2

Does Microsoft or Windows provide a mechanism for access to a set of credentials, where I can't just store a salted version of the password; namely I need to have the password itself.

I have a webservice that responds to requests where if the user is authenticated and belongs to a distribution list, a job needs to start on a unix machine using a unix account. I'm using the fantastic ssh.net library to remote from the web service to the linux machine and start the required process but up to this point, I am storing the unix account password in the config file, in plain text (yikes)

What are my options here? I was thinking I could encrypt and decrypt the password, but the key would also be stored in the config file, so there is not much point.

Does windows have a key vault that can be accessed by a service account with proper rights? Are there other ways to authenticate against Linux that doesn't require a password?

Matt
  • 25,943
  • 66
  • 198
  • 303
  • As for authentication against Linux without a password, you could use certificates (public/private authentication key kind-of-thing). There's an overload for `SshClient` constructor that takes an instance of `PrivateKeyFile` instead of a password. You've got to do the key generation and installation though. – Cᴏʀʏ Jul 08 '14 at 22:44

1 Answers1

1

You can encrypt config sections of your configuration file. Check out this article:

http://msdn.microsoft.com/en-us/library/vstudio/zhhddkxy(v=vs.100).aspx

or this one

http://weblogs.asp.net/jongalloway/encrypting-passwords-in-a-net-app-config-file

or this one

http://www.codeproject.com/Articles/20398/Encrypt-and-Decrypt-ConnectionString-in-app-config

Darek
  • 4,687
  • 31
  • 47