Securing Configuration Data for Click-Once Apps RRS feed

  • Question

  • Hi,

    I have a Click-Once application that I'm supporting, and I was curious what the best practice is for securing sensitive information contained in the configuration file for that application.

    I've looking into encrypting the contents ahead of time, and decrypting them at runtime; but this requires that I include my decryption key in my assembly and it would be pretty trivial for someone to disassemble my application an retrieve the key.

    I've also looked into creating a custom installer for the application, and having that encrypt the relevant section of my config on installation using DPAPI but this seems a little hacky.

    This doesn't seem like it should be an unusual concern for click-once applications, does Microsoft have a recommended approach for securing this kind of data?

    Monday, March 25, 2019 9:32 PM