
The problem isn't reading the text file, I am just not sure how to make it secure. I was thinking about first parsing the entire file to translate it from 'encrypted' to text, and then save it as a temporary file which I would pass off to the above code, then delete the file immediately afterward. As for 'encrypting' (is that the right word for this?) the file, I could maybe bit-shift each character using a key that I would save at the beginning of the file.
I'm having to store a user account locally on a machine, what would be the best method to store this? (Needs to be reversable encryption rather than hash)I'm accessing a UNC share as mentioned here: url...Can anyone suggest a better method or changes to the above to secure the credentials as much as possible?
I am working on a .NET Windows Service where I am trying to store settings that will be used when the service is started and while it is running. I have searched through posts on SO and found that using the Settings in the properties of the project is great for use with console and winforms applications. However, Google and SO are silent when it pertains to storing these settings with a windows service.
I obfuscate exe using Eazfuscator.For two times someone deleted all files from ftp account,I suppose he got the ftp password,is it possible to got it from my app exe ?Is it enough protected ?
I have this string mainString="/MyApp/ViewPage.aspx?userId=admin&password=1&id=975"
I am getting value in mainString using this code Dim mainString As String = Request.QueryString("dest")
And I have two sting variables 1)strTempUsername 2)strTempPassword In these variables I want to store userId and password values from mainString.
So for this requirement how I write logic in code Dim arrArray() As String '/MyApp/ViewPage.aspx?userId=admin&password=1&id=975" strIndexq = mainString.IndexOf("?") ' Check QuestionMark Exist or not in mainString If strIndexq > 0 Then Dim strTemp As String [Code] .....
Here I am getting userId and password but in this code I will get problem when after ? if userId and password starts wit capital letters and password maybe contain characters like "1&a"
And after getting userid and password. I want to remove userid and password from mainstring. So I want mainstring look like: "/MyApp/ViewPage.aspx?id=975"
Does anyone know how to store the connection string in a file rather than hard coding it in the application. For example i have declared this connection string in the form to connect to oracle database and it works. But i assume this is not the right way to go by if one is looking for more secured environment.
I am trying to figure out a way to change the SQLSERVERAGENT service Logon password with one of my VB2008 applications. I can't seem to find any place in the registry were the password is stored and can find any solution other than manually going into the service and changing it myself.
I'm writing a windows service in VB.Net and set the service process installer's "Account" property set to "User". So when I tried to install the utility using INSTALLUTIL.EXE it is prompting to enter the user id and password. So I wanted to suppress this "Set Service Logon" so added below code to ProjectInstaller.vb and I was able to do what ever I want: [code]
I need to query a web service that basic authentication, putting the username and password in the request header. My client is written in VB.NET Visual Basic Express Edition 2010. I've added the web service to the Service References. It has auto-generated the appropriate classes for me. [code]...
I'm using VB.Net's RijndaelManaged (RM) to encrypt files, using the RM.GenerateKey and RM.GenerateIV methods to generate the Key and IV and encrypting the file using the CryptoStream class. I'm planning on saving this Key and IV to a file and want to make sure I'm doing it the right way. I am combining the IV+Key, and encrypting that with my RSA Public key and writing it out to a file. Then, to decrypt I use the RSA Private key on this file to get the IV+Key, split them up and set RM.Key and RM.IV to these values and run the decryptor.
Is this the best method to accomplish this, or is there a preferred method for saving the IV & Key?
I have a vb.net application that uses my gmail smtp server settings and my password to send me the users feedback through the email, (I don't want to show my email to the users)
The problem is I want to store these data securely in the vb.net application so that It's hard for any hackers/crackers through (reverse engineering or programs like cheat engine) to get my gmail account data.
I need to know what is the common way to store a SQL server connection string for an application in VB.NET.How do I read app.config values How to do it in ASP How do I store a connectionstring (unencrypted thus unsafe)It's quite frustrating not to find a decent and full answer on how to store a connection string in VB.NET in app.config (or settings.settings if it's better) safely. At the moment it's hardcoded and so it is immobile and in plain text.
Design a form, which contain a TEXTBOX control that accept a UserID input, with a CommandButton control to perform a validation based on the criteria listed below. Display a Message on whether the UserID is Valid.
Criteria:
The UserID must contains SIX digits follow by a single character, limit the entry to a maximum of seven characters only.
The postfix character of the UserID is derived from the summation of all the six digits divided by seven and using the remain as followed:
i have a Windows service that is hosting a WCF service through net.tcp and this is working great. I have also created a WCF service application. I am trying to add the net.tcp service reference to the service application. Then I add it to the GAC that goes ok but if I try to RegAsm the WCF service application to allow it to be called from Server.CreateObject I get the error:
Warning: Type library exporter encountered a type that derives from a generic class and is not marked as [ClassInterface(ClassInterfaceType.None)]. Class interfaces cannot be exposed for such types. Consider marking the type with [ClassInterface(ClassInterfaceType.None)] and exposing an explicit interface as the default interface to COM using the ComDefaultInterface attribute.
It does not work. I have tried to call it through a class library but this does not work either as the end point is not set correctly.
Question: When you have a .NET GUID for inserting in a database, it's structure is like this:
60 bits of timestamp, 48 bits of computer identifier, 14 bits of uniquifier, and 6 bits are fixed,
128 bits total Now I have problem with a GUID, because it's a 128 bit number, and some of the DBs I'm using only support 64 bit numbers. Now I don't want to solve the dilemma by using an autoincrement bigint value, since I want to be able to do offline replication.
Well whenever I reference a file I have been doing so using the full C://location/here kinda way, but my next program will be on CD so I need to figure a way to locate files that will be on the CD drive.In other languages I have used, %A_ScriptDir% and then go from there, is there something similar in vb?
I a function belows which is being used to preview an image but that involves saving the image locally in my drive. I am using this feature in an data entry form which means if the user discards the form, I have to delete the image which I feel is not efficient. How can I go about previewing the image and only save it locally if the user saves the form.
Protected Sub save_btn_Click(ByVal sender As Object, ByVal e As EventArgs) Handles btn_Save.Click If uifuVouTypeUploadfile.PostedFile IsNot Nothing Then
I created a program in MS Visual Web Developer 2010. It has a form that simply launches a script that manipulates a database. The project lives in several files and they are all inherited so they see each other and it accesses a MSSQL Express DB on one of our servers.
When I F5-Run the project locally on my PC it works fabulously. When I copy it to a web-enabled (application) folder on the server it executes but almost my very first line of code fails with this error[code]...
I'm looking for the best way to locally save settings to an application.I want the settings to "attach" themselves to the executable of the application so that I can send the application to another PC and still have the settings.The purpose of this is for a server that is going to issue an executable to anyone who requests it, the server sends an executable with the callback settings hardcoded into the application (for example IP, port and other settings) so that the application can connect to the server.I can't hardcode the settings in the source code because the application is going to be issued by different servers which of course, will need a different connection setting.I also don't want the settings to be stored on a file or any other "external" resource since then, the settings could be changed which could open security holes to exploit the application.So what I want to do: I want an executable to have some settings attached which will be set by another application. How can I set the settings of one application with another? And how can I efficiently save the settings internally on an application and then copy the file to another PC while still having the settings?
I have a VB2008 application which can control a windows service i.e. start, stop, pause etc. This runs ok on a Windows XP machine but not on a Win 7 machine (message is - Service error cannot open <service name> service on computer '.') ( if I stop the UAC then it runs ok ). It seems to be a rights issue,
I have an application that runs just fine if I execute it from a local drive, however when I deploy the files to a network location and run the file I get a "Common Language Runtime Debugging Serivces - Application has generated an exception that could not be handled process id bla bla bla, OK to terminate, Cancel to debug"
My desktop application is developed in VB.Net and can be run through two types of users, one who install it on their local machine and execute locally.
Second type of users will run the application remotely from the server.i.e. Application will install on the server and user will execute that application from client side. Server can be a Citrix Meta Frame or any server accessed through Remote Desktop Connection. I want to maintain single exe for both types of users.
Is there any mechanism/way through which I can come to know programmatically whether application is running locally or remotely?
I have two main troubles. The most important is the telnet one. I have another program which sends data via telnet locally on the PC. It requires a login and optional pass. I can connect and draw data which comes in 77 byte packets.
The problem is, the first packet of data doesn't display until the 2nd one comes in, which for this arrangement could 10s or 24 hours depending on the final user's intended use. This staggered data rx continues until termination of the program. I've used tcpClient.Available() to confirm that my app is seeing the data almost the instant it leaves the other program but for some reason the message isn't passed until the 2nd packet arrives. I'm sure I've probably implemented this in a most cumbersome way so any streamlining.
The second issue (which is contributing in part to the first) is the timer which here uses a freeby snip from a forum somewhere - it screws with the app's menu's controls and program flow. I've tried the VB2008 timer but can't seem to make sense of the best way to use it in this context. I think I've been looking at the screen too long and can't see the obvious.
My desktop application is developed in VB.Net and can be run through two types of users, one who install it on their local machine and execute locally.
Second type of users will run the application remotely from the server.i.e. Application will install on the server and user will execute that application from client side. Server can be a Citrix Meta Frame or any server accessed through Remote Desktop Connection.
I want to maintain single exe for both types of users.
Question:
Is there any mechanism/way through which I can come to know programmatically whether application is running locally or remotely?