1

I've written a small library that fetches password protected data over a https link. This library works under the desktop on Windows 8.1, windows phone 8, and windows store 8.1. I now need to complete my test harness for it. This project will shortly appear on github.

In order to properly test this, I need a username/password. Since this is open source, I don't want to store my username/password up there (obviously). When running against desktop applications I tend to use the Windows supplied password store (Credential Manager control panel, stored under a generic credential. This works fine. The code scans the credential cache for whatever is needed, loads it, and runs the test.

But what about the tests for Windows Phone or Windows Store. How can I safely cache a username/password like this so that my code can still be public? I have starting thinking about having a special empty file that gets put into source control. The actual version of this file is looked for during the build process, and if it is found, it is copied over (and it is some sort of resource file) and then it has the username and password in it. Etc.

I am using VS2013 and MSTest for this project.

How have others solved this? Many thanks in advance!

Gordon
  • 3,012
  • 2
  • 26
  • 35

2 Answers2

2

For a couple of rest client libraries that I've got on GitHub and which require an API key, I've taken to just storing the credentials in a known location, outside of the source tree, but loaded by unit tests at runtime. This keeps it our of source control, allows others to supply their own key to run unit tests and is simple. This approach could be generalized for the unique storage requirements of the various platforms you mention but I've only needed it on straight windows.

example from a unit test project

EDIT Yes on store and phone apps you have limited access to the file system. You will need to use IsolatedStorage or treat the credentials as an embedded resource in your test assembly. I find the latter easier.

In order to keep your credentials out of GitHub you could add the credentials as an embedded resource file but then tell git to ignore it. Someone who downloaded your code wouldn't be able to build it until the provide said file but that is probably what you want anyways. A similar thing can be achieved with pre/post build events; copy the resource from a known location pre-build and then delete post build (make sure post build is set to always run).

dkackman
  • 15,179
  • 13
  • 69
  • 123
  • Thanks! This would work great on the desktop, but I'm not sure how to do it on WP8 - the tests run on the phone, which is in a VM, so I don't think there is any access. Also, it could be (??) on Windows Store apps that you don't have full access to the filesystem (I've not carefully researched that). – Gordon Dec 26 '13 at 05:46
0

You can use PasswordVault to store username & password for Windows Store apps (Windows 8.1). It can be seen control panel's credential manager.

Best practice for saving sensitive data in Windows 8

For WP8, there is no such thing, so it's better to store in isolated storage with some encryption.

Community
  • 1
  • 1
Farhan Ghumra
  • 15,180
  • 6
  • 50
  • 115
  • Thanks. I'll look into PasswordVault. For WP8, how can I store it in isolated storage - these are just test runs - so they are on my development computer, and they should run unattended... Do I need to run something special on WP8 once to add the password to the context of the isolated storage of my test guy? – Gordon Dec 26 '13 at 05:45