locked
Securely Saving Auto Logon Password in .NET RRS feed

  • Question

  • I'm trying to securely store a password for autologon in Windows through .NET.  There are lots of examples out there about how to securely store the password in C++ or about how to *insecurely* store the password in .NET.  But I can't find any examples that do it securely in .NET.

    Here's the article that explains how to do this insecurely:
    http://msdn.microsoft.com/en-us/library/aa378750(v=VS.85).aspx

    And in it there's a link to how to do it securely using C++:
    http://msdn.microsoft.com/en-us/library/aa378826(v=VS.85).aspx

    I hope that the fact that this question land squarely between the Windows and .NET forums won't cause it to fall through the cracks... I really don't want to have to just write the plaintext password to the registry (insecure), which is my only alternative without some help...

    TIA.

     

    Thursday, October 28, 2010 2:36 PM

Answers

All replies

  • I'm trying to securely store a password for autologon in Windows through .NET.  There are lots of examples out there about how to securely store the password in C++ or about how to *insecurely* store the password in .NET.  But I can't find any examples that do it securely in .NET.

    Here's the article that explains how to do this insecurely:
    http://msdn.microsoft.com/en-us/library/aa378750(v=VS.85).aspx

    And in it there's a link to how to do it securely using C++:
    http://msdn.microsoft.com/en-us/library/aa378826(v=VS.85).aspx

    I hope that the fact that this question land squarely between the Windows and .NET forums won't cause it to fall through the cracks... I really don't want to have to just write the plaintext password to the registry (insecure), which is my only alternative without some help...

    TIA.

     


    Use SecureString and XML Serialization.
    The following thread includes the code and the answer for what you want to accomplish:
    http://social.msdn.microsoft.com/Forums/en-US/csharpgeneral/thread/d4557d9b-6e7d-4695-bfd0-a22a08e06160    

    Have a nice day…

    Best regards,
    Fisnik

    Coder24.com
    Thursday, October 28, 2010 5:50 PM
  • Hi Fisnik,

    I appreciate the help, but I'm not trying just to secure a string... I'm trying to provide Windows the secured format it expects for Auto Logon.  I don't believe you clicked on either of the links... please take a look at them and you'll see the C++ that I need to rewrite for .NET.

    I could have just stated the question as "I need to rewrite the exact code snippet in the 2nd link into a .NET language (C# or VB is fine)".  Maybe that's more clear?

    Thanks!

    Thursday, October 28, 2010 8:03 PM
  • An ingenious fellow answered my question on another forum: http://social.msdn.microsoft.com/Forums/en-US/clr/thread/57ee481d-0736-4f4a-acf0-5fd412067d20/

    Essentially the answer is to just PInvoke the LsaStorePrivateData function, for which he provided a link to sample code (thankfully!).

    • Marked as answer by PBarranis Monday, November 1, 2010 2:36 PM
    Monday, November 1, 2010 2:36 PM