locked
Passing UserName and password securely in MSBUILD script RRS feed

  • Question

  • Hi,

    I'm new to MSBUILD and I have a task as follow. In my script I have to install .msi file in a remote machine which requires username and password. What is the best way to provide the username and password for the script but not as a plain text (i.e. encrypted).
    I appreciate any help,
    Thanks.
    Thursday, January 28, 2010 11:34 PM

Answers

  • Please be careful in doing this. Obviously if your MSBuild script can access a username and password, then it may be possible for an intruder to use this to gain further access into the system.

    Make sure that you are using Microsoft Supplied algorithms for encryption, that have been tested and known to work. Creating your own encryption may leave a hole a hacker could use to access the information. Additionally, the algorithm used should be strong enough to keep hackers from using simple techniques to decrypt the information.

    There is a built in encryption mechanism that allows you to store security information for a given user. That is, that user can, without a password, decrypt the information based on their user token. Using this, you can setup a user account that has no other permissions and using that user account store information for that user which includes the username/password required for the setup program. You MSBuild task, which must be run as this user (using the RunAs command), will allow you to run the script, and supply the username/password for the user you created (as required by RunAs), and then decrypt the username/password of the installer.

    Or, you can simply supply the username and password on the command line to MSBuild as properties. If you don't specify these parameters, the task would fail. The command line would look something like:

       msbuild myproject.proj /T:Install /P:Username=myuser;Password=mypassword

    This command runs the "Install" target in the "myproject.proj" project, passing in the parameters Username with a value "myuser" and Password with a value "mypassword". In your script, you can then access these properties through the $(Username) and $(Password) properties.

    Whichever method you picked, you would need to be careful not to log the username or password (encrypted data) in a decrypted format during the build. Also, if you don't use C# SecureString (or you choose the method of passing the arguments as shown above) the data would be visible to other processes, such as debuggers, that could be running on your system.

    Writing secure code that accesses encrypted data can be tricky, and is definitely not for the beginner. I suggest reading the book "Writing Secure Code" for more information. This book is required reading at Microsoft.

    Hope this helps...

    Chuck England
    Visual Studio Platform
    Program Manager - MSBuild


    Chuck England Visual Studio Platform Program Manager – MSBuild
    • Proposed as answer by Mike Fourie [MVP] Thursday, February 4, 2010 1:55 PM
    • Marked as answer by Nancy Shao Friday, February 5, 2010 3:42 AM
    Wednesday, February 3, 2010 5:49 PM

All replies

  • You will have to implement a custom task to do this i suspect. Where exactly in the process is the username/pwd required? to lauch the msi or during its installation? does the msi just call into msbuild scripts?

    Mike
    Visual Studio ALM MVP
    My Blog | MSBuild Extension Pack | MSBuild Explorer
    Thursday, January 28, 2010 11:55 PM
  • Hi Mike,

    The password is required during the installation. MSBUILD script will install .msi file on a remote machine and needs the username and password. I'd like to know what is the best practical way to hide the information (i.e. username & password). I have wrote a custom C# program to encrypt the user credetial but yet I have to pass the key (in plain text) to the custom task from the script. Is there any way that I can hide all the information in my script?
    Sunday, January 31, 2010 9:50 PM
  • Please be careful in doing this. Obviously if your MSBuild script can access a username and password, then it may be possible for an intruder to use this to gain further access into the system.

    Make sure that you are using Microsoft Supplied algorithms for encryption, that have been tested and known to work. Creating your own encryption may leave a hole a hacker could use to access the information. Additionally, the algorithm used should be strong enough to keep hackers from using simple techniques to decrypt the information.

    There is a built in encryption mechanism that allows you to store security information for a given user. That is, that user can, without a password, decrypt the information based on their user token. Using this, you can setup a user account that has no other permissions and using that user account store information for that user which includes the username/password required for the setup program. You MSBuild task, which must be run as this user (using the RunAs command), will allow you to run the script, and supply the username/password for the user you created (as required by RunAs), and then decrypt the username/password of the installer.

    Or, you can simply supply the username and password on the command line to MSBuild as properties. If you don't specify these parameters, the task would fail. The command line would look something like:

       msbuild myproject.proj /T:Install /P:Username=myuser;Password=mypassword

    This command runs the "Install" target in the "myproject.proj" project, passing in the parameters Username with a value "myuser" and Password with a value "mypassword". In your script, you can then access these properties through the $(Username) and $(Password) properties.

    Whichever method you picked, you would need to be careful not to log the username or password (encrypted data) in a decrypted format during the build. Also, if you don't use C# SecureString (or you choose the method of passing the arguments as shown above) the data would be visible to other processes, such as debuggers, that could be running on your system.

    Writing secure code that accesses encrypted data can be tricky, and is definitely not for the beginner. I suggest reading the book "Writing Secure Code" for more information. This book is required reading at Microsoft.

    Hope this helps...

    Chuck England
    Visual Studio Platform
    Program Manager - MSBuild


    Chuck England Visual Studio Platform Program Manager – MSBuild
    • Proposed as answer by Mike Fourie [MVP] Thursday, February 4, 2010 1:55 PM
    • Marked as answer by Nancy Shao Friday, February 5, 2010 3:42 AM
    Wednesday, February 3, 2010 5:49 PM